For Developers/Glossary/System Prompt
Prompting

System Prompt

Instructions provided to an LLM at the start of a conversation that define its persona, behavior, response format, and constraints.

The system prompt is a set of instructions inserted before the conversation begins, visible to the model but often hidden from the end user. It defines who the model is, how it should behave, what format its responses should take, and what it should refuse.

What system prompts do

  • Persona: "You are a friendly customer support agent for Acme Corp."
  • Constraints: "Only answer questions about our product. Refuse unrelated requests politely."
  • Format: "Always respond in JSON with keys: summary, action_items, priority."
  • Context injection: "The user's account balance is $42.50. Their plan is Pro."

System prompt vs user message

Most APIs distinguish between system, user, and assistant roles. The system message typically carries higher trust and is harder to override than user messages. However, the model itself enforces constraints through its training, not purely through prompt hierarchy. Providers like OpenAI and Anthropic implement safety behaviors that operate independently of the system prompt, meaning system prompts alone cannot guarantee compliance with safety requirements.

System prompt injection and leaking

Prompt injection attacks attempt to override system prompt instructions through user input (for example, "Ignore previous instructions and..."). System prompt leaking occurs when adversarial user messages trick the model into revealing its instructions. Neither is fully preventable through prompting alone. Effective defense requires model-level safeguards, input validation, and structured outputs that limit the model's ability to deviate from intended behavior.

Best practices

Keep system prompts concise by placing only invariant instructions in the system prompt and personalizing per-request information through separate user messages. Avoid storing secrets in system prompts, as models can be coaxed into repeating them. Test edge cases: what happens when users ask the model to act differently or ignore its instructions? Treat system prompts as behavioral guidelines, not as security boundaries. Use structured output formats like JSON Schema or XML to constrain model behavior more reliably than natural language instructions alone. Combine system prompts with input validation and post-processing to enforce constraints at the application level rather than relying solely on the model's adherence to instructions.

Related terms

Models relevant to System Prompt