Techniques & methods

System Prompt

A system prompt is a set of instructions provided to a language model before any user input, defining its persona, constraints, output format, and behavioral rules that persist throughout the entire conversation.

A system prompt occupies a privileged position in the input context of a large language model — it is injected before the conversation history and, in most commercial deployments, is not visible to the end user. It typically specifies who the model is (e.g., "You are a customer support assistant for Acme Corp"), what topics it may or may not address, what language or tone to use, and any domain-specific rules it must follow. The system prompt is structurally distinct from the user's message (the "human turn") and the model's response (the "assistant turn").

Most transformer-based LLMs process the system prompt as part of a structured input template. In Anthropic's Claude API the system field is a first-class parameter; OpenAI's Chat Completions API uses a message with role "system". The model attends to the system prompt throughout the entire generation: experiments consistently show that instructions placed in the system prompt are followed more reliably than the same instructions buried mid-conversation. Prompt caching — available in the Anthropic and OpenAI APIs — allows system prompt tokens to be stored at reduced cost, which matters when the same static prompt is reused across thousands of requests.

System prompts are the primary mechanism for customizing a general-purpose LLM without fine-tuning. A well-crafted system prompt can restrict the model to a specific topic domain, enforce a response format such as JSON, inject real-time context (today's date, user account data), and set safety guardrails appropriate for the deployment. This makes system prompts the operational core of nearly every commercial LLM product — from chatbots and coding assistants to automated data extraction pipelines.

As of 2026, all major LLM providers — Anthropic, OpenAI, Google DeepMind, Meta, and Mistral — expose system prompts as first-class API parameters. Context windows have grown to hundreds of thousands of tokens, making it practical to embed extensive instructions, reference documents, and tool schemas in a single system prompt. Simultaneously, prompt injection — adversarial user inputs designed to override system prompt instructions — remains an active security concern for which no universally reliable defense exists.

Example

A company deploys Claude as an internal HR assistant with a system prompt specifying that it may only answer questions about company policy documents and must respond in formal English, preventing it from discussing competitors or generating code.

Related terms

Latest news on this topic

← Glossary