System prompt

The instruction passed to a large language model that defines the agent's role, behaviour, allowed actions, and operating constraints. In agent-mode deployments the system prompt is typically several thousand tokens and carries the policy boundary: tool-use rules, refusal patterns, output format requirements, persona, audit metadata. Distinct from the user prompt (the request being handled).

The system prompt is where most enterprise agent governance lives in practice — and where most enterprise agent governance audit findings surface. Production system prompts in 2026 are typically 2K-8K tokens, version-controlled, change-managed, and stamped with the policy version reference per Article 12 audit logging. The mistake is treating the system prompt as configuration rather than as a security artefact: every change is a policy change and should be logged accordingly.

Related frameworks

• GAUGE →
• MTTD-for-Agents →

Articles that analyse this term

• Agent observability stack: the four layers production agentic-AI actually needs (and what each one misses)
• EU AI Act Article 12 audit-evidence template for agentic AI
• Agentic-AI vendor contracts: the six gotchas in 2026 enterprise MSAs that procurement teams routinely miss

Primary sources

• Anthropic. System prompts (API documentation)
• OpenAI. Chat completions — message roles