// GLOSSARY -- AGENTIC AI

What is System Prompt?

1 min read Updated

A system prompt is a privileged instruction set provided to an LLM that defines the model's role, behavior, constraints, and output format — serving as the primary behavioral control for AI agents.

WHY IT MATTERS

The system prompt is where you define who the AI is. It sets the persona, boundaries, tone, and rules that govern every interaction. For agents, it's essentially the agent's programming.

A financial agent's system prompt might specify permitted actions, risk tolerance, output formats, and escalation rules.

The critical limitation: system prompts can be jailbroken. Determined adversaries can craft inputs that cause the model to ignore system instructions. System prompts are behavioral guidance, not security boundaries.

HOW POLICYLAYER USES THIS

System prompts tell agents what they should do. PolicyLayer enforces what they can do. Because system prompts can be bypassed through prompt injection, financial constraints must be enforced at a layer outside the model's control.

FREQUENTLY ASKED QUESTIONS

Can system prompts be extracted by users?
Yes, in many cases. Various jailbreak techniques can cause models to reveal their system prompt. Never put secrets or API keys in system prompts.
How long can a system prompt be?
System prompts consume context window tokens. Most models support several thousand tokens, but longer prompts increase cost and may reduce instruction-following.
Should financial rules go in the system prompt?
As a first layer yes, but insufficient alone. They can be ignored or bypassed. Hard enforcement requires an external policy layer.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.