What is System prompt?

A system prompt is the foundational message that configures a model's behavior for a conversation, distinct from the user and assistant turns that follow. It typically states the assistant's persona and goals, hard constraints (what it must never do), output format rules, and context about available tools and how to use them. Most chat APIs give the system role elevated priority so its instructions outrank ordinary user text, which is why guardrails and safety policies live here. In agentic and MCP setups the system prompt is where you describe the agent's task, enumerate the tools the client has surfaced from connected servers, and set policy for when to ask a human before acting. Good system prompts are specific and testable: they prefer concrete rules over vague aspirations, and they put the most important constraints up front. Because the same system prompt is reused across many calls, it is the natural unit for prompt caching, the fixed prefix is cached once and reused, cutting cost and latency. The system prompt is also a security surface: tool-poisoning and prompt-injection attacks aim to override it, so it should never be the only thing standing between an agent and a destructive action.