What is Prompt Engineering?
Prompt engineering is the practice of designing the inputs given to a language model — system prompts, user prompts, examples, output schemas, structured templates — to reliably produce the desired output. Where traditional software engineering specifies behavior in code, prompt engineering specifies behavior in natural language directed at a model trained to follow it.
What prompt engineers actually do
A production prompt is rarely a single sentence. Modern prompt engineering involves:
- System-prompt design — defining persona, scope, tools, refusal rules, and output format
- Few-shot example selection — picking 2-10 representative input/output pairs that demonstrate the desired behavior
- Output schema enforcement — using JSON mode, structured outputs, or constrained decoding to make outputs machine-parseable
- Chain-of-thought scaffolding — when reasoning is needed, structuring the prompt to elicit step-by-step thinking
- Negative examples — showing the model what not to do
- Iterative testing — running the prompt against an evaluation set, identifying failure modes, refining
- Robustness testing — adversarial probing for jailbreaks, edge cases, off-topic drift
Common patterns
- The role-and-task pattern — "You are a [role]. Your task is [specific goal]. Output format: [schema]."
- The persona-then-instruction pattern — establish character, then give the directive
- The chain-of-thought elicitation — "Think step by step" or worked examples
- The reflection pattern — produce a draft, critique it, produce a revised version
- The structured-decomposition pattern — break a complex task into named sub-tasks the model handles in sequence
Why it matters for security
Prompt engineering is the application's primary lever for shaping model behavior, which means it's also the primary target for attackers. Three security-relevant observations:
- Prompt engineering is fragile. A prompt that performs well on the eval set often breaks on edge cases the eval didn't cover. Models from different providers (and different versions of the same provider) interpret the same prompt differently.
- Tightly-engineered prompts resist hijacking better. A narrow, specific prompt ("you are a customer-service agent for X, refuse anything off-topic") resists jailbreaking better than an open-ended one ("you are a helpful assistant").
- Prompt engineers and security engineers need to talk. Prompts are recoverable in production (system prompt extraction is a routine attack); anything sensitive should be enforced server-side, not in the prompt.
Limits of prompt engineering
The honest framing: prompt engineering bends model behavior probabilistically. It does not guarantee anything. For any production deployment with real adversaries, prompt engineering is the first layer — runtime guardrails, output validation, and continuous adversarial testing are the layers that make the deployment actually safe.