Definition
A prompt is the input text given to a large language model (LLM) to elicit a desired output. It is the primary interface between a human (or a program) and the model: you describe what you want in natural language, and the model generates a continuation. A prompt can be a single question, a detailed instruction, a block of data to transform, or a long multi-turn conversation. Because an LLM has no goals of its own, the prompt is what defines the task — and small wording changes can produce dramatically different results.
The three roles
Modern chat models structure prompts into roles, each with a different purpose:
- System prompt — sets the model’s persistent behaviour, persona, tone, and rules for the entire conversation. It is usually set by the application developer and is invisible to the end user.
- User prompt — the message a person actually types. It changes with every turn and carries the immediate request.
- Assistant message — the model’s reply. You can also prefill it: by supplying the opening of the assistant’s turn, you steer the format and content of what follows.
This separation lets a product enforce consistent behaviour (via the system prompt) while still responding to varied user input.
Anatomy of a well-formed prompt
Effective prompts tend to share a few ingredients: a clear instruction (“summarise in three bullet points”), relevant context or data, an explicit output format, and sometimes examples of the desired result. Stating constraints directly — length, tone, what to avoid — reduces ambiguity. The art of writing these well is known as prompt engineering, and techniques like few-shot examples and chain-of-thought instructions can meaningfully improve accuracy on hard tasks.
Prompts as an attack surface
Because LLMs read all their input as a single stream of text, they cannot reliably tell trusted instructions apart from instructions embedded in untrusted content. Prompt injection exploits this: an attacker hides commands inside a document, web page, or tool output, and the model obeys them — leaking data, ignoring its system prompt, or taking unintended actions. As LLMs gain access to tools, browsing, and user data, treating every prompt component as a potential security boundary becomes essential.
Why it matters
The prompt is the most important variable most users actually control. Unlike training data or model architecture, which are fixed, the prompt can be rewritten in seconds — and doing so is often the highest-leverage way to improve results. Understanding roles, structure, and the security risks of untrusted input is foundational to using AI tools effectively and safely.