Prompt Engineering
Designing an LLM’s input prompt so that the desired output is generated. The prompt is the only text-based input to an LLM — prompt engineering is the primary lever for steering model behavior.
Why It Matters
- The same topic phrased differently produces vastly different outputs (e.g. “Write a paragraph about X” vs “Write a poem about X”)
- Subtle changes in phrasing, clarity, context, and tone all shift the response
- LLMs are not deterministic — the same prompt can produce different outputs each time
- Good prompt engineering reduces misinformation and increases usability
Best Practices
| Practice | Description | Example |
|---|---|---|
| Clarity | Be clear, unambiguous, and concise. Provide enough detail to avoid vague responses. | How do I get all table names in a MySQL database instead of How do I get all table names in SQL |
| Context & Constraints | Provide relevant context. State constraints explicitly. Include examples when possible. | Provide a CSV-formatted list of OWASP Top 10 vulnerabilities with columns 'position','name','description' instead of List OWASP Top 10 |
| Experimentation | Subtle prompt changes can significantly affect quality. Try variations, compare results, keep what works best. | Iterate on phrasing until the response quality stabilizes |
The Security Angle
Prompt engineering is also an attack surface. The same techniques used to craft better prompts can be used to manipulate LLMs into unintended behavior:
- Prompt injection (LLM01:2025) — injecting instructions that override the model’s intended behavior
- Sensitive information disclosure (LLM02:2025) — manipulating the prompt to extract data the model shouldn’t reveal
Understanding prompt engineering as a craft is prerequisite to understanding it as an attack vector.
See Also
- prompt-injection — how prompt engineering becomes an attack technique
- prompt-engineering-llm-security — prompt engineering & LLM security overview
- owasp-llm-top-10 — OWASP framework covering LLM prompt-related risks