Why One Chatbot Is Curt and Another Chatty

A system prompt is the standing instruction set that shapes how a model behaves before a user ever types a word. It sets the role, the rules, the tone, and the boundaries that persist across an entire conversation. If you have ever wondered why one chatbot is curt and another is chatty, the answer almost always lives in the system prompt, not the model weights.

People search this topic with very specific questions, and most articles answer none of them directly. This piece is built as a Q&A. Each section is a question we hear constantly from teams shipping AI features, with a direct answer and the trade-off you actually need to know. Read top to bottom or jump to the one keeping you up at night.

If you want the broader narrative, start with The Complete Guide to What Is a System Prompt. This article assumes you already know roughly what a prompt is and want the gaps filled in.

What exactly is a system prompt versus a user prompt?

A system prompt is the instruction layer the application sets; a user prompt is what the person types. The model sees both, but it treats them differently. The system prompt is meant to be authoritative and durable, the user prompt is the request of the moment.

The practical difference

• System prompt: "You are a billing support agent for Acme. Never disclose internal pricing tiers. If asked about refunds, follow the refund policy below." This is set once, in code.
• User prompt: "I want a refund for last month." This changes every turn.

The system prompt is where you encode policy, persona, and guardrails. The user prompt is where the work happens. Mixing the two, by stuffing per-request data into the system prompt or by putting durable rules in the user turn, is the most common structural mistake we see.

Does the system prompt actually change the model's behavior, or is it a suggestion?

It changes behavior strongly, but it is not a hard constraint. Modern instruction-tuned models weight system instructions heavily, often above user instructions when the two conflict. That said, a determined user can still talk a model around weak instructions. The system prompt biases the model; it does not lock it.

This is why security-sensitive rules belong in code, not only in the prompt. If a refund over a certain amount requires manager approval, enforce that in your application logic. Use the system prompt to guide tone and routine behavior, and use real code for anything that must never happen.

How long should a system prompt be?

Long enough to be unambiguous, short enough to stay coherent. In practice, most strong system prompts run from a few hundred to a couple thousand tokens. Past that, two problems appear: cost on every single call, and instruction dilution where the model starts ignoring buried rules.

Signs your prompt is too long

• You have rules that contradict each other and nobody noticed.
• The same instruction appears three times in different words.
• New behavior changes require a fifteen-minute read to find the right line.

When a prompt sprawls, refactor it the way you would refactor code: group related rules, remove duplicates, and move examples into a separate few-shot section. The best practices guide covers structure in depth.

Where do I put the system prompt in an API call?

In the dedicated system role or system parameter your provider exposes. Most chat APIs separate messages by role: system, user, and assistant. The system content goes in the system slot, not as the first user message. Putting it in a user message technically works but signals lower priority to the model and muddles your message history.

If your provider gives you a top-level system field, use it. It keeps the instruction layer clean and separate from the running conversation, which matters when you start logging and replaying turns.

Can a user see or extract my system prompt?

Often, yes, if you do not design against it. Prompt extraction attacks, where a user asks the model to repeat its instructions, succeed against careless setups. You can reduce the risk, but you cannot assume the system prompt is secret.

What to do about it

• Never put credentials, API keys, or real secrets in the system prompt.
• Assume any policy text could leak and make sure leaking it is embarrassing, not catastrophic.
• Add an explicit instruction to decline requests to reveal internal instructions, knowing it only raises the bar.

Treat the system prompt as semi-public. Anything that must stay private belongs in a backend the model never sees.

How is a system prompt different from fine-tuning?

A system prompt changes behavior at inference time with text. Fine-tuning changes the model's weights with training. The system prompt is instant, editable, and cheap to iterate. Fine-tuning is slower, costs money to run, and bakes behavior in.

Reach for a system prompt first. It handles persona, formatting, and most domain rules. Fine-tune only when you have a stable, high-volume behavior that a prompt cannot reliably produce, or when prompt length is hurting your cost and latency. For most teams, a well-written system prompt plus retrieval covers the need without any training at all.

How do I know if my system prompt is working?

You test it against real cases, not vibes. Write down the behaviors you expect, then run inputs through and check whether you get them. The teams that ship reliable assistants treat the system prompt as testable software.

A minimal evaluation loop

1. Collect ten to twenty representative user inputs, including edge cases and adversarial ones.
2. Define the correct behavior for each.
3. Run them after every prompt change and diff the results.
4. Watch for regressions where fixing one behavior breaks another.

This catches the silent failures that manual spot-checking misses. See the step-by-step approach for a fuller testing routine.

Frequently Asked Questions

Can I have more than one system prompt in a conversation?

Usually you set one system prompt per conversation, but you can update it between turns if your architecture re-sends the full context each call. Some teams swap system prompts to switch modes, for example moving from intake to resolution. Just be consistent, because a mid-conversation switch can confuse the model if the new instructions contradict what it already committed to.

Does the system prompt count against my token limit?

Yes. The system prompt is part of the context window and is billed on every call, since most APIs resend it each turn. A long prompt multiplied by thousands of requests adds up fast. This is a strong reason to keep it tight and to move static reference material into retrieval rather than the prompt itself.

Should the system prompt be written in second person or third person?

Second person tends to work well: "You are a support agent." It reads as a direct instruction the model adopts. Third person descriptions also work but can feel more like documentation than command. Pick one style and stay consistent across your prompt so the model is not switching frames mid-instruction.

Do all AI models use system prompts the same way?

No. Different model families respect system instructions to different degrees, and the exact field name and behavior vary by provider. A prompt tuned for one model may need adjustment on another. Always re-test when you switch models, because the same words can produce noticeably different behavior across vendors.

What happens if I leave the system prompt empty?

The model falls back to its default behavior, which is generic and tuned by the provider, not by you. You lose persona, formatting control, and your guardrails. For anything beyond a quick experiment, an empty system prompt means you are shipping the vendor's defaults to your users.

Key Takeaways

• A system prompt is the durable instruction layer that sets role, rules, and tone before the user speaks.
• It strongly biases behavior but is not a hard constraint; enforce critical rules in code.
• Keep it from a few hundred to a couple thousand tokens, structured like maintainable software.
• Put it in the dedicated system role, never in a user message, and never store secrets in it.
• Prefer prompting over fine-tuning until volume, stability, or cost forces the switch.
• Test the prompt against real and adversarial inputs after every change to catch silent regressions.