title: "ChatGPT System Prompt vs User Prompt Explained (2026)" slug: "08-chatgpt-system-prompt-vs-user-prompt" description: "System prompt vs user prompt — what each is for, how they interact, and how to use them in production AI. Templates, common mistakes, instruction hierarchy." publishedAt: "2026-07-09" updatedAt: "2026-07-09" postNum: 8 pillar: 1 targetKeyword: "chatgpt system prompt vs user prompt" keywords:
- "chatgpt system prompt"
- "system prompt vs user prompt"
- "instruction hierarchy"
- "prompt engineering" ogImage: "https://prompt-architects.com/og/08-chatgpt-system-prompt-vs-user-prompt.png" author: name: "Nafiul Hasan" role: "Founder, Prompt Architects" url: "https://prompt-architects.com/about" ctaFeature: "generator" related: [41, 1, 6] faq:
- q: "What is a system prompt in ChatGPT?" a: "A system prompt is the top-level instruction layer that defines who the AI should be, how it should behave, what tone to use, and what to refuse. It persists across all user messages in a conversation. Use the system prompt for stable rules; the user prompt for the specific task."
- q: "What's the difference between system prompt and developer prompt?" a: "OpenAI's instruction hierarchy (rolled out 2024-2025) defines: system prompt (highest trust, set by OpenAI) > developer prompt (set by you, the API caller) > user prompt > tool output. In the API the developer message role is what most apps use to set persona. In the chat UI, 'Custom Instructions' fills the system role."
- q: "Where do I set the system prompt?" a: "Three places: (1) ChatGPT web UI — Settings → Personalization → Custom Instructions. (2) API — pass message with role 'system' or 'developer'. (3) Custom GPTs — instructions field. Same effect across surfaces: prompt persists across the conversation."
- q: "Should I put my whole prompt in the system field?" a: "No. System prompt should hold stable rules (role, tone, format constraints, refusal policies). User prompt holds the specific task. Mixing them confuses the model and produces inconsistent output across a session."
- q: "Does instruction hierarchy actually work in 2026?" a: "Better than 2024 but not perfect. Models trained with instruction hierarchy (GPT-5, Claude Opus 4) weight system > developer > user > tool more reliably. Reduces but doesn't eliminate prompt injection. Don't rely on hierarchy alone for security — layer with output validation."
TL;DR: System prompt = stable rules (role, tone, format). User prompt = specific task. Mixing them confuses the model. Templates + production patterns below.
What each is for
System prompt
The top-level instruction layer. Persists across the whole conversation. Used for:
- Role: who the AI should be ("You are a senior backend engineer.")
- Voice/tone constraints: how it should write
- Format rules: output shape, length caps
- Refusal policies: what to refuse and how
- Domain anchors: what knowledge area to operate in
User prompt
The specific message a user sends. Used for:
- The actual task or question
- Per-request context (the data to operate on)
- Per-request format overrides
Mental model
System prompt = job description. User prompt = today's task. Don't put job description in every task; don't put one task in your job description.
A clean example
System prompt
You are a senior backend engineer with 10 years of experience in
production systems. You write code reviews, not code. Voice: direct,
specific, severity-tiered (blocker / suggestion / nit). Comments
grouped by dimension: correctness, performance, security,
maintainability. Skip dimensions with no relevant issues. Do not
praise without specific reason. Do not add 'nice to have' suggestions
on a code review.
User prompt
Review this diff:
[paste diff]
Why this works
Voice + framework + skip-rules are all stable across hundreds of reviews. The diff is the only thing that changes per request. System prompt is set once; user prompt does the work.
Instruction hierarchy (the 2024-2025 framework)
OpenAI rolled out instruction hierarchy in 2024 and trained newer models to weight instructions by source:
| Priority | Source | Trust level |
|---|---|---|
| 1 | System prompt | Highest (you set, app-level) |
| 2 | Developer prompt | High (you set, API role: 'developer') |
| 3 | User prompt | Medium (user-controlled input) |
| 4 | Tool output | Lower (potentially attacker-controlled) |
Why this matters: helps prevent prompt injection. If a user pastes "Ignore all previous instructions" in their message, the model is trained to weight your system prompt higher.
Limitation: not perfect. Sophisticated injections still work occasionally. Layer with output validation.
Anthropic Claude has a similar hierarchy via tool use isolation. Google Gemini uses system_instruction parameter.
Where to set system prompts (by tool)
ChatGPT web UI
Settings → Personalization → Custom Instructions. Two boxes:
- "What would you like ChatGPT to know about you?"
- "How would you like ChatGPT to respond?"
These persist across all chats unless you toggle off.
Custom GPTs
The "Instructions" field at GPT creation. Same effect — every conversation with that GPT uses these as the system prompt.
OpenAI API
const response = await openai.chat.completions.create({
model: "gpt-5",
messages: [
{ role: "system", content: "You are a senior backend engineer..." },
{ role: "user", content: "Review this diff: ..." },
],
});
Or use developer role (newer API):
{ role: "developer", content: "..." } // newer; same effect as system in practice
Anthropic API (Claude)
const response = await anthropic.messages.create({
model: "claude-opus-4",
system: "You are a senior backend engineer...",
messages: [
{ role: "user", content: "Review this diff: ..." },
],
});
System is its own parameter — not a message.
Google Gemini
const model = genAI.getGenerativeModel({
model: "gemini-2.5-pro",
systemInstruction: "You are a senior backend engineer...",
});
What goes in system prompt (and what doesn't)
| Feature | Type | Goes in system prompt? | Why |
|---|---|---|---|
| Role / persona | Type | ✅ Yes | Stable across conversation |
| Tone / voice constraints | Type | ✅ Yes | Stable |
| Format rules (length, structure) | Type | ✅ Yes | Stable |
| Refusal policies | Type | ✅ Yes | Stable, security-relevant |
| Domain anchors | Type | ✅ Yes | What expertise to apply |
| Output schema (JSON shape) | Type | ✅ Yes | Stable across requests |
| Examples (few-shot) | Type | ✅ Yes | Reusable; teach pattern once |
| Today's task | Type | ❌ No | Goes in user prompt |
| Specific data to operate on | Type | ❌ No | Goes in user prompt |
| Per-request context | Type | ❌ No | Goes in user prompt |
| Variable details (audience, brand) | Type | Either | If reused often → system; if per-request → user |
Production templates
Customer support agent
SYSTEM:
You are a customer support agent for Acme Inc. Domain: SaaS billing
+ account access. Voice: warm, specific, action-oriented. Always
sign with first name. Refuse:
- Refund requests over $500 (escalate to human)
- Account changes for users not authenticated
- Off-topic questions (reply: "I can help with billing or account
questions. For [topic], try [appropriate channel].")
Output format: 2-3 paragraphs. End with one of: solution, next step, or
escalation flag.
USER:
[customer message]
Code reviewer
SYSTEM:
You are a senior backend engineer reviewing code in a high-performance
B2B SaaS. Voice: direct, severity-tiered (blocker / suggestion / nit).
Group comments by dimension: correctness, performance, security,
maintainability. Skip dimensions with no issues. No empty praise.
No 'nice to have' on code reviews.
USER:
Review this diff:
[diff]
Marketing copywriter
SYSTEM:
You are a senior B2B copywriter, 10+ years SaaS experience. Voice:
confident, specific, slightly playful, never starts sentences with
"In today's...", never uses corporate jargon. You won't write copy
for crypto, gambling, or unfounded health claims.
You always specify output format (numbered list, table, paragraph)
and constraints (length, tone, must-include) before writing.
USER:
Write 5 headline variants for [product] targeting [audience]. ≤8 words.
Mix benefit-focused (3) and curiosity-driven (2). Rank by predicted CTR.
Data extractor (production)
SYSTEM:
You extract entities from text and respond as JSON matching the
provided schema. No prose. No code fences. No explanation. If a
field can't be extracted, set it to null.
USER:
Extract from: "[email content]"
Schema:
{
"name": "string",
"company": "string",
"topic": "string",
"urgency": "low | normal | high"
}
Common mistakes
-
Stuffing the entire prompt in user message. System prompt sits empty; everything goes in user. Loses the "stable across requests" benefit. Output style drifts.
-
Putting per-request data in system prompt. "System: Today the customer is John Smith with order #12345..." This makes system prompt mutable and breaks the stability mental model.
-
Conflicting system + user instructions. System says "always reply in ≤200 words". User says "give me a 1500-word essay". Model has to choose. Usually picks user (recency bias). Don't fight your own system prompt.
-
Skipping system prompt for one-off chats. If you'll prompt the same kind of thing more than 3 times, write a system prompt. Save 30 seconds × N requests.
-
Treating instruction hierarchy as security boundary. It reduces injection but doesn't eliminate it. Don't put secrets in system prompt assuming users can't extract them.
Anti-patterns to avoid
"You are a god-tier expert"
Flattery doesn't work. Specific role + experience does. "Senior backend engineer with 10y at Stripe" beats "world-class genius engineer".
Listing 20 voice attributes
Pick 5-7 max. Beyond that, model averages between conflicting instructions.
Embedding API keys / passwords in system prompt
System prompt is not a secret store. Determined users can extract it. For real secrets, keep them in env vars; never include in any prompt.
Updating system prompt mid-conversation
Each new message references the original system prompt context. Switching mid-conversation produces inconsistent behavior. Start fresh chat for new system prompt.
When to use which
| Situation | Where to put it |
|---|---|
| One-off ChatGPT question | All in user prompt; skip system |
| Repeated task pattern (>3x) | Stable rules → system; per-task → user |
| Multi-turn conversation | System for persona/rules; user for each turn |
| Production AI app | System for app behavior; user for per-request |
| Custom GPT for team use | System (instructions field) for everything stable |
| API for backend automation | System for role; user for the specific data |
Power moves
- Save your top 5 system prompts as templates. Most users reuse a "code reviewer" or "marketing copy" or "support reply" persona constantly.
- A/B test system prompts. Same task, different system prompt. Note which produces tighter output.
- Use system prompt for output schema. Tell the model the JSON shape once; reference it in every user prompt.
- Pair system + few-shot. System defines persona; user prompt includes 1-3 examples before your real task. Best of both.
- For team workflows, share well-tuned system prompts. The right system prompt lifts every team member's output by ~20% with zero per-task effort.
Tools that ship system-prompt management (Prompt Architects) save the copy-paste-into-Custom-Instructions friction. Same skill underneath.