Prompt Engineering
Zero-shot to chain-of-thought, the anatomy of a great prompt, and the attacks every practitioner must recognize.
Prompt engineering is crafting model inputs to get the outputs you want — the cheapest and fastest way to adapt a foundation model, because it requires no training at all. A well-engineered prompt states the role, task, context, examples, constraints, and desired output format.
Prompting techniques
| Technique | What it is | When to use |
|---|---|---|
| Zero-shot | Just the instruction, no examples | Simple tasks the model already handles well |
| One-shot / Few-shot | Include 1 or several worked examples in the prompt | Teach format, style, or tricky classifications without training |
| Chain-of-thought (CoT) | Ask the model to reason step by step ("think step by step") | Math, logic, and multi-step reasoning problems |
| Prompt templates | Reusable prompts with variables filled per request | Production apps needing consistency |
| Negative prompting | Explicitly state what NOT to do or include | Steering away from unwanted content/styles |
Count the examples: zero examples = zero-shot, a few examples = few-shot. "Explain your reasoning step by step" = chain-of-thought. These labels are tested almost verbatim.
Anatomy of a strong prompt
Key points
- Role/persona — "You are an experienced tax accountant…"
- Clear task — one specific instruction beats several vague ones.
- Context — the background or data the answer must use.
- Format specification — "Respond as a JSON object with fields…"
- Constraints — length, tone, audience, what to avoid.
- Iterate: prompt engineering is experimental — test, measure, refine.
Prompt attacks (know these!)
| Attack | What happens |
|---|---|
| Prompt injection | Malicious instructions hidden in user input (or in retrieved documents) hijack the model's behavior |
| Jailbreaking | Crafted prompts trick the model into bypassing its safety rules |
| Prompt leaking | Attacker extracts the hidden system prompt or sensitive context |
Defenses: validate and sanitize user input, use Bedrock Guardrails, separate system instructions from user content, apply least-privilege permissions to what the model can access, and keep humans in the loop for sensitive actions.
A prompt includes three example email/label pairs before asking the model to classify a new email. Which technique is this?