The SplxAI team is excited to announce the newest feature for Agentic Radar, our open-source security scanner for agentic workflows. You can now scan your agentic workflows for system prompts – and get actionable suggestions for making those system prompts more precise, reliable, and secure.
System prompts are one of the most overlooked attack surfaces in agent-based architectures. With this new capability, Agentic Radar doesn’t just detect where your agents might be vulnerable – it also helps you fix these issues right at the source.
In this article, we'll break down the benefits of hardening your system prompts and walk you through an example on how to do exactly that using Agentic Radar.
The SplxAI team is excited to announce the newest feature for Agentic Radar, our open-source security scanner for agentic workflows. You can now scan your agentic workflows for system prompts – and get actionable suggestions for making those system prompts more precise, reliable, and secure.
System prompts are one of the most overlooked attack surfaces in agent-based architectures. With this new capability, Agentic Radar doesn’t just detect where your agents might be vulnerable – it also helps you fix these issues right at the source.
In this article, we'll break down the benefits of hardening your system prompts and walk you through an example on how to do exactly that using Agentic Radar.
The SplxAI team is excited to announce the newest feature for Agentic Radar, our open-source security scanner for agentic workflows. You can now scan your agentic workflows for system prompts – and get actionable suggestions for making those system prompts more precise, reliable, and secure.
System prompts are one of the most overlooked attack surfaces in agent-based architectures. With this new capability, Agentic Radar doesn’t just detect where your agents might be vulnerable – it also helps you fix these issues right at the source.
In this article, we'll break down the benefits of hardening your system prompts and walk you through an example on how to do exactly that using Agentic Radar.
Why Good System Prompts Matter
Before exploring the new feature, we'll explain why prompts – and particularly system prompts – are a crucial component of agentic workflows.
What are Prompts?
Prompts are used to communicate with Large Language Models (LLMs) and provide them with instructions. Whether you're using ChatGPT, Claude, or an autonomous agent built with CrewAI, LangGraph, or n8n, every task the model performs starts with a prompt. The prompt sets the context, defines the task, and outlines the constraints for the model's response.
In agentic systems, these prompts can be dynamically generated or embedded in code – often invisibly influencing how your agent behaves.
What are System Prompts?
System prompts are special instructions that tell an LLM how to behave consistently across interactions. Unlike a simple user query, a system prompt might say:
“You are a cybersecurity assistant. Only answer questions that relate to security best practices. Never speculate about user identity.”
Think of a system prompt as the operating manual your agent quietly reads before responding to anything else. They define the persona, tone, boundaries, and responsibilities of the agent. A well-written system prompt can prevent everything from jailbreaks and hallucinations to leakage of sensitive data.
Why are They Important?
System prompts are like the DNA of your AI agent. They define how it behaves, what it cares about, and what it absolutely should refuse to do – making them critical for correctness and security. A vague or overly permissive system prompt can leave your LLM-based agent open to:
Misinterpretation of intent
Leakage of sensitive information
Prompt injection attacks
Inconsistent or unsafe behavior
A strong, well-crafted system prompt, on the other hand, acts as a first line of defense that guides the model towards safe, predictable, and domain-specific outputs.
Precision + Security = Better AI Agents
In the past, we have seen that even a little effort can go a long way when it comes to "hardening" your system prompts. In fact, many prompt-related issues can be addressed with just a few tweaks – clearer instructions, stronger role definitions, or explicit refusals of out-of-scope tasks.
This is where the 80/20 rule comes into play: 80% of gains in security and reliability often come from improving just 20% of your prompts.
And from now on, you don't need to guess which 20% to fix – Agentic Radar helps you identify and improve them automatically.
Before exploring the new feature, we'll explain why prompts – and particularly system prompts – are a crucial component of agentic workflows.
What are Prompts?
Prompts are used to communicate with Large Language Models (LLMs) and provide them with instructions. Whether you're using ChatGPT, Claude, or an autonomous agent built with CrewAI, LangGraph, or n8n, every task the model performs starts with a prompt. The prompt sets the context, defines the task, and outlines the constraints for the model's response.
In agentic systems, these prompts can be dynamically generated or embedded in code – often invisibly influencing how your agent behaves.
What are System Prompts?
System prompts are special instructions that tell an LLM how to behave consistently across interactions. Unlike a simple user query, a system prompt might say:
“You are a cybersecurity assistant. Only answer questions that relate to security best practices. Never speculate about user identity.”
Think of a system prompt as the operating manual your agent quietly reads before responding to anything else. They define the persona, tone, boundaries, and responsibilities of the agent. A well-written system prompt can prevent everything from jailbreaks and hallucinations to leakage of sensitive data.
Why are They Important?
System prompts are like the DNA of your AI agent. They define how it behaves, what it cares about, and what it absolutely should refuse to do – making them critical for correctness and security. A vague or overly permissive system prompt can leave your LLM-based agent open to:
Misinterpretation of intent
Leakage of sensitive information
Prompt injection attacks
Inconsistent or unsafe behavior
A strong, well-crafted system prompt, on the other hand, acts as a first line of defense that guides the model towards safe, predictable, and domain-specific outputs.
Precision + Security = Better AI Agents
In the past, we have seen that even a little effort can go a long way when it comes to "hardening" your system prompts. In fact, many prompt-related issues can be addressed with just a few tweaks – clearer instructions, stronger role definitions, or explicit refusals of out-of-scope tasks.
This is where the 80/20 rule comes into play: 80% of gains in security and reliability often come from improving just 20% of your prompts.
And from now on, you don't need to guess which 20% to fix – Agentic Radar helps you identify and improve them automatically.
Before exploring the new feature, we'll explain why prompts – and particularly system prompts – are a crucial component of agentic workflows.
What are Prompts?
Prompts are used to communicate with Large Language Models (LLMs) and provide them with instructions. Whether you're using ChatGPT, Claude, or an autonomous agent built with CrewAI, LangGraph, or n8n, every task the model performs starts with a prompt. The prompt sets the context, defines the task, and outlines the constraints for the model's response.
In agentic systems, these prompts can be dynamically generated or embedded in code – often invisibly influencing how your agent behaves.
What are System Prompts?
System prompts are special instructions that tell an LLM how to behave consistently across interactions. Unlike a simple user query, a system prompt might say:
“You are a cybersecurity assistant. Only answer questions that relate to security best practices. Never speculate about user identity.”
Think of a system prompt as the operating manual your agent quietly reads before responding to anything else. They define the persona, tone, boundaries, and responsibilities of the agent. A well-written system prompt can prevent everything from jailbreaks and hallucinations to leakage of sensitive data.
Why are They Important?
System prompts are like the DNA of your AI agent. They define how it behaves, what it cares about, and what it absolutely should refuse to do – making them critical for correctness and security. A vague or overly permissive system prompt can leave your LLM-based agent open to:
Misinterpretation of intent
Leakage of sensitive information
Prompt injection attacks
Inconsistent or unsafe behavior
A strong, well-crafted system prompt, on the other hand, acts as a first line of defense that guides the model towards safe, predictable, and domain-specific outputs.
Precision + Security = Better AI Agents
In the past, we have seen that even a little effort can go a long way when it comes to "hardening" your system prompts. In fact, many prompt-related issues can be addressed with just a few tweaks – clearer instructions, stronger role definitions, or explicit refusals of out-of-scope tasks.
This is where the 80/20 rule comes into play: 80% of gains in security and reliability often come from improving just 20% of your prompts.
And from now on, you don't need to guess which 20% to fix – Agentic Radar helps you identify and improve them automatically.
Prompt Hardening in Action
Previously, Agentic Radar focused on making your agentic workflows transparent and detecting potential vulnerabilities. It could map out agents, tools, MCP servers, and their dependencies.
Now it goes one step further. Run a scan on your workflow, and Agentic Radar will:
Extract system prompts for each agent it finds
Analyze them for ambiguity, vagueness, or risk factors
Suggest hardened alternatives that reduce risk and improve performance
Think of it as static analysis for your agent’s brain.
In this section, we’ll walk through a real-world example where Agentic Radar scans an agentic workflow, identifies a weak system prompt, and suggests targeted improvements. We’ll keep things hands-on, so feel free to follow along with the code and try it yourself.
Initial Setup
Install Agentic Radar by following the README instructions from the official repository.
Download (or copy/paste) the agentic workflow written using OpenAI Agents from here.
In your terminal, set your OPENAI_API_KEY environment variable by running:
export OPENAI_API_KEY=<your-openai-api-key>
Scanning Agent Vulnerabilities and Mitigations
Let’s scan the example workflow with Agentic Radar:agentic-radar scan openai-agents -i path/to/example/folder -o report.html
Afterwards, open the generated HTML report in your browser.
In the example we used, we have two agents:
Customer support agent - this agent does the actual job
Guardrail agent - this agent helps the customer support agent by ensuring it doesn’t allow off-topic conversations (in this case, solving math homework for the user)
Agentic Radar performs static code analysis to detect all agents within the workflow. In addition, it also recognizes which mitigations are already implemented for some of the most common LLM vulnerabilities.
You can see that for certain vulnerabilities (Input Length Limit and Intentional Misuse) there are already some mitigations implemented in the code.
Hardening the System Prompt
Agentic Radar also shows us the currently used system prompt for the customer support agent.
While the system prompt is short and simple, it's also too vague and can lead to ambiguous behavior, inconsistent responses, or even unintended model actions. Without clear boundaries or task definitions, the agent may interpret instructions too broadly.
Now, let’s run the same command, but now including the –harden-prompts flag:
agentic-radar scan openai-agents —harden-prompts -i path/to/example/folder -o report.html
After opening the new report, you should see the suggested hardened prompts alongside the current system prompts.
You can click on the copy button (on the right) and replace the old system prompt in the source code with its improved version. You can do that by passing the copied prompt to the instructions parameter of the Customer Support Agent constructor.
Let’s scan the workflow with Agentic Radar again, now with the hardened system prompt:
agentic-radar scan openai-agents -i path/to/example/folder -o report.html
Now let's take a look at the Agent Vulnerability Mitigations section again.
Agentic Radar immediately recognizes that we have employed partial mitigations when it comes to PII Leakage and Jailbreak, as we added a layer of defense through our hardened system prompt.
Previously, Agentic Radar focused on making your agentic workflows transparent and detecting potential vulnerabilities. It could map out agents, tools, MCP servers, and their dependencies.
Now it goes one step further. Run a scan on your workflow, and Agentic Radar will:
Extract system prompts for each agent it finds
Analyze them for ambiguity, vagueness, or risk factors
Suggest hardened alternatives that reduce risk and improve performance
Think of it as static analysis for your agent’s brain.
In this section, we’ll walk through a real-world example where Agentic Radar scans an agentic workflow, identifies a weak system prompt, and suggests targeted improvements. We’ll keep things hands-on, so feel free to follow along with the code and try it yourself.
Initial Setup
Install Agentic Radar by following the README instructions from the official repository.
Download (or copy/paste) the agentic workflow written using OpenAI Agents from here.
In your terminal, set your OPENAI_API_KEY environment variable by running:
export OPENAI_API_KEY=<your-openai-api-key>
Scanning Agent Vulnerabilities and Mitigations
Let’s scan the example workflow with Agentic Radar:agentic-radar scan openai-agents -i path/to/example/folder -o report.html
Afterwards, open the generated HTML report in your browser.
In the example we used, we have two agents:
Customer support agent - this agent does the actual job
Guardrail agent - this agent helps the customer support agent by ensuring it doesn’t allow off-topic conversations (in this case, solving math homework for the user)
Agentic Radar performs static code analysis to detect all agents within the workflow. In addition, it also recognizes which mitigations are already implemented for some of the most common LLM vulnerabilities.
You can see that for certain vulnerabilities (Input Length Limit and Intentional Misuse) there are already some mitigations implemented in the code.
Hardening the System Prompt
Agentic Radar also shows us the currently used system prompt for the customer support agent.
While the system prompt is short and simple, it's also too vague and can lead to ambiguous behavior, inconsistent responses, or even unintended model actions. Without clear boundaries or task definitions, the agent may interpret instructions too broadly.
Now, let’s run the same command, but now including the –harden-prompts flag:
agentic-radar scan openai-agents —harden-prompts -i path/to/example/folder -o report.html
After opening the new report, you should see the suggested hardened prompts alongside the current system prompts.
You can click on the copy button (on the right) and replace the old system prompt in the source code with its improved version. You can do that by passing the copied prompt to the instructions parameter of the Customer Support Agent constructor.
Let’s scan the workflow with Agentic Radar again, now with the hardened system prompt:
agentic-radar scan openai-agents -i path/to/example/folder -o report.html
Now let's take a look at the Agent Vulnerability Mitigations section again.
Agentic Radar immediately recognizes that we have employed partial mitigations when it comes to PII Leakage and Jailbreak, as we added a layer of defense through our hardened system prompt.
Previously, Agentic Radar focused on making your agentic workflows transparent and detecting potential vulnerabilities. It could map out agents, tools, MCP servers, and their dependencies.
Now it goes one step further. Run a scan on your workflow, and Agentic Radar will:
Extract system prompts for each agent it finds
Analyze them for ambiguity, vagueness, or risk factors
Suggest hardened alternatives that reduce risk and improve performance
Think of it as static analysis for your agent’s brain.
In this section, we’ll walk through a real-world example where Agentic Radar scans an agentic workflow, identifies a weak system prompt, and suggests targeted improvements. We’ll keep things hands-on, so feel free to follow along with the code and try it yourself.
Initial Setup
Install Agentic Radar by following the README instructions from the official repository.
Download (or copy/paste) the agentic workflow written using OpenAI Agents from here.
In your terminal, set your OPENAI_API_KEY environment variable by running:
export OPENAI_API_KEY=<your-openai-api-key>
Scanning Agent Vulnerabilities and Mitigations
Let’s scan the example workflow with Agentic Radar:agentic-radar scan openai-agents -i path/to/example/folder -o report.html
Afterwards, open the generated HTML report in your browser.
In the example we used, we have two agents:
Customer support agent - this agent does the actual job
Guardrail agent - this agent helps the customer support agent by ensuring it doesn’t allow off-topic conversations (in this case, solving math homework for the user)
Agentic Radar performs static code analysis to detect all agents within the workflow. In addition, it also recognizes which mitigations are already implemented for some of the most common LLM vulnerabilities.
You can see that for certain vulnerabilities (Input Length Limit and Intentional Misuse) there are already some mitigations implemented in the code.
Hardening the System Prompt
Agentic Radar also shows us the currently used system prompt for the customer support agent.
While the system prompt is short and simple, it's also too vague and can lead to ambiguous behavior, inconsistent responses, or even unintended model actions. Without clear boundaries or task definitions, the agent may interpret instructions too broadly.
Now, let’s run the same command, but now including the –harden-prompts flag:
agentic-radar scan openai-agents —harden-prompts -i path/to/example/folder -o report.html
After opening the new report, you should see the suggested hardened prompts alongside the current system prompts.
You can click on the copy button (on the right) and replace the old system prompt in the source code with its improved version. You can do that by passing the copied prompt to the instructions parameter of the Customer Support Agent constructor.
Let’s scan the workflow with Agentic Radar again, now with the hardened system prompt:
agentic-radar scan openai-agents -i path/to/example/folder -o report.html
Now let's take a look at the Agent Vulnerability Mitigations section again.
Agentic Radar immediately recognizes that we have employed partial mitigations when it comes to PII Leakage and Jailbreak, as we added a layer of defense through our hardened system prompt.
Conclusion
System prompts may seem like a small part of your agentic architecture, but as we’ve concluded, they can make a huge difference in how your agents behave and how secure they are.
By using Agentic Radar’s new prompt hardening feature, you can quickly identify weak or vague system prompts and replace them with clearer, more secure instructions. This improves both the reliability and safety of your AI agents – often with just a few lines of text.
What’s especially exciting is that Agentic Radar is no longer just a tool for flagging potential issues. It now provides actionable remediation – from specific prompt hardening suggestions to a clearer picture of which vulnerabilities have already been mitigated. It’s not just about awareness; it’s about continuous improvement.
The best part? It fits seamlessly into your existing workflow. One command, one report, and you're already on your way to building more resilient agentic systems.
We’re excited to keep improving Agentic Radar with our valued community. If you haven’t already, check out the GitHub repo and give it a try. And if you’ve got ideas or feedback – feel free to let us know!
System prompts may seem like a small part of your agentic architecture, but as we’ve concluded, they can make a huge difference in how your agents behave and how secure they are.
By using Agentic Radar’s new prompt hardening feature, you can quickly identify weak or vague system prompts and replace them with clearer, more secure instructions. This improves both the reliability and safety of your AI agents – often with just a few lines of text.
What’s especially exciting is that Agentic Radar is no longer just a tool for flagging potential issues. It now provides actionable remediation – from specific prompt hardening suggestions to a clearer picture of which vulnerabilities have already been mitigated. It’s not just about awareness; it’s about continuous improvement.
The best part? It fits seamlessly into your existing workflow. One command, one report, and you're already on your way to building more resilient agentic systems.
We’re excited to keep improving Agentic Radar with our valued community. If you haven’t already, check out the GitHub repo and give it a try. And if you’ve got ideas or feedback – feel free to let us know!
System prompts may seem like a small part of your agentic architecture, but as we’ve concluded, they can make a huge difference in how your agents behave and how secure they are.
By using Agentic Radar’s new prompt hardening feature, you can quickly identify weak or vague system prompts and replace them with clearer, more secure instructions. This improves both the reliability and safety of your AI agents – often with just a few lines of text.
What’s especially exciting is that Agentic Radar is no longer just a tool for flagging potential issues. It now provides actionable remediation – from specific prompt hardening suggestions to a clearer picture of which vulnerabilities have already been mitigated. It’s not just about awareness; it’s about continuous improvement.
The best part? It fits seamlessly into your existing workflow. One command, one report, and you're already on your way to building more resilient agentic systems.
We’re excited to keep improving Agentic Radar with our valued community. If you haven’t already, check out the GitHub repo and give it a try. And if you’ve got ideas or feedback – feel free to let us know!
Ready to leverage AI with confidence?
Ready to leverage AI with confidence?
Ready to leverage AI with confidence?
