Prompt Engineering in DevSecOps
: Turning AI into a Security Partner
: Turning AI into a Security Partner
Introduction
Before we dive into prompt engineering, let’s first clarify: What is a prompt?
A prompt is the input or instruction we provide to an AI tool or chatbot. The response quality depends heavily on how well the prompt is designed.
Prompt engineering is the art of creating precise and structured inputs that guide AI tools - like ChatGPT, Gemini, or Perplexity - to generate accurate, relevant, and context-aware responses. By carefully crafting prompts, we help Large Language Models (LLMs) interpret context, follow instructions, and respect language nuances. The result? Rich, actionable, and highly relevant answers instead of generic outputs.
Core Concepts & Terminology
- Large Language Model: A Machine learning language model trained on vast text datasets to generate human-like text
- Generative Pre-trained Transformer: It's a type of AI Language model which are trained to understand & generate human language
- Generative AI: AI systems that can create new content based on it's deep learning models
- Token: Token is a basic units of text that the model processes. i.e Word
- AGI: An AI that possesses broader human-level cognitive abilities
- AI Alignment: Ensures that AI actions and outputs align with human intent, ethics and values
- RLHF: A technique that refines AI behavior using human inputs
AI Prompt Engineering Fundamentals: How Prompts Work
Breakdown of Prompt Interaction
Prompt (Input): The instructions or queries user provides to AI Tool e.g, “Explain Zero Trust Exchanges in simple terms.”
Output: A response generated by AI based on the prompt
Parameter Controls: It's a settings that influence output styles & randomness of the response:
- Temperature: Higher = More creative; Lower = More focused.
- Max Tokens: It is used to limit response length.
- Stop sequences: It defines where AI should cease generation.
Why DevSecOps Teams Should Learn AI Prompt Engineering?
Scenario of not using prompt engineering:
Prompt: Explain DUO Security
Response: Very broad and generic contents on Duo Security. Unstructured response, lacking targeted audience.Scenario with prompt engineering:
Prompt: “You are a Security Engineer. List 5 key best practices to implement DUO along with why to prefer DUO over other similar tools. Use bullet points.”
Response: A Structured content in bullet points precisely covering the topic asked.
Iterative AI Prompt Refinement
Iterations are frequently necessary for prompts to achieve quality standards.
| Step | Prompt | Expected Output Quality |
|---|---|---|
| Initial | Write a checklist for Automation Pipeline Design. | Output quality doesn't seems crisp and concise. |
| Refined | As a senior DevSecOps engineer, write a prioritized checklist of security checks to implement in an Automation Pipeline Design. Include brief explanations for each check. | Now the output quality have pretty good details along with some priorities. Still formatting could have been better. |
| Final Tweak | Format the checklist as bullet points with headings for each major category. Add practical tips or tool recommendations. | Final output will look crisp, well organized, and also covers priorities. Along with suggestions. |
Lesson: Iteration refines unclear queries into high-value, well-structured AI responses.
AI Prompt Engineering Principles for DevSecOps
- Always be clear and specific: Example: "Write a 250-word summary of Zscaler Private Access."
- Provide clear context for queries: Define AI’s role, audience, and purpose. "You are a DevSecOps engineer. Explain CICD security to junior engineers."
- Break complex tasks into smaller segments: Use multiple prompts for step-by-step refinement.
- Prompt 1a: List 5 security risks in config change automation.
- Prompt 1b: Elaborate on risk #2 with mitigation strategies.
- Mention desired output format: Request summary, bullet points, code snippets, tabular format, or in-depth guides as needed. Example: "Provide a comparison table of ZPA vs. VPN for private access."
- Use iteration and role prompting.
- Encourage AI reasoning: Use chain-of-thought style prompts for step-by-step problem solving. Example: "As a security engineer expert, think through the potential attack vectors in this code."
Advanced Prompting Techniques
Role and Nested Prompting
- Role Prompting: Designate AI as a subject matter expert to enhance pertinence. E.g. “Act as an AppSec Engineer ....”
- Nested Prompting: Takes the result from one prompt as the input for another to create multi-reasoning workflows.
Chain of Thought (CoT) Prompting
CoT encourages the AI to reason step-by-step, improving accuracy and transparency. It is vital for troubleshooting & debugging code.
Example:
Prompt: “As a Security Engineer, detail the process for configuring secure access to a private server, step-by-step.”
Output: A Comprehensive answer along with security recommendations.
Use Cases of AI Prompt Engineering in DevSecOps
| Use Case | Prompt Example |
|---|---|
| Documentation | “Write a process document for setting up networking in Kubernetes.” |
| Automation | “Generate a Terraform code snippet to create an AWS RDS with encryption enabled.” |
| Security Awareness | “Explain Cross-Site Scripting(XSS) to a non-technical person in a simple language.” |
| Reporting | “Summarize last month’s Jenkins pipeline failures logs with it's root causes and recommendations in the bullet points.” |
| Training | “Create 10 quiz questions on Docker container security best practices.” |
Conclusion
Prompt Engineering helps us to unlock the true potential of the AI Tools. By mastering the list of things we discussed in this blog, such as the Role Prompting, CoT Techniques, you will be able to generate precise responses.
For the DevSecOps engineers, this means :
- Generating faster documentation
- Assisting in setting up automation workflows
- Enhanced training and knowledge sharing
- Much effective technical communication.
Bonus Tip: Use Custom Instructions (You can find this in almost all the AI Tools) to tailor AI to follow specific role, language tone and formats.
Steps to setup Custom Instructions in ChatGPT:
- Click on profile
- Then click on Settings
- Go to personalization & enable Custom Instructions
For Perplexity:
- Click on Account
- Go to personalization & write custom instruction in "Introduce Yourself" section.