Tools / System Instructions

System Instructions

Copy-ready prompts that ground AI assistants in the CoSAI AI SRF. The core instruction enforces one accountable party per activity, layer-cascading responsibilities, and autonomy classification for agentic systems. Role variants and sector context parameters are provided for targeted workflows.

Build a stage-specific prompt

Need a prompt for one deployment rather than a general instruction? The Lifecycle Prompt Builder takes a persona, an industry vertical, an AI security lifecycle stage, and an operating model, then generates a grounded prompt that names the single accountable party, resolves any "shared" default to one owner, and points your agent at the exact data file and on-site tool for that stage.

Open the Lifecycle Prompt Builder →

Core system instruction

Site-aware primer

Use this shorter prompt when you want an AI assistant to answer questions about this site's content rather than conduct a full governance analysis. Paste it at the start of a new conversation, then ask your questions directly.

Response structure

Role variants

Append one of these modifiers to the core instruction to focus output for a specific audience. The core rules still apply; only the output emphasis changes.

Executive

Summary-first

Lead with a one-paragraph board-ready summary. Put the RACI table and evidence checklist in an appendix. Skip technical layer detail unless directly relevant to a business decision.

Business risk Accountability owners Regulatory exposure
# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: L1
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: executive
# purpose: role-variant
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
Output focus: Executive summary.
Lead with a one-paragraph board-ready summary of accountability owners and top risks. Move the RACI table and evidence checklist to an appendix. Skip technical layer detail unless it directly affects a business or regulatory decision.

Auditor

Evidence-focused

Expand the Evidence Requirements step into a full audit program. For each accountability row, specify the artifact type, retention requirement, and the SRF section it satisfies.

Evidence artifacts Audit trail SRF citations
# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: all (L1-L5)
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: auditor
# purpose: role-variant
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
Output focus: Audit program.
Expand step 6 (Evidence Requirements) into a full audit test plan. For each accountability row, specify: artifact type, retention period, testing procedure, and the SRF section it satisfies. Format as numbered audit tests.

Developer

Technical controls

Emphasize L3 Application and L4 Platform controls. For each responsibility, specify the implementing system, API boundary, and logging and monitoring requirement.

L3-L4 controls API boundaries Observability
# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: L3, L4
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: developer
# purpose: role-variant
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
Output focus: Technical controls.
Emphasize L3 (AI Application) and L4 (AI Platform) controls. For each accountability assignment, specify the implementing system, API boundary, logging requirement, and monitoring threshold. Use technical naming conventions.

Legal / Procurement

Contract language

Translate each gap and recommendation into draft contract clause language. Flag which responsibilities must be contractually assigned versus those the deployer retains by default under the SRF.

Contract clauses Retained obligations Vendor terms
# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: all (L1-L5)
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: legal
# purpose: role-variant
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
Output focus: Contract language.
Translate each gap and recommendation into draft contract clause language. For each clause, indicate whether the obligation is contractually assigned to a counterparty or retained by the deployer under the SRF. Format as numbered provisions.

Sector context parameters

Add the relevant parameter block at the top of your conversation to activate sector-specific regulatory crosswalks and evidence pointers. Each maps to an industry vertical schema.

🏢

Financial Services

# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: all (L1-L5)
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: general
# purpose: sector-context
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
[Industry: Financial Services]
[Regulations: SR 26-2, FINOS AIGF,
 OWASP LLM Top 10, EU AI Act]
[Model Risk Tier: {1|2|3}]
SR 26-2 FINOS AIGF EU AI Act
🏥

Healthcare

# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: all (L1-L5)
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: general
# purpose: sector-context
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
[Industry: Healthcare]
[Regulations: FDA TPLC, FDA PCCP,
 ONC HTI-1, HIPAA, EU AI Act]
[Clinical Risk Class: {I|II|III}]
FDA TPLC HIPAA ONC HTI-1
📋

Insurance

# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: all (L1-L5)
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: general
# purpose: sector-context
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
[Industry: Insurance]
[Regulations: NAIC AI Model Bulletin,
 CO Reg 10-1-1, NYDFS CL 7]
[Use Case: {underwriting|claims|vendor}]
NAIC Bulletin CO Reg 10-1-1 NYDFS CL 7
🏛

Public Sector

# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: all (L1-L5)
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: general
# purpose: sector-context
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
[Industry: Federal Civilian (FCEB)]
[Regulations: OMB M-25-21, M-25-22,
 FedRAMP 20x, NIST AI RMF]
[Impact Level: {Low|Moderate|High}]
OMB M-25-21 FedRAMP 20x NIST AI RMF
🛡

Defense / DoD

# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: all (L1-L5)
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: general
# purpose: sector-context
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
[Industry: Defense]
[Regulations: DoD RAI, CMMC 2.0,
 DoD CC SRG, NIST 800-171]
[Impact Level: {IL4|IL5|IL6}]
DoD RAI CMMC 2.0 DoD CC SRG
🏭

Manufacturing

# framework: CoSAI AI Shared Responsibility Framework v1.0
# framework_domain: AI Governance / Accountability
# layer: all (L1-L5)
# operating_model: all (AI-SaaS, AI-PaaS, Agent-PaaS, IaaS)
# audience: general
# purpose: sector-context
# version: 2.0
# canonical_url: https://aisharedresponsibility.com/tools/prompts/
#
[Industry: Manufacturing]
[Regulations: EU AI Act, IEC 62443,
 ISO 42001, NIST AI RMF]
[Deployment: {OT/ICS|product-embedded|IT}]
EU AI Act IEC 62443 ISO 42001

Coming next

Scenario packs and version registry

Scenario packs will provide few-shot examples for the 10 to 15 most common governance workflows: third-party model evaluation, incident post-mortem, autonomy classification, contract clause generation, and sector-specific edge cases across all six verticals.

Version registry will pin each prompt to a specific SRF release and include a testing harness that validates outputs against framework rules. Community contributions will be accepted via the GitHub repository.

Provider mappings for major model providers will map provider features to SRF layers L1 through L5, starting with xAI/Grok Enterprise, Azure OpenAI, and Google Vertex.

← Back to tools