• integrated_82#Q3.4

Prompt IDs and versions matter in RAIDT because generative AI risk materialises through configured use rather than through model characteristics alone. The papers repeatedly stress that prompts, tool settings, retrieval context, alignment layers, and review actions shape behaviour at run time. A stable prompt ID gives the organisation a durable reference to the template family or instruction asset; the version identifies the exact revision used in a particular run. Together, they make prompt provenance inspectable. That is essential when seemingly small wording changes alter output structure, uncertainty language, escalation behaviour, or the boundary between facts and assumptions.

Their significance extends across the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability). For Auditability and Traceability, they permit reconstruction of what happened and why. For Interpretability, they show which structured template or explanation constraint was intentionally applied. For Dependability, they enable repeat-run testing under fixed conditions and allow instability to be attributed to the model, context, or prompt change rather than guessed. For Responsibility, they help reviewers see whether approved controls and oversight expectations were actually instantiated in the run. This is why RAIDT uses a run-level evidence pack and a score profile rather than narrative assurance alone: if prompt identity is absent, governance evidence weakens, and the run will struggle to reach anchors 1=missing / 3=partial / 5=audit-ready. In short, prompt IDs and versions matter because they convert prompting from an informal craft practice into a reviewable governance object.

In a cybersecurity alert-triage workflow, analysts use a prompt that forces the model to separate observed indicators from recommended actions. After a prompt edit, the system starts giving more confident remediation advice, but repeated runs become less stable and occasionally omit source references. Because the run records contain prompt IDs and versions, the security team can compare SEC-TRIAGE v1.4 with v1.5, hold the model deployment constant, and show that the prompt revision, rather than the base model, changed the governance profile.

That allows a targeted response: revert the prompt, rerun stability checks, and update controls. Without prompt identifiers, the team would know only that outputs changed. They would have weaker evidence for dependability review, poorer traceability, and a far less defensible post-incident explanation.

• 08-RAIDT_Foundations_M_V50
• 18-RAIDT-Technical-Foundation_M_v04