Prompt caching
Anticipate failure modes
Prompt caching becomes useful when you can predict its behavior, measure it, and name its limits.
Before you start
Why this matters
Read this failure list once: putting timestamps before the cache boundary, changing whitespace or tool order, cross-tenant cache leakage, assuming a hit without reading provider usage fields, caching sensitive material too broadly, stale instructions, and optimizing a low-volume prompt with no meaningful reuse. Pick the failure that could pass a cheerful demo and explain why the demo would miss it.
1Learn the idea
Read
Failures are part of the design
Realistic failures include putting timestamps before the cache boundary, changing whitespace or tool order, cross-tenant cache leakage, assuming a hit without reading provider usage fields, caching sensitive material too broadly, stale instructions, and optimizing a low-volume prompt with no meaningful reuse.
Classify each failure as prevent, detect, contain, or recover. Prevention is strongest when a hard invariant is possible: schema validation, access control, data-split isolation, or admission limits. Detection needs an observable signal and owner. Containment limits blast radius with tenant boundaries, read-only tools, canaries, budgets, or circuit breakers. Recovery needs a tested fallback, rollback, re-index, or human queue.
Avoid a vague instruction such as “be careful.” Write a tripwire: a metric threshold, validation error, unexpected version, or forbidden action. Then state the response. If the response is “retry,” explain why the failure is transient and why retrying cannot duplicate a side effect or amplify overload.
Read
Apply it to a concrete case
A 12,000-token policy manual is shared by 1,000 daily requests; each request adds 300 unique tokens. Moving the manual before the user message makes the 12,000-token prefix reusable while the 300-token suffix stays dynamic.
The worked number is without caching: 12.3M input tokens/day; with 90% prefix hits: 1.2M uncached prefix + 0.3M suffix = 1.5M full-price-equivalent tokens before cache-read pricing. State the unit and denominator whenever you report it. A percentage without a denominator can conceal a tiny sample; a latency without a percentile can conceal slow users; a similarity score without a labeled task can conceal irrelevant neighbors. Compare the observed value with a threshold chosen before seeing the final test result.
Now test the tempting shortcut. Suppose the team optimizes only the most visible metric. The result may look better while the system becomes less trustworthy. The reason is concrete: A longer cached prefix can save more input work but may carry irrelevant context and increase uncached misses when any early token changes. Explicit caches improve control but require lifecycle management. Savings depend on repetition, provider pricing, and whether latency is dominated by input processing or output generation. This is why the decision record must include both the intended gain and the tolerated regression. If the tolerated regression is unknown, the change is not ready for a consequential workflow.
Read
Decision rules
- Prefer a measured baseline over a persuasive demo.
- Keep versions, inputs, and thresholds reproducible.
- Separate syntactic success from semantic correctness and authorization.
- Escalate or abstain when evidence falls outside the contract.
- Re-evaluate when data, traffic, models, providers, or user goals change.
These rules turn the topic into an engineering decision rather than a slogan. They also make disagreement productive: another person can challenge the assumptions, rerun the evaluation, and reach a documented conclusion.
Read
Rehearse one failure safely
Choose the failure with the largest combination of likelihood and impact. Inject it in a test environment without weakening production controls. Capture the first observable symptom, the alert that should fire, the component that contains the damage, and the recovery action. Then remove one safeguard and predict how the blast radius changes before running again. The lesson is not that every failure can be detected from model text. Strong designs enforce invariants outside the model and preserve enough evidence to distinguish bad input, component failure, policy refusal, and ordinary low-confidence output.