Dual LLM Pattern
ArchiveExpert
Simon Willison's security pattern uses two LLMs:
- A privileged LLM with access to _____(1) but no untrusted input
- An unprivileged LLM handling _____(2) but no tool access
What does each handle?
Flag format: CONGRESS{1:[access],2:[access]}
Example: CONGRESS{1:database,2:api_calls}
Show hint
Like kernel/user space: separate power from untrusted data.
Archive — no submissions accepted
This challenge is preserved for reference. Play live challenges at /challenges.