Dual LLM Pattern
Expert300 pts0 solves
Simon Willison's security pattern uses two LLMs:
- One with tool access but no untrusted input
- One handling user input but no tool access
Describe both roles.
Flag format: CONGRESS{privileged:[access],unprivileged:[access]}
Example: CONGRESS{privileged:database,unprivileged:chat}
Hint
Like kernel/user space: separate what has power from what handles untrusted data.