Here’s how it works. First, the system splits responsibilities between two language models: A “privileged LLM” (P-LLM) generates code that defines the steps to take—like calling a function to get the last email or sending a message. Think of this as the “planner module” that only processes direct user instructions.
Next, a “quarantined LLM” (Q-LLM) only parses unstructured data into structured outputs. Think of it as a temporary, isolated helper AI. It has no access…
Article Source
https://arstechnica.com/information-technology/2025/04/researchers-claim-breakthrough-in-fight-against-ais-frustrating-security-hole/
