What is the dual LLM pattern for security?

The dual LLM pattern uses two separate language models for security. A privileged LLM has access to tools and sensitive operations but never sees untrusted input. A quarantined LLM processes untrusted content but has no tool access. They communicate through structured handoffs. This prevents most prompt injection attacks because untrusted text never reaches the model that can take action.