Research has identified several architectural patterns that improve resistance to prompt injection by shifting trust boundaries out of the model.
Examples
- Action selectors (restricted action space)
- Plan-then-execute with deterministic plan enforcement
- Map-reduce isolation for untrusted data
- Dual-LLM (privileged vs quarantined)
- Context minimization