IsolateGPT: An Execution Isolation Architecture for LLM-Based Agentic Systems
Yuhao Wu
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · LLM Privacy and Usable Privacy
The advent of Large Language Models (LLMs) has ushered in a powerful new computing paradigm, giving rise to sophisticated **agentic systems** capable of orchestrating diverse resources to fulfill complex user queries. While these systems offer unprecedented functionality, they also introduce novel security and privacy risks that traditional LLM robustness efforts alone cannot fully mitigate. This talk by Yuhao Wu from Washington University in St. Louis presents IsolateGPT, a pioneering architecture that applies established system security principles—specifically **execution isolation** and **access control**—to enhance the security of LLM-based agentic systems.
AI review
Legitimate academic systems-security research applying well-understood OS/browser isolation primitives to LLM agentic threat models. The core idea is sound and the execution is competent, but the novelty ceiling is low — this is principled engineering, not a surprising insight — and the 'zero percent with user intervention' number is doing a lot of rhetorical heavy lifting for what is essentially 'asking a human to click OK.'