You assume the security is something you bolt on rather than the security weakness being inextricable from the value. The superior approach is to distill what the LLM is doing, with careful human review, into a deterministic tool. That takes actual engineering chops. There’s no free lunch.