SECGPT is an architecture for LLM-based systems that isolates app execution to mitigate security and privacy risks. LLM-based systems, like ChatGPT, allow third-party apps to interact with users and each other via natural language, but this exposes users to risks from untrusted apps and imprecise language. SECGPT addresses these risks by isolating app execution and mediating interactions through well-defined interfaces with user permission. It introduces a hub-and-spoke architecture, where the hub manages user queries and routes them to appropriate apps, and spokes handle app execution with dedicated LLMs. SECGPT also includes an inter-spoke communication protocol (ISC) to securely enable collaboration between apps. The system is evaluated against case study attacks and benchmarks, showing it protects against security, privacy, and safety issues while maintaining functionality. Performance overhead is under 0.3× for most queries. SECGPT's source code is available for further research.SECGPT is an architecture for LLM-based systems that isolates app execution to mitigate security and privacy risks. LLM-based systems, like ChatGPT, allow third-party apps to interact with users and each other via natural language, but this exposes users to risks from untrusted apps and imprecise language. SECGPT addresses these risks by isolating app execution and mediating interactions through well-defined interfaces with user permission. It introduces a hub-and-spoke architecture, where the hub manages user queries and routes them to appropriate apps, and spokes handle app execution with dedicated LLMs. SECGPT also includes an inter-spoke communication protocol (ISC) to securely enable collaboration between apps. The system is evaluated against case study attacks and benchmarks, showing it protects against security, privacy, and safety issues while maintaining functionality. Performance overhead is under 0.3× for most queries. SECGPT's source code is available for further research.