Security & threat coverage
Bridgekeeper today is a prompt-injection containment layer: it reduces and contains injection-driven leakage that detection alone misses. The architectural controls below marked coming soon ship as the compliance package. Coverage is maintained continuously — see the freshness changelog.
Protection current as of 2026-05-29 18:00 UTC
- 2026-05-29 — Indirect injection via retrieved markdown tables
- 2026-05-22 — Tool-call argument smuggling (nested JSON)
- 2026-05-14 — System-prompt exfiltration via translation request
| OWASP LLM risk | Bridgekeeper control | Status |
|---|---|---|
| LLM01 Prompt Injection | Inbound sanitization wraps untrusted input; outbound DLP blocks injected-instruction leakage. | Today |
| LLM06 Sensitive Information Disclosure | Outbound DLP blocks the model from emitting your ingested sensitive content. | Today |
| LLM02 Insecure Output Handling | Outbound / exfiltration controls deciding where data may go. | Coming soon |
| LLM07 Insecure Plugin Design | Tool / function-call authorization gating privileged calls. | Coming soon |
| LLM08 Excessive Agency | Provenance tracking + authorization bounding what the model can do. | Coming soon |
Risk taxonomy: OWASP Top 10 for Large Language Model Applications.