Security & threat coverage

Bridgekeeper today is a prompt-injection containment layer: it reduces and contains injection-driven leakage that detection alone misses. The architectural controls below marked coming soon ship as the compliance package. Coverage is maintained continuously — see the freshness changelog.

Protection current as of 2026-05-29 18:00 UTC
  • 2026-05-29Indirect injection via retrieved markdown tables
  • 2026-05-22Tool-call argument smuggling (nested JSON)
  • 2026-05-14System-prompt exfiltration via translation request
OWASP LLM riskBridgekeeper controlStatus
LLM01 Prompt InjectionInbound sanitization wraps untrusted input; outbound DLP blocks injected-instruction leakage.Today
LLM06 Sensitive Information DisclosureOutbound DLP blocks the model from emitting your ingested sensitive content.Today
LLM02 Insecure Output HandlingOutbound / exfiltration controls deciding where data may go.Coming soon
LLM07 Insecure Plugin DesignTool / function-call authorization gating privileged calls.Coming soon
LLM08 Excessive AgencyProvenance tracking + authorization bounding what the model can do.Coming soon

Risk taxonomy: OWASP Top 10 for Large Language Model Applications.