Research

Bridgekeeper's containment model is built on GuardLLM, the open application-layer security middleware created by Michael Coen. GuardLLM's own analysis is explicit that perfect security isn't achievable — the work reduces and contains risk rather than eliminating it.

We evaluate the containment empirically

Our most recent study ran 8 multi-step prompt-injection attacks across 11 models — 88 combinations — each called directly and through a GuardLLM-gated proxy. Direct calls leaked the secret or brand in ~40% of cases; through the proxy, 0 of 88. See the full results and methodology on the Proof page →

Publications

Recent work from the team includes Michael Coen's “When F1 Fails: Granularity-Aware Evaluation for Dialogue Topic Segmentation” (arXiv:2512.17083).

A formal write-up of the containment methodology is in preparation. We will not describe it as published before it is.