Prompt-Injection Protection in UAPK Gateway: What Ships Today
· 5 min read
A malicious sentence embedded in a webpage, a support email, or an API response can convince a language model to try something its operator never asked for: send the wrong wire, email the wrong recipient, post a secret to an attacker's URL. This is prompt injection, and it isn't fixable inside the model. It has to be fixed at the action boundary — where the model's proposal meets the outside world.
UAPK Gateway is built on that premise. Model output is a proposal, not a command. Retrieved content is untrusted. Only the gateway decides what happens next. Today's release hardens that boundary in ten concrete ways. This post walks through them.