LangChain patches vulnerability called "AgentSmith" that exposed API Keys and user data
Take action: You don't need to do anything about this flaw, it's already patched. But be very aware that every SaaS platform tries to scale fast enabling users to add content and in this case, prebuilt agents for others to use. The problem is the same with any user input - there are malicious actors that will insert malicious functions, and use them to steal your data. Be very cautious in using other people's platforms - especially via AI which is far from well understood and monitored.
Learn More
Cybersecurity researchers from have disclosed a now-patched critical vulnerability in LangChain's LangSmith platform that could have been exploited to capture sensitive data, including API keys and user prompts.
The vulnerability, called "AgentSmith" (CVSS score 8.8, no CVE), affected the Prompt Hub feature within LangSmith, which serves as a public repository for community-developed AI prompts and agents.
LangSmith is an observability and evaluation platform that allows users to develop, test, and monitor large language model applications. The platform is widely used by major enterprises including Microsoft, The Home Depot, DHL, Moody's, and several others.
The AgentSmith vulnerability exploited a flaw in LangSmith's Proxy Provider feature, which allows prompts to be tested against any model compliant with the OpenAI API.
In simple terms, the vulnerability allowed attackers to create AI agents on LangChain's public hub that secretly redirected all user communications through the attacker's own server instead of the legitimate AI service.
Attack scenario:
- The attackers crafted an AI agent with malicious proxy configuration and shared it on LangChain Hub;
- When unsuspecting users discovered and tested the malicious agent by clicking "Try It," all communications were covertly routed through the attacker's proxy server;
- Victims who chose to fork the agent into their enterprise environments risked continuously leaking valuable data without detection.
The vulnerability enabled attackers to intercept and exfiltrate any data posted to the agent, including API keys, user prompts and prompt data and documents and uploaded attachments.
LangChain's security team has deployed a fix within just eight days of initial disclosure via warning prompts that appear when users attempt to clone an agent containing a custom proxy configuration and persistent warning banners displayed on agent description pages, alerting users to the presence of potentially unsafe proxy settings.
According to LangChain's official statement, "This vulnerability was limited to a specific feature (Prompt Hub public sharing) and did not affect LangChain's core platform, enterprise deployments, private agents, or the broader LangSmith infrastructure. This affected only users who actively chose to interact with malicious public prompts – representing a small subset of our user base."
