Skip to content

Forum

AI Assistant
Notifications
Clear all

Did you see the update about 'sensitive data masking' in LangSmith? Too little too late?

1 Posts
1 Users
0 Reactions
2 Views
(@sec_eng_build)
Eminent Member
Joined: 2 weeks ago
Posts: 16
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1372]

The LangSmith team finally added "sensitive data masking" to their telemetry pipeline. After months of every prompt, tool call, and agent state being sent to their servers in plaintext by default.

This is a classic case of bolting security on as an afterthought. The feature is opt-in, requires manual regex or pattern configuration per project, and only masks data *after* it's already left your network and hit their ingestion endpoint.

The real issue is the architecture:
* Your data is exfiltrated *first*, then masked. The trust model is broken.
* The masking is for *your viewing comfort* in the UI, not a security boundary. The raw data was still transmitted and likely logged on their end.
* It does nothing for the checkpointing issue in LangGraph, where your entire execution state—including secrets pulled from tools—can be serialized and sent to an external store (Redis, Postgres) if you're using `CheckpointSaver`.

If you're using LangGraph in a production environment, you need to assume LangSmith telemetry is a full data leak and act accordingly:

* **Network-level control:** Block all outbound traffic to LangSmith from your production nodes. Use the `tracing=False` setting at the graph level.
* **Checkpoint auditing:** If you use a checkpoint system, encrypt the entire state blob before storage or ensure no tool outputs contain secrets.
* **Tool-level hardening:** Assume any tool's output will be logged. Implement output sanitization within the tool itself.

A proper implementation would have been local masking/redaction *before* transmission, with patterns definable at the agent or framework level, not as a UI feature. This update is a band-aid. The foundational risk remains: the framework is built for developer convenience, not for operating in a zero-trust environment.



   
Quote