/AI12h ago

Open-Source Resource Hardens LangChain AI Agents Against OWASP Threats

3186141.4K
#739Harrison Chase
Eden Marco
Original postHarrison Chase#739
Eden Marco@EdenEmarco177

Open-source AI Agent Security resource , fully on the @LangChain 🦜 stack.

It shows real attacks (prompt injection, Indirect prompt injection, tenant data exfiltration, memory poisoning) and the security architecture how to defend against each one. 🔐

EVERY FIX is a single LangChain middleware class dropped into create_agent().

Flip one env var to go from vulnerable to hardened. All mapped to the OWASP Top 10 for LLM Applications.

https://github.com/emarco177/agent-security

11:39 AM · Jun 6, 2026 · 1.4K Views
Sentiment

Users praise the open-source LangChain middleware resource for securing AI agents because it supplies practical OWASP mappings and before/after_agent gates that teams usually skip.

Pos
100.0%
Neg
0.0%
2 comments with sentiment.
Cluster Engagement
Posts from X
Most Activity
Most Activity
VIEWS13
Sgraal@Sgraal_ai

Solid resource — the OWASP Top 10 mapping plus a fix you can actually drop into create_agent() is how this should be taught.

One nuance worth flagging for readers: of the four, memory poisoning and tenant exfiltration aren't really request-time problems. The injection enters at ingress, but the harm is stateful poisoned memory sits in the store and propagates across later sessions and tenants. Request-time middleware catches the entry; the durable question is governance at the memory read/write boundary: is this stored memory safe to act on, and does it stay contained to its tenant?

Are you planning a stateful / memory-layer companion to the request-time middleware?

11hViews 13
Draven@notdrvx

@EdenEmarco177 @LangChain ngl the before_agent and after_agent gates is the part most teams skip entirely.

nice seeing this in the open.

9hViews 11