James Fan

Researching how to make LLM agents safe to deploy — focusing on security gaps in AI agents, such as LangGraph agents.

Previously cofounded two AI startups, led Google Cloud Speech Group, taught at Columbia University and was one of the main inventors of the IBM Watson question answering system that beat the best human contestants on Jeopardy!. Now mostly thinking about what happens when you give an AI agent access to real tools.

Background

AI Startup Cofounder (×2)

Google Cloud — Speech Group

Columbia University

IBM Research — Watson / Jeopardy!

Links

LinkedIn → Google Scholar → GitHub →

★ LangGraph Agent Security

8. State and Memory Security: Protecting the Agent's Working Memory

State and memory security for LangGraph agents — trust-tiered schemas, immutable trusted context, encrypted checkpoints with integrity verification, namespaced long-term memory, and cross-session isolation.

★ AI Commentary

From Prompt to Skills to Harness

Three terms that emerged as LLM chats grew into agents — what each one means, when it applies, and how the workflow shifts from prompt engineering to harness engineering.

Recent writing

May 2026

8. State and Memory Security: Protecting the Agent's Working Memory

security 12 min

May 2026

From Prompt to Skills to Harness

ai 2 min

May 2026

7. Tool Security: Defending the Point Where Language Becomes Action

security 11 min

Apr 2026

Nine seconds is all it takes

ai 8 min

Apr 2026

6. Input Validation for LangGraph Agents: Why "Just Validate the Input" Is Harder Than It Sounds

security 14 min

Apr 2026

AI Agent vs. Scripts vs. Intent-based Bots

ai 2 min