What I wish someone had told me about securing LangGraph agents before I started building them.
Understanding LangGraph's architecture before you try to secure it.
Every channel through which adversarial content can reach a LangGraph agent — thirteen attack surfaces, mapped.
Seven threat categories attackers use against LangGraph agents — how they work mechanically, and what to look for.
Adapting STRIDE for LangGraph agents — where standard threat modeling breaks down, and how to produce a model that ships controls instead of artifacts.
Input validation for LangGraph agents — why the classical framing breaks down on natural language, and what actually works across user, retrieval, and state channels.
Tool security for LangGraph agents — least privilege, parameterized interfaces, SSRF and path-traversal protection, sandboxing, output validation, and the anti-patterns to actively avoid.
State and memory security for LangGraph agents — trust-tiered schemas, immutable trusted context, encrypted checkpoints with integrity verification, namespaced long-term memory, and cross-session isolation.
Multi-agent security for LangGraph systems — why you can't trust your own agents, trust tiers and the downgrade rule, HMAC-authenticated messages, scoped delegation, quarantine layers, and patterns that contain compromised sub-agents.
Output guardrails for LangGraph agents — the last layer between the agent and the world, covering pattern-based sensitive data detection, exfiltration screening, structured output enforcement, tool call argument inspection, and shadow-mode tuning that keeps false positives in check.
Authentication and authorization for LangGraph agents — why agents complicate the well-trodden ground of OAuth, JWTs, and RBAC, covering infrastructure-established identity, action-time authorization enforcement, signed system prompts, credential injection that keeps secrets out of the context window, and OAuth for user-delegated access.