I came across some concerning news about a major security issue with LangSmith’s prompt management system. Apparently there was a bug called AgentSmith that accidentally exposed user API keys and personal data through their platform.
Has anyone else heard about this? I’m worried because I’ve been using LangSmith for my projects and stored some sensitive API credentials there. The vulnerability seems pretty serious since it could have given unauthorized access to user accounts and private information.
Does anyone know the full details of what happened? I’m trying to figure out if I need to rotate all my API keys or take other security measures. Also wondering if LangSmith has released any official statements about how they’re fixing this problem and preventing it from happening again.
Any insights or experiences from other users would be really helpful right now.
Had something similar happen with another platform last year - learned the hard way that waiting for official statements gets expensive fast. The AgentSmith vulnerability hit their prompt management interface with bad access controls that could leak stored credentials. Can’t confirm every technical detail, but these bugs need immediate action whether they communicate or not. I rotated all my API keys within 24 hours of hearing about this and you should too. Set up extra monitoring on any services using those keys to catch weird activity. LangSmith’s radio silence is sketchy, but protecting your own stuff matters more than waiting for them to respond.
totally get it! i’m in the same boat. i also haven’t seen anything from langsmith yet. rotating keys is a good idea tho, just to be safe. let’s hope they update us real soon!