Cybersecurity researchers have identified a major vulnerability in LangChain's LangSmith platform, now patched, which could let attackers capture sensitive user data, including API keys. This vulnerability, dubbed AgentSmith, has a CVSS score of 8.8. It works through a malicious AI agent that users adopt unknowingly, leading to sensitive data interception via a pre-configured proxy server. When users interact with the AI agent, their inputs, documents, and images are funneled to the attacker, giving them access to critical information without the users’ awareness.
Cybersecurity researchers disclosed a now-patched security flaw in LangChain's LangSmith platform enabling sensitive data capture, including API keys and user prompts.
Collection
[
|
...
]