How Auth Proxy secures network access for LangSmith agent sandboxes

In large enterprises, the deployment of corporate laptops is typically accompanied by a suite of security tools aimed at preventing unauthorized access and data leaks, given developers' extensive access privileges. This environment becomes more complex with the introduction of agents, which can replicate developer capabilities on a massive scale, necessitating even stricter security measures. LangSmith Sandboxes address this by creating isolated environments for agents, coupled with a sandbox auth proxy that manages interactions with external services without exposing sensitive credentials within the runtime. This setup ensures that agents have the necessary access to APIs and services while maintaining security by injecting credentials at the network layer, rather than embedding them within the runtime environment. This approach not only keeps credentials secure but also allows for granular control over network access, ensuring agents can only interact with authorized services. Additionally, the proxy's ability to handle dynamic credentials and enforce egress policies further enhances security by preventing unauthorized internet access and ensuring compliance with infrastructure policies. This model supports scalable agent deployment while minimizing the risks associated with credential exposure and network vulnerabilities.