Securing LangChain and OpenAI Agents in Production: A Practical Guide
You've built an AI agent with LangChain or the OpenAI Assistants API. It works in development. Now you're deploying it to production, and the question hits: who is responsible when this agent makes a mistake?
Without identity infrastructure, the answer is uncomfortable. Your agent can access any tool, call any API, and take any action — with no record of what happened. That's fine for demos. It's a liability in production.
The Problem with Unidentified Agents
Consider a customer support agent built with LangChain. It has access to your CRM, billing system, and email sender. In production:
- How do you track which agent sent which email?
- How do you revoke access to the billing system without redeploying?
- How do you demonstrate to auditors that actions were authorized?
These aren't hypothetical concerns. They're the exact questions compliance teams, security reviewers, and enterprise customers ask before signing contracts.
Adding Vorim to LangChain
The Vorim SDK provides LangChain integration out of the box. Wrap your tools with permission checks and audit logging:
import { createVorim } from '@vorim/sdk';
import { wrapTool } from '@vorim/sdk/integrations/langchain';
const vorim = createVorim({ apiKey: 'your-key' });
const agentId = 'agid_acme_supportbot_v2';
// Wrap any LangChain tool with identity + permissions
const secureTool = wrapTool(vorim, agentId, originalTool, {
scope: 'agent:execute',
auditEventType: 'tool_call',
});Every tool call now: 1. Verifies the agent has the required permission scope 2. Logs the action, input hash, and result to the audit trail 3. Attributes the action to the specific agent identity 4. Contributes to the agent's trust score
Adding Vorim to OpenAI Assistants
For OpenAI's Assistants API, Vorim wraps function calls with the same identity layer:
import createVorim from "@vorim/sdk";
const vorim = createVorim({ apiKey: "your-key" });
// Before each function call
const perm = await vorim.check(
"agid_acme_assistant_v1", "agent:execute"
);
if (!perm.allowed) {
return { error: "Permission denied" };
}
// After execution, log the action
await vorim.emit({
agent_id: "agid_acme_assistant_v1",
event_type: "tool_call",
action: functionName,
result: "success",
latency_ms: elapsed,
});Python — Same Patterns
The Python SDK has the same integrations:
from vorim import Vorim
from vorim.integrations.langchain import VorimCallbackHandler
client = Vorim(api_key="your-key")
# Add to any LangChain agent as a callback
handler = VorimCallbackHandler(
client=client,
agent_id="agid_acme_researcher_v1"
)
agent.run("Analyze Q1 revenue", callbacks=[handler])Trust Scoring in Practice
Every permission check and audit event contributes to the agent's trust score (0-100). The score is computed from five factors:
- Age: Agents running >90 days get +15 (proven stability)
- Success rate: High success/total ratio adds up to +15
- Denial rate: Frequent permission denials subtract up to -10
- Scope breadth: Agents with >5 scopes get -5 (least privilege principle)
You can expose this score to your users via the public trust badge:
<img src="https://vorim.ai/v1/trust/badge/your-agent-id.svg" />Start in 5 Minutes
1. Create a free account at vorim.ai
2. Register your agent
3. Install the SDK: npm install @vorim/sdk or pip install vorim
4. Wrap your tools with permission checks
5. Deploy — agent activity appears in your Audit Log automatically
Production AI agents need identity, permissions, and audit trails. Adding them after deployment is painful. Adding them from the start is three lines of code.
Ready to build with agent identity?
Free plan: 3 agents, 10K auth events/month, full SDK access. No credit card.