Red-team a LangChain agent
Works with LangChain JS and Python. Easiest path is to expose your runnable via LangServe, which gives you a canonical /invoke route.
1. Expose an endpoint
# server.py
from fastapi import FastAPI
from langserve import add_routes
from my_app import agent # your AgentExecutor or RunnableSequence
app = FastAPI()
add_routes(app, agent, path="/agent")
# Now POST http://localhost:8000/agent/invoke
# { "input": { "input": "hello" } } → { "output": "..." }
If you’re not using LangServe, any POST endpoint that takes {"input": "..."} and returns {"output": "..."} works.
2. Copy the config
cp configs/integrations/langchain.json configs/config.my-langchain-app.json
Edit the file:
target.baseUrl— your server origintarget.agentEndpoint—/agent/invokeif using LangServe, else your routetarget.applicationDetails— one paragraph about what your agent doescodebasePath— point at your LangChain app’s source for white-box scanning
3. Run
npm start configs/config.my-langchain-app.json
What this catches
The bundled config enables the categories most relevant to LangChain agents:
prompt_injection/indirect_prompt_injection— direct and tool-output-borne injectiontool_misuse/tool_chain_hijack— your tools being chained to exfiltrate or escalaterag_poisoning— if your agent retrieves over documentsdata_exfiltration— secrets/PII leakage through any tool path
Set codebasePath and the planner will read your Tool definitions, system prompts, and any guardrails to generate attacks specific to your wiring.