From da3fa95152ea40cf1360e24af5431fe2f823b6a7 Mon Sep 17 00:00:00 2001
From: Florence Morris <1629446+fjmorris@users.noreply.github.com>
Date: Thu, 25 Jun 2026 10:34:50 -0400
Subject: [PATCH 1/6] Initial revision.
---
src/docs.json | 1 +
src/langsmith/engine-overview.mdx | 2 +-
src/langsmith/engine-security.mdx | 81 +++++++++++++++++++++++++++++++
3 files changed, 83 insertions(+), 1 deletion(-)
create mode 100644 src/langsmith/engine-security.mdx
diff --git a/src/docs.json b/src/docs.json
index 68e083d044..d3928df723 100644
--- a/src/docs.json
+++ b/src/docs.json
@@ -1720,6 +1720,7 @@
"pages": [
"langsmith/engine-overview",
"langsmith/engine",
+ "langsmith/engine-security",
"langsmith/engine-webhooks",
"langsmith/engine-self-hosted"
]
diff --git a/src/langsmith/engine-overview.mdx b/src/langsmith/engine-overview.mdx
index 00aae2a52a..62455607b5 100644
--- a/src/langsmith/engine-overview.mdx
+++ b/src/langsmith/engine-overview.mdx
@@ -27,7 +27,7 @@ For each issue, Engine surfaces the contributing traces, proposes a fix, generat
## How Engine runs
-Engine scans each connected tracing project every 6 hours, clustering and prioritizing issues by severity. It uses LangChain-managed inference and charges in LangChain Compute Units (LCUs). For setup, costs, and the full issue workflow, see [Find and fix your agent's failures](/langsmith/engine).
+Engine scans each connected tracing project every 6 hours, clustering and prioritizing issues by severity. It uses LangChain-managed inference and charges in LangChain Compute Units (LCUs). For setup, costs, and the full issue workflow, see [Find and fix your agent's failures](/langsmith/engine). For how Engine handles your data, its GitHub and model subprocessor controls, and its compliance posture, see [Engine security](/langsmith/engine-security).
## Get started
diff --git a/src/langsmith/engine-security.mdx b/src/langsmith/engine-security.mdx
new file mode 100644
index 0000000000..bbae45a958
--- /dev/null
+++ b/src/langsmith/engine-security.mdx
@@ -0,0 +1,81 @@
+---
+title: LangSmith Engine security
+sidebarTitle: Security
+description: How LangSmith Engine handles your data, the GitHub and model subprocessor controls that govern its access, and its compliance posture.
+---
+
+LangSmith Engine is an AI agent built into LangSmith that proactively improves the agents you build. Engine reviews the trace data already in LangSmith, surfaces and prioritizes issues, and opens pull requests with suggested fixes, proposed prompt changes, and evaluations. For a product overview, see [Engine](/langsmith/engine-overview). For how Engine runs in a self-hosted deployment, see [Engine on self-hosted](/langsmith/engine-self-hosted).
+
+This page describes how Engine handles your data, the controls that govern its GitHub and model access, and its compliance posture.
+
+Engine is delivered as part of LangSmith and inherits LangSmith's existing security and compliance posture, with additional controls covering the AI inference layer described below. For Enterprise customers, Engine is disabled by default and can only be enabled by [Organization Admins](/langsmith/rbac#organization-admin).
+
+## What data Engine uses
+
+Engine operates on data you have already chosen to share with LangChain: the trace data you send to LangSmith and, separately, the GitHub repository content you grant through the LangChain-managed GitHub App (see [GitHub integration](#github-integration)). Enabling Engine introduces no other customer data sources. The following table summarizes what Engine reads, where it lives, and what it enables.
+
+| Data source | What Engine reads | Storage and persistence | Enables |
+|---|---|---|---|
+| LangSmith workspace content | Trace data and other workspace content you have stored in LangSmith, such as prompts and evaluators. The read scope may expand over time, and this page is updated to reflect material changes. | Within your LangSmith tenant. [Trace retention](/langsmith/usage-and-billing#data-retention) is 14 days (base) or 400 days (extended), chosen per project. The durations themselves are not configurable. | Issue detection, prioritization, and evaluation proposals. |
+| GitHub repository | Source code and repository context from the repositories you connect (see [GitHub integration](#github-integration)). | Processed inside an isolated, LangChain-managed sandbox for the duration of each analysis run, then discarded. | Pull request authoring with proposed code fixes. |
+| Model provider (inference) | Only the content required for each analysis task. | Zero data retention with every Engine model provider (see [Model subprocessors](#model-subprocessors)). | Engine reasoning and generation. |
+
+Engine outputs are advisory. It surfaces issues, proposes pull requests, and recommends evaluation assets such as evaluators and dataset examples. Your engineers and your existing branch-protection and review policies decide what ships.
+
+## GitHub integration
+
+Engine connects to your source code through a LangChain-managed GitHub App. Only GitHub.com is supported. GitLab, Bitbucket, and other version control providers are not yet supported.
+
+The App is scoped to:
+
+- **Read access** on the repositories you select at installation.
+- **Write access** to open pull requests from new branches it creates. Pushes to existing branches are governed by your branch protection rules.
+
+Access uses GitHub's standard App model: every action runs through a short-lived installation token that expires after one hour, cannot exceed the permissions granted at installation, and cannot reach repositories you did not select. Tokens are minted per analysis run rather than held as a standing credential.
+
+Source code is read only by Engine's automated analysis and is not browsed by LangChain personnel in normal operation. For each run, the selected repository is cloned into an isolated, network-restricted sandbox, used only for that run, and deleted when the run completes (within an hour at most if a run is interrupted). Engine's own operational traces of the analysis are masked by default.
+
+You can revoke Engine's access to GitHub at any time by uninstalling the App from your GitHub organization.
+
+## Model subprocessors
+
+The four model subprocessors (OpenAI, Anthropic, Fireworks, and Baseten) all operate under zero data retention and are contractually prohibited from using customer data to train or fine-tune their models. The authoritative subprocessor list is published on the [LangChain Trust Center](https://trust.langchain.com/).
+
+Engine does not support bring-your-own-key (BYOK).
+
+## Key security controls
+
+- **Explicit opt-in**: Engine is never on by default and can only be enabled by Organization Admins.
+- **Advisory outputs, human at the helm**: Engine does not auto-merge, auto-deploy, or take destructive actions on your systems. Every proposed change is a pull request that follows your existing branch-protection, review, and merge policies. Proposed prompt changes are written to a separate proposal record in LangSmith and do not modify any prompt until an authorized user explicitly applies them. In both paths, a human decides what ships.
+- **Zero data retention with every Engine model provider**: Prompts and completions are not persisted by the inference vendor.
+- **No use of customer data to train or fine-tune any model**: This is contractually prohibited across all four providers.
+- **Logical tenant isolation**: Engine's access to your data is scoped to your LangSmith tenant. Cross-tenant access is prevented by application-level controls, consistent with LangSmith Cloud's existing tenancy model. Each analysis run executes inside its own isolated sandbox.
+- **Auditability**: Engine surfaces its work as GitHub pull requests, with supporting context in the LangSmith [Issues Board](/langsmith/engine). Code changes flow through your existing branch-protection, review, and automated build controls, so your software development lifecycle remains the system of record for what ships.
+- **Client-side PII scrubbing**: LangSmith's [client libraries](/langsmith/mask-inputs-outputs) can remove sensitive content from traces before they are sent to LangSmith. This is recommended for customers handling regulated data.
+- **Model selection managed by LangChain**: LangChain selects the specific model used for each Engine task across the four named subprocessors, and may change selections within that set without separate notification. Adding any new subprocessor follows the standard subprocessor-change notification process.
+
+## Compliance posture
+
+Engine operates under LangSmith's control environment, which is audited annually under SOC 2 Type II. The four model subprocessors are listed on the [LangChain Trust Center](https://trust.langchain.com/), which is the authoritative source for procurement and data protection impact assessments.
+
+
+ **HIPAA notice: do not enable Engine for PHI workloads.** LangChain does not have Business Associate Agreements (BAAs) with Engine's model subprocessors (OpenAI, Anthropic, Fireworks, and Baseten). Customers operating under a LangChain BAA should leave Engine disabled until provider-level BAAs are established. LangChain notifies HIPAA-covered customers when this changes.
+
+
+## Inherent AI risks and mitigations
+
+The risks below are inherent to AI-assisted code generation. LangChain mitigates each in product, and your existing code-review workflow provides a second layer of defense.
+
+- **Incorrect or hallucinated suggestions**: All Engine output flows through your normal pull-request review and automated checks before any code lands.
+- **Prompt injection via trace content**: Trace data can include adversarial content reflected from external sources, for example web-tool outputs. Any suggestion Engine produces from such traces still passes through human pull-request review before code lands. Treat traces from untrusted sources with care.
+- **Out-of-scope decisions**: Engine reasons over traces and connected repositories only. Issues that depend on context Engine cannot see, for example business-rule changes in a ticketing system, remain a human responsibility.
+
+## See also
+
+- [Engine](/langsmith/engine-overview)
+- [Configure Engine](/langsmith/engine)
+- [Engine on self-hosted](/langsmith/engine-self-hosted)
+- [Engine webhooks](/langsmith/engine-webhooks)
+- [LangChain Trust Center](https://trust.langchain.com/)
+
+For security questions, contact [trust@langchain.dev](mailto:trust@langchain.dev).
From e880d00cc26985414c669967659ef2e548c95ac0 Mon Sep 17 00:00:00 2001
From: Florence Morris <1629446+fjmorris@users.noreply.github.com>
Date: Thu, 25 Jun 2026 11:33:00 -0400
Subject: [PATCH 2/6] Added engine-security.mdx.
Modified docs.json, added engine-security.mdx.
Modified engine-overview.mdx, added links to both engine-security.mdx and engine-self-hosted.mdx.
Modified regions-faq.mdx, added link to engine-security.mdx.
---
src/langsmith/engine-overview.mdx | 2 +-
src/langsmith/engine-security.mdx | 47 ++++++++++++++++++----------
src/langsmith/engine-self-hosted.mdx | 7 +++--
src/langsmith/regions-faq.mdx | 2 ++
4 files changed, 38 insertions(+), 20 deletions(-)
diff --git a/src/langsmith/engine-overview.mdx b/src/langsmith/engine-overview.mdx
index 62455607b5..86a2fdbfa3 100644
--- a/src/langsmith/engine-overview.mdx
+++ b/src/langsmith/engine-overview.mdx
@@ -27,7 +27,7 @@ For each issue, Engine surfaces the contributing traces, proposes a fix, generat
## How Engine runs
-Engine scans each connected tracing project every 6 hours, clustering and prioritizing issues by severity. It uses LangChain-managed inference and charges in LangChain Compute Units (LCUs). For setup, costs, and the full issue workflow, see [Find and fix your agent's failures](/langsmith/engine). For how Engine handles your data, its GitHub and model subprocessor controls, and its compliance posture, see [Engine security](/langsmith/engine-security).
+Engine scans each connected tracing project every 6 hours, clustering and prioritizing issues by severity. It uses LangChain-managed inference and charges in LangChain Compute Units (LCUs). For setup, costs, and the full issue workflow, see [Find and fix your agent's failures](/langsmith/engine). For how Engine handles your data, its GitHub and model subprocessor controls, and its compliance posture, see [Engine security](/langsmith/engine-security). For how Engine runs in a self-hosted deployment, see [Engine on self-hosted](/langsmith/engine-self-hosted).
## Get started
diff --git a/src/langsmith/engine-security.mdx b/src/langsmith/engine-security.mdx
index bbae45a958..b6c4033eb6 100644
--- a/src/langsmith/engine-security.mdx
+++ b/src/langsmith/engine-security.mdx
@@ -4,11 +4,11 @@ sidebarTitle: Security
description: How LangSmith Engine handles your data, the GitHub and model subprocessor controls that govern its access, and its compliance posture.
---
-LangSmith Engine is an AI agent built into LangSmith that proactively improves the agents you build. Engine reviews the trace data already in LangSmith, surfaces and prioritizes issues, and opens pull requests with suggested fixes, proposed prompt changes, and evaluations. For a product overview, see [Engine](/langsmith/engine-overview). For how Engine runs in a self-hosted deployment, see [Engine on self-hosted](/langsmith/engine-self-hosted).
+LangSmith Engine is an AI agent built into LangSmith that improves the agents you build. Engine reviews the trace data already in LangSmith, surfaces and prioritizes issues, and opens pull requests with suggested fixes, proposed prompt changes, and evaluations. For a product overview, see [Engine](/langsmith/engine-overview).
-This page describes how Engine handles your data, the controls that govern its GitHub and model access, and its compliance posture.
+Engine is opt-in, advisory, and never trains on your data, and it runs under LangSmith's SOC 2 Type II controls. This page describes how Engine handles your data, the controls that govern its GitHub and model access, and its compliance posture for Engine in LangSmith Cloud. For how Engine runs in a self-hosted deployment, see [Engine on self-hosted](/langsmith/engine-self-hosted).
-Engine is delivered as part of LangSmith and inherits LangSmith's existing security and compliance posture, with additional controls covering the AI inference layer described below. For Enterprise customers, Engine is disabled by default and can only be enabled by [Organization Admins](/langsmith/rbac#organization-admin).
+Engine is delivered as part of LangSmith and inherits LangSmith's security and compliance posture, with additional controls covering the AI inference layer described below. Engine is never on by default and can only be enabled by an [Organization Admin](/langsmith/rbac#organization-admin), for organizations on any plan. For LangSmith's platform-level controls, including data encryption and regional handling, see the [Regions FAQ](/langsmith/regions-faq) and the [LangChain Trust Center](https://trust.langchain.com/).
## What data Engine uses
@@ -16,11 +16,17 @@ Engine operates on data you have already chosen to share with LangChain: the tra
| Data source | What Engine reads | Storage and persistence | Enables |
|---|---|---|---|
-| LangSmith workspace content | Trace data and other workspace content you have stored in LangSmith, such as prompts and evaluators. The read scope may expand over time, and this page is updated to reflect material changes. | Within your LangSmith tenant. [Trace retention](/langsmith/usage-and-billing#data-retention) is 14 days (base) or 400 days (extended), chosen per project. The durations themselves are not configurable. | Issue detection, prioritization, and evaluation proposals. |
+| LangSmith workspace content | Trace data and other workspace content you have stored in LangSmith, such as prompts and evaluators. | Within your LangSmith tenant. [Trace retention](/langsmith/usage-and-billing#data-retention) is 14 days (base) or 400 days (extended), chosen per project. The durations are not configurable. | Issue detection, prioritization, and evaluation proposals. |
| GitHub repository | Source code and repository context from the repositories you connect (see [GitHub integration](#github-integration)). | Processed inside an isolated, LangChain-managed sandbox for the duration of each analysis run, then discarded. | Pull request authoring with proposed code fixes. |
| Model provider (inference) | Only the content required for each analysis task. | Zero data retention with every Engine model provider (see [Model subprocessors](#model-subprocessors)). | Engine reasoning and generation. |
-Engine outputs are advisory. It surfaces issues, proposes pull requests, and recommends evaluation assets such as evaluators and dataset examples. Your engineers and your existing branch-protection and review policies decide what ships.
+
+ Engine's read scope may expand over time. This page is updated to reflect material changes. Last reviewed June 5, 2026.
+
+
+Trace content sent to Engine can include user messages, tool outputs, and PII, and this content is sent to model subprocessors under zero data retention for each analysis task. To remove sensitive fields before traces reach LangSmith, use [client-side masking](/langsmith/mask-inputs-outputs).
+
+Engine outputs are advisory. It surfaces issues, proposes pull requests, and recommends evaluation assets such as evaluators and dataset examples. Your engineers and your branch-protection and review policies decide what ships.
## GitHub integration
@@ -39,32 +45,35 @@ You can revoke Engine's access to GitHub at any time by uninstalling the App fro
## Model subprocessors
-The four model subprocessors (OpenAI, Anthropic, Fireworks, and Baseten) all operate under zero data retention and are contractually prohibited from using customer data to train or fine-tune their models. The authoritative subprocessor list is published on the [LangChain Trust Center](https://trust.langchain.com/).
+Engine's model subprocessors (currently OpenAI, Anthropic, Fireworks, and Baseten) all operate under zero data retention and are contractually prohibited from using customer data to train or fine-tune their models. The [LangChain Trust Center](https://trust.langchain.com/) publishes the authoritative subprocessor list.
Engine does not support bring-your-own-key (BYOK).
## Key security controls
-- **Explicit opt-in**: Engine is never on by default and can only be enabled by Organization Admins.
-- **Advisory outputs, human at the helm**: Engine does not auto-merge, auto-deploy, or take destructive actions on your systems. Every proposed change is a pull request that follows your existing branch-protection, review, and merge policies. Proposed prompt changes are written to a separate proposal record in LangSmith and do not modify any prompt until an authorized user explicitly applies them. In both paths, a human decides what ships.
+Engine adds the following controls on top of LangSmith's baseline:
+
+- **Explicit opt-in**: Engine is never on by default and can only be enabled by an Organization Admin.
+- **Advisory outputs, human at the helm**: Engine does not auto-merge, auto-deploy, or take destructive actions on your systems. Every proposed change is a pull request that follows your branch-protection, review, and merge policies. Proposed prompt changes are written to a separate proposal record in LangSmith and do not modify any prompt until an authorized user explicitly applies them. In both paths, a human decides what ships.
- **Zero data retention with every Engine model provider**: Prompts and completions are not persisted by the inference vendor.
-- **No use of customer data to train or fine-tune any model**: This is contractually prohibited across all four providers.
-- **Logical tenant isolation**: Engine's access to your data is scoped to your LangSmith tenant. Cross-tenant access is prevented by application-level controls, consistent with LangSmith Cloud's existing tenancy model. Each analysis run executes inside its own isolated sandbox.
-- **Auditability**: Engine surfaces its work as GitHub pull requests, with supporting context in the LangSmith [Issues Board](/langsmith/engine). Code changes flow through your existing branch-protection, review, and automated build controls, so your software development lifecycle remains the system of record for what ships.
-- **Client-side PII scrubbing**: LangSmith's [client libraries](/langsmith/mask-inputs-outputs) can remove sensitive content from traces before they are sent to LangSmith. This is recommended for customers handling regulated data.
-- **Model selection managed by LangChain**: LangChain selects the specific model used for each Engine task across the four named subprocessors, and may change selections within that set without separate notification. Adding any new subprocessor follows the standard subprocessor-change notification process.
+- **No use of customer data to train or fine-tune any model**: This restriction is written into each provider contract.
+- **Logical tenant isolation**: Engine's access to your data is scoped to your LangSmith tenant. Cross-tenant access is prevented by application-level controls, consistent with LangSmith Cloud's tenancy model. Each analysis run executes inside its own isolated sandbox.
+- **Auditability**: Engine surfaces its work as GitHub pull requests, with supporting context in the issue list on the [Engine tab](/langsmith/engine). Code changes flow through your branch-protection, review, and automated build controls, so your software development lifecycle remains the system of record for what ships.
+- **Client-side PII scrubbing**: LangSmith's [client libraries](/langsmith/mask-inputs-outputs) can remove sensitive content from traces before they are sent to LangSmith. Recommended for customers handling regulated data.
+- **Model selection managed by LangChain**: LangChain selects the specific model used for each Engine task across these subprocessors, and may change selections within that set without separate notification. Adding any new subprocessor follows the standard subprocessor-change notification process.
+- **Revocation and deletion**: You can revoke GitHub access at any time by uninstalling the App, and remove Engine's findings with **Delete all issues** in [Engine settings](/langsmith/engine#configure-langsmith-engine). Trace data follows your LangSmith [retention and purging](/langsmith/data-purging-compliance) settings.
## Compliance posture
-Engine operates under LangSmith's control environment, which is audited annually under SOC 2 Type II. The four model subprocessors are listed on the [LangChain Trust Center](https://trust.langchain.com/), which is the authoritative source for procurement and data protection impact assessments.
+Engine operates under LangSmith's control environment, which is audited annually under SOC 2 Type II. Engine's model subprocessors are listed on the [LangChain Trust Center](https://trust.langchain.com/), which is the authoritative source for procurement and data protection impact assessments.
- **HIPAA notice: do not enable Engine for PHI workloads.** LangChain does not have Business Associate Agreements (BAAs) with Engine's model subprocessors (OpenAI, Anthropic, Fireworks, and Baseten). Customers operating under a LangChain BAA should leave Engine disabled until provider-level BAAs are established. LangChain notifies HIPAA-covered customers when this changes.
+ **HIPAA notice: do not enable Engine for PHI workloads.** LangChain does not have Business Associate Agreements (BAAs) with Engine's model subprocessors (OpenAI, Anthropic, Fireworks, and Baseten). Customers operating under a LangChain BAA should leave Engine disabled until provider-level BAAs are established. Contact your LangChain account team for the BAA roadmap. LangChain notifies HIPAA-covered customers when this changes.
## Inherent AI risks and mitigations
-The risks below are inherent to AI-assisted code generation. LangChain mitigates each in product, and your existing code-review workflow provides a second layer of defense.
+The risks below are inherent to AI-assisted code generation. LangChain mitigates each in product, and your code-review workflow provides a second layer of defense.
- **Incorrect or hallucinated suggestions**: All Engine output flows through your normal pull-request review and automated checks before any code lands.
- **Prompt injection via trace content**: Trace data can include adversarial content reflected from external sources, for example web-tool outputs. Any suggestion Engine produces from such traces still passes through human pull-request review before code lands. Treat traces from untrusted sources with care.
@@ -76,6 +85,12 @@ The risks below are inherent to AI-assisted code generation. LangChain mitigates
- [Configure Engine](/langsmith/engine)
- [Engine on self-hosted](/langsmith/engine-self-hosted)
- [Engine webhooks](/langsmith/engine-webhooks)
+- [Prevent logging of sensitive data in traces](/langsmith/mask-inputs-outputs)
+- [Data purging for compliance](/langsmith/data-purging-compliance)
+- [Audit logs](/langsmith/audit-logs)
+- [Regions FAQ](/langsmith/regions-faq)
- [LangChain Trust Center](https://trust.langchain.com/)
+## Contact
+
For security questions, contact [trust@langchain.dev](mailto:trust@langchain.dev).
diff --git a/src/langsmith/engine-self-hosted.mdx b/src/langsmith/engine-self-hosted.mdx
index 0d8d2a1a72..772ccaa237 100644
--- a/src/langsmith/engine-self-hosted.mdx
+++ b/src/langsmith/engine-self-hosted.mdx
@@ -77,15 +77,16 @@ Managed inference makes that possible. Because Engine always runs the model Lang
## What this means for your data
-- **Zero data retention (ZDR):** the inference service does not store customer data, and LangChain uses only models that support ZDR.
-- **No training:** LangChain does not train on your data.
+In a self-hosted deployment, Engine adds two data-locality guarantees on top of the controls common to every deployment:
+
- **Private networks only:** all data transit happens over private link, never the public internet.
- **In-CSP:** models run inside your CSP, so data never leaves it.
-{/* TODO(author): Link the contractual or compliance backing for the ZDR and no-training claims (DPA, security page, or SOC 2 report) so security teams can verify rather than take the claim on assertion. */}
+Engine's deployment-independent data handling, including zero data retention with every model provider and no use of customer data to train or fine-tune models, is described in [Engine security](/langsmith/engine-security).
## See also
- [Engine](/langsmith/engine-overview)
- [Configure Engine](/langsmith/engine)
+- [Engine security](/langsmith/engine-security)
- [Engine webhooks](/langsmith/engine-webhooks)
diff --git a/src/langsmith/regions-faq.mdx b/src/langsmith/regions-faq.mdx
index 281bed7edf..efdf666c91 100644
--- a/src/langsmith/regions-faq.mdx
+++ b/src/langsmith/regions-faq.mdx
@@ -13,6 +13,8 @@ See the [cloud architecture reference](/langsmith/cloud#cloud-architecture-and-s
LangSmith complies with the General Data Protection Regulation (GDPR) and other laws and regulations applicable to the LangSmith service. We are also SOC 2 Type 2 certified and are HIPAA compliant. You can request more information about our security policies and posture at [trust.langchain.com](https://trust.langchain.com). If you would like to sign a Data Processing Addendum (DPA) with us, please contact support via [support.langchain.com](https://support.langchain.com). Please note we only enter into Business Associate Agreements (BAAs) with customers on our Enterprise plan.
+For the security posture of LangSmith Engine, including its model subprocessors and HIPAA guidance, see [Engine security](/langsmith/engine-security).
+
#### *My company isn't based in a region, can I still have my data hosted there?*
Yes, you can host your LangSmith data in a supported regional instance independent of your location.
From f194e7f49f82443fd245bb49a601ab2f1e2f5691 Mon Sep 17 00:00:00 2001
From: Florence Morris <1629446+fjmorris@users.noreply.github.com>
Date: Thu, 25 Jun 2026 11:39:42 -0400
Subject: [PATCH 3/6] Modified docs.json, added engine-security.mdx.
---
src/docs.json | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/docs.json b/src/docs.json
index 18205430ba..b7278cec3f 100644
--- a/src/docs.json
+++ b/src/docs.json
@@ -1721,6 +1721,7 @@
"pages": [
"langsmith/engine-overview",
"langsmith/engine",
+ "langsmith/engine-security",
"langsmith/engine-webhooks",
"langsmith/engine-self-hosted"
]
From e84306d5e336295aabc8dc9a1381d3e9ec4d4e9e Mon Sep 17 00:00:00 2001
From: Florence Morris <1629446+fjmorris@users.noreply.github.com>
Date: Thu, 25 Jun 2026 13:47:54 -0400
Subject: [PATCH 4/6] Modified docs.json, moved engine-security.mdx.
---
src/docs.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/docs.json b/src/docs.json
index b7278cec3f..9bb8b3536f 100644
--- a/src/docs.json
+++ b/src/docs.json
@@ -1721,8 +1721,8 @@
"pages": [
"langsmith/engine-overview",
"langsmith/engine",
- "langsmith/engine-security",
"langsmith/engine-webhooks",
+ "langsmith/engine-security",
"langsmith/engine-self-hosted"
]
},
From c14b3e7e24c7875aabe480c1915561fb56270d88 Mon Sep 17 00:00:00 2001
From: Florence Morris <1629446+fjmorris@users.noreply.github.com>
Date: Thu, 25 Jun 2026 15:06:13 -0400
Subject: [PATCH 5/6] Incorporated feedback from Arthur.
---
src/langsmith/engine-security.mdx | 10 +++-------
src/langsmith/regions-faq.mdx | 4 ++--
2 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/src/langsmith/engine-security.mdx b/src/langsmith/engine-security.mdx
index b6c4033eb6..9575742415 100644
--- a/src/langsmith/engine-security.mdx
+++ b/src/langsmith/engine-security.mdx
@@ -6,7 +6,7 @@ description: How LangSmith Engine handles your data, the GitHub and model subpro
LangSmith Engine is an AI agent built into LangSmith that improves the agents you build. Engine reviews the trace data already in LangSmith, surfaces and prioritizes issues, and opens pull requests with suggested fixes, proposed prompt changes, and evaluations. For a product overview, see [Engine](/langsmith/engine-overview).
-Engine is opt-in, advisory, and never trains on your data, and it runs under LangSmith's SOC 2 Type II controls. This page describes how Engine handles your data, the controls that govern its GitHub and model access, and its compliance posture for Engine in LangSmith Cloud. For how Engine runs in a self-hosted deployment, see [Engine on self-hosted](/langsmith/engine-self-hosted).
+Engine is opt-in, advisory, and never trains on your data, and it runs under LangSmith's SOC 2 Type II and ISO 27001 controls. This page describes how Engine handles your data, the controls that govern its GitHub and model access, and its compliance posture for Engine in LangSmith Cloud. For how Engine runs in a self-hosted deployment, see [Engine on self-hosted](/langsmith/engine-self-hosted).
Engine is delivered as part of LangSmith and inherits LangSmith's security and compliance posture, with additional controls covering the AI inference layer described below. Engine is never on by default and can only be enabled by an [Organization Admin](/langsmith/rbac#organization-admin), for organizations on any plan. For LangSmith's platform-level controls, including data encryption and regional handling, see the [Regions FAQ](/langsmith/regions-faq) and the [LangChain Trust Center](https://trust.langchain.com/).
@@ -21,7 +21,7 @@ Engine operates on data you have already chosen to share with LangChain: the tra
| Model provider (inference) | Only the content required for each analysis task. | Zero data retention with every Engine model provider (see [Model subprocessors](#model-subprocessors)). | Engine reasoning and generation. |
- Engine's read scope may expand over time. This page is updated to reflect material changes. Last reviewed June 5, 2026.
+ Engine's read scope may expand over time. This page is updated to reflect material changes. Last reviewed June 25, 2026.
Trace content sent to Engine can include user messages, tool outputs, and PII, and this content is sent to model subprocessors under zero data retention for each analysis task. To remove sensitive fields before traces reach LangSmith, use [client-side masking](/langsmith/mask-inputs-outputs).
@@ -65,11 +65,7 @@ Engine adds the following controls on top of LangSmith's baseline:
## Compliance posture
-Engine operates under LangSmith's control environment, which is audited annually under SOC 2 Type II. Engine's model subprocessors are listed on the [LangChain Trust Center](https://trust.langchain.com/), which is the authoritative source for procurement and data protection impact assessments.
-
-
- **HIPAA notice: do not enable Engine for PHI workloads.** LangChain does not have Business Associate Agreements (BAAs) with Engine's model subprocessors (OpenAI, Anthropic, Fireworks, and Baseten). Customers operating under a LangChain BAA should leave Engine disabled until provider-level BAAs are established. Contact your LangChain account team for the BAA roadmap. LangChain notifies HIPAA-covered customers when this changes.
-
+Engine operates under LangSmith's control environment, which is audited annually under SOC 2 Type II and certified to ISO 27001. Engine's model subprocessors are listed on the [LangChain Trust Center](https://trust.langchain.com/), which is the authoritative source for procurement and data protection impact assessments.
## Inherent AI risks and mitigations
diff --git a/src/langsmith/regions-faq.mdx b/src/langsmith/regions-faq.mdx
index efdf666c91..236200694a 100644
--- a/src/langsmith/regions-faq.mdx
+++ b/src/langsmith/regions-faq.mdx
@@ -11,9 +11,9 @@ See the [cloud architecture reference](/langsmith/cloud#cloud-architecture-and-s
#### *What privacy and data protection frameworks does LangSmith, including its regional instances, comply with?*
-LangSmith complies with the General Data Protection Regulation (GDPR) and other laws and regulations applicable to the LangSmith service. We are also SOC 2 Type 2 certified and are HIPAA compliant. You can request more information about our security policies and posture at [trust.langchain.com](https://trust.langchain.com). If you would like to sign a Data Processing Addendum (DPA) with us, please contact support via [support.langchain.com](https://support.langchain.com). Please note we only enter into Business Associate Agreements (BAAs) with customers on our Enterprise plan.
+LangSmith complies with the General Data Protection Regulation (GDPR) and other laws and regulations applicable to the LangSmith service. We are also SOC 2 Type 2 certified and are HIPAA compliant. You can request more information about our security policies and posture at [trust.langchain.com](https://trust.langchain.com). If you would like to sign a Data Processing Addendum (DPA) with us, please contact support via [support.langchain.com](https://support.langchain.com).
-For the security posture of LangSmith Engine, including its model subprocessors and HIPAA guidance, see [Engine security](/langsmith/engine-security).
+For the security posture of LangSmith Engine, including its model subprocessors and data handling, see [Engine security](/langsmith/engine-security).
#### *My company isn't based in a region, can I still have my data hosted there?*
From 49c24713ae506cc0eb40e536cf5a11b2916c2675 Mon Sep 17 00:00:00 2001
From: Florence Morris <1629446+fjmorris@users.noreply.github.com>
Date: Thu, 25 Jun 2026 16:20:22 -0400
Subject: [PATCH 6/6] Incorporated feedback from Kathryn.
---
src/langsmith/engine-security.mdx | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/langsmith/engine-security.mdx b/src/langsmith/engine-security.mdx
index 9575742415..229cb1e97e 100644
--- a/src/langsmith/engine-security.mdx
+++ b/src/langsmith/engine-security.mdx
@@ -8,13 +8,13 @@ LangSmith Engine is an AI agent built into LangSmith that improves the agents yo
Engine is opt-in, advisory, and never trains on your data, and it runs under LangSmith's SOC 2 Type II and ISO 27001 controls. This page describes how Engine handles your data, the controls that govern its GitHub and model access, and its compliance posture for Engine in LangSmith Cloud. For how Engine runs in a self-hosted deployment, see [Engine on self-hosted](/langsmith/engine-self-hosted).
-Engine is delivered as part of LangSmith and inherits LangSmith's security and compliance posture, with additional controls covering the AI inference layer described below. Engine is never on by default and can only be enabled by an [Organization Admin](/langsmith/rbac#organization-admin), for organizations on any plan. For LangSmith's platform-level controls, including data encryption and regional handling, see the [Regions FAQ](/langsmith/regions-faq) and the [LangChain Trust Center](https://trust.langchain.com/).
+Engine is delivered as part of LangSmith and inherits LangSmith's security and compliance posture, with additional controls covering the AI inference layer described in the following sections. Engine is never on by default and can only be enabled by an [Organization Admin](/langsmith/rbac#organization-admin), for organizations on any plan. For LangSmith's platform-level controls, including data encryption and regional handling, see the [Regions FAQ](/langsmith/regions-faq) and the [LangChain Trust Center](https://trust.langchain.com/).
## What data Engine uses
Engine operates on data you have already chosen to share with LangChain: the trace data you send to LangSmith and, separately, the GitHub repository content you grant through the LangChain-managed GitHub App (see [GitHub integration](#github-integration)). Enabling Engine introduces no other customer data sources. The following table summarizes what Engine reads, where it lives, and what it enables.
-| Data source | What Engine reads | Storage and persistence | Enables |
+| **Data source** | **What Engine reads** | **Storage and persistence** | **Enables** |
|---|---|---|---|
| LangSmith workspace content | Trace data and other workspace content you have stored in LangSmith, such as prompts and evaluators. | Within your LangSmith tenant. [Trace retention](/langsmith/usage-and-billing#data-retention) is 14 days (base) or 400 days (extended), chosen per project. The durations are not configurable. | Issue detection, prioritization, and evaluation proposals. |
| GitHub repository | Source code and repository context from the repositories you connect (see [GitHub integration](#github-integration)). | Processed inside an isolated, LangChain-managed sandbox for the duration of each analysis run, then discarded. | Pull request authoring with proposed code fixes. |
@@ -69,11 +69,11 @@ Engine operates under LangSmith's control environment, which is audited annually
## Inherent AI risks and mitigations
-The risks below are inherent to AI-assisted code generation. LangChain mitigates each in product, and your code-review workflow provides a second layer of defense.
+The following risks are inherent to AI-assisted code generation. LangChain mitigates each in product, and your code-review workflow provides a second layer of defense.
- **Incorrect or hallucinated suggestions**: All Engine output flows through your normal pull-request review and automated checks before any code lands.
-- **Prompt injection via trace content**: Trace data can include adversarial content reflected from external sources, for example web-tool outputs. Any suggestion Engine produces from such traces still passes through human pull-request review before code lands. Treat traces from untrusted sources with care.
-- **Out-of-scope decisions**: Engine reasons over traces and connected repositories only. Issues that depend on context Engine cannot see, for example business-rule changes in a ticketing system, remain a human responsibility.
+- **Prompt injection via trace content**: Trace data can include adversarial content reflected from external sources, for example, web-tool outputs. Any suggestion Engine produces from such traces still passes through human pull-request review before code lands. Treat traces from untrusted sources with care.
+- **Out-of-scope decisions**: Engine reasons over traces and connected repositories only. Issues that depend on context Engine cannot see, for example, business-rule changes in a ticketing system, remain a human responsibility.
## See also