LangChain launched LangSmith Fleet with two agent types: user-credentialed Assistants and fixed-credential Claws, solving the agent auth identity problem.
LangChain launched LangSmith Fleet, introducing two distinct agent authorization models: Assistants (which operate on-behalf-of individual users using their own credentials) and Claws (which use a fixed, dedicated set of credentials regardless of who is interacting). The platform also added channel integrations — Slack, Gmail, Outlook, and Teams — with different channel support for each agent type. The launch addresses a real-world identity problem: when multiple users interact with a shared agent, whose credentials does it use? Future roadmap includes user-specific memory permissions to prevent cross-user data leakage.
This formalizes the agent credential problem that's been a source of serious security bugs — agents leaking one user's data into another's session. LangSmith Fleet's Assistant vs. Claw split maps cleanly to two architectural patterns you're likely already hacking around: per-user OAuth token injection at runtime vs. a service account model. The channel integrations (Slack, Gmail, Teams) mean you can skip building your own webhook routing and credential vaulting for multi-user agents.
If you're building a multi-user agent today without per-user credential isolation, spin up a LangSmith Fleet Assistant this week and test whether the runtime credential injection actually prevents cross-user data access — verify it before shipping to prod.
Open smith.langchain.com and navigate to the Fleet section
Create an Assistant agent, connect it to a Notion workspace via OAuth for two separate test users, then send this query as User A: 'List all pages I have access to in Notion' — then repeat as User B
Compare the two outputs to verify credential isolation — each user should see only their own Notion pages, with zero overlap from the other user's session
Two distinct Notion page lists scoped to each user's OAuth token, confirming runtime credential injection is working — or surfacing a leak if it isn't
Tags
Signals by role
Also today
Tools mentioned