Hi All,
I have been researching something that kept coming up while studying multi-agent pipelines in regulated industries. Every current observability tool watches what your AI system says to the user. Nobody watches what agents say to each other internally, and research suggests that is where the majority of sensitive data leakage actually happens.
A benchmark published this year found inter-agent messages leak sensitive data at 68.8% while output channels leak at 27.2%. Most teams are either unaware of this or handling it with custom middleware written by hand.
A few specific questions for people building production pipelines with LangChain or LangGraph:
- How do you currently know what data is travelling between your agents in a multi-agent setup?
- If a compliance team or regulator asked you to prove that no sensitive data crossed an agent boundary it should not have, what would you show them?
- Are you doing anything beyond output-level monitoring?
Genuinely curious what the current practice looks like. I wrote up a longer piece on this if useful but mostly want to hear how people are actually handling it.