All posts
June 22, 20264 min read

What SOC 2 Means for LangChain

When an auditor asks for proof that LangChain’s data pipelines meet SOC 2, you hand over a complete audit trail that ties every request to a verified identity, shows exactly what data was returned, and demonstrates that any sensitive fields were masked in real time. That level of evidence is not a nice‑to‑have add‑on; it is a core requirement of the Trust Services Criteria around security, availability, and confidentiality. Auditors expect to see who accessed which LLM endpoint, when the reques

Free White Paper

SOC 2 Type I & Type II: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

When an auditor asks for proof that LangChain’s data pipelines meet SOC 2, you hand over a complete audit trail that ties every request to a verified identity, shows exactly what data was returned, and demonstrates that any sensitive fields were masked in real time.

That level of evidence is not a nice‑to‑have add‑on; it is a core requirement of the Trust Services Criteria around security, availability, and confidentiality. Auditors expect to see who accessed which LLM endpoint, when the request occurred, what parameters were supplied, and whether any data left the system in an unauthorized form. They also look for documented approvals for privileged actions and a replayable record of every session that touched production data.

Current practice often falls short

In many organizations, LangChain applications run inside a container that holds a static API key or service account credential. The same credential is baked into every deployment, shared across development, staging, and production. Engineers push code, the container starts, and the LLM calls proceed without any per‑user check. Because the credential never changes, there is no way to attribute a request to an individual engineer, and the logs that the runtime emits are limited to generic request IDs. No one can prove that a particular user approved a data‑exfiltration‑preventing rule, and no record exists that a sensitive field was redacted before returning to the caller.

This model satisfies the functional need to call an LLM, but it violates the auditability pillar of SOC 2. The absence of identity‑bound sessions, lack of just‑in‑time approvals, and missing data‑masking evidence leave auditors with a gap that must be filled by manual spreadsheets or after‑the‑fact investigations.

What the compliance framework actually demands

The SOC 2 standard does not prescribe a specific technology, but it does require that every access event be traceable to an authenticated identity, that privileged actions be approved before execution, and that any confidential data be protected at rest and in transit. In practice, this means three things for a LangChain deployment:

  • Identity‑driven access control. Each request must be tied to an OIDC or SAML token that reflects the user’s role and group membership.
  • Just‑in‑time (JIT) approval workflow. When a request would read or write sensitive data, a human approver must explicitly allow it before the LLM processes it.
  • Real‑time data masking. Responses that contain personally identifiable information (PII) or other regulated fields must be redacted before they leave the service.

Even if you implement the first two items with a strong identity provider, the request still travels directly from the LangChain container to the LLM endpoint. That direct path provides no place to enforce JIT approval or inline masking, and it offers no reliable record of what was sent or received.

Introducing hoop.dev as the enforcement layer

hoop.dev is an open‑source Layer 7 gateway that sits between the LangChain runtime and the external LLM service. It acts as an identity‑aware proxy, inspecting each protocol message, applying policies, and recording the full session. Because hoop.dev is positioned in the data path, it is the only component that can guarantee the enforcement outcomes required by SOC 2.

Continue reading? Get the full guide.

SOC 2 Type I & Type II: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Setup: identity and least‑privilege provisioning

First, configure your organization’s IdP (Okta, Azure AD, Google Workspace, etc.) to issue OIDC tokens for engineers and service accounts. hoop.dev registers as a relying party, validates those tokens, and extracts group membership. You then create role‑based policies that grant each group only the permissions it needs to invoke specific LangChain prompts. This setup decides who may start a request, but on its own does not enforce any guardrails.

The data path: hoop.dev as the gateway

When a LangChain container needs to call an LLM, it connects to hoop.dev instead of the vendor endpoint. hoop.dev holds the downstream credential, so the container never sees the secret. Every request passes through hoop.dev, where the gateway can enforce policy checks, request approvals, and inline masking before forwarding the call.

Enforcement outcomes that satisfy SOC 2

  • hoop.dev records each session, capturing the user identity, timestamp, request payload, and response payload. The logs are retained and can be exported for audit.
  • When a request targets a protected data set, hoop.dev triggers a just‑in‑time approval workflow. The request pauses until an authorized approver grants permission, ensuring that no privileged action occurs without oversight.
  • For responses that contain regulated fields, hoop.dev applies real‑time masking, redacting the data before it leaves the gateway. The original value remains visible only in the recorded session for audit purposes.
  • Dangerous commands, such as attempts to delete a vector store or modify prompt templates, are blocked by hoop.dev’s command‑level guardrails, preventing accidental or malicious changes.

All of these outcomes exist because hoop.dev sits in the data path; remove hoop.dev and the enforcement disappears, leaving only the original insecure setup.

How to get started

Begin by reviewing the getting‑started guide to deploy the gateway in your environment. The documentation explains how to register an OIDC provider, define role‑based policies, and connect a LangChain container to the proxy. For deeper insight into policy configuration, visit the learn section, which walks through approval workflows, masking rules, and session replay.

FAQ

Do I need to change my LangChain code?

No. hoop.dev works with standard client libraries, so your existing code can point at the proxy endpoint without modification.

Can I use hoop.dev with multiple LLM providers?

Yes. Because hoop.dev operates at the protocol layer, it can proxy calls to any HTTP‑based LLM service that LangChain supports.

How long are the audit logs retained?

Retention is a configuration choice in the gateway. You can align it with your organization’s data‑retention policy and SOC 2 evidence requirements.

Explore the source code and contribute to the project on GitHub.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot