The Containment Gap: How Deployed Agentic AI Frameworks Fail Public-Facing Safety Requirements

The paper presents an audit of three prominent agentic AI frameworks—LangChain, AutoGPT, and OpenAI Agents SDK—revealing their lack of compliance with safety principles for public-facing applications. The authors demonstrate that these frameworks do not ensure memory integrity, leading to significant vulnerabilities, such as a simulated attack that increased wrongful denial rates to 88.9% in a government benefits context. They propose two lightweight containment mechanisms, a memory integrity validator and a policy gate, which effectively mitigate these vulnerabilities with minimal performance overhead, highlighting the need for architectural improvements to ensure secure deployments in critical applications.