// Trust & Security Report

    DataStax (IBM subsidiary) logo

    DataStax (IBM subsidiary)

    Low-code AI builder for RAG applications and AI agents; available as open-source, self-hosted, or cloud-managed service on IBM watsonx platform

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 7 unconfirmed / not-held certifications
    SOC 2 Type I
    NOT CONFIRMED

    No public evidence of SOC 2 Type I certification on langflow.org, docs.langflow.org, or IBM product pages

    source: docs.langflow.org
    SOC 2 Type II
    NOT CONFIRMED

    No public evidence of SOC 2 Type II certification on langflow.org, docs.langflow.org, or IBM product pages

    source: docs.langflow.org
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification documented in Langflow security pages or IBM watsonx documentation

    source: docs.langflow.org
    ISO 27018 (Cloud PII)
    NOT CONFIRMED

    IBM Watson AI services hold ISO 27018, but Langflow as a product does not independently claim this certification

    source: ibm.com
    GDPR Compliance
    NOT CONFIRMED

    Langflow documentation recommends GDPR best practices but does not claim GDPR compliance certification or Data Processing Agreement

    source: docs.langflow.org
    HIPAA
    NOT CONFIRMED

    No evidence of HIPAA compliance or certification; IBM Aspera supports HIPAA but Langflow product does not

    source: docs.langflow.org
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification

    source: docs.langflow.org

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Self-hosted: user-controlled; Cloud: IBM watsonx infrastructure (exact regions not publicly documented for Langflow)

    No explicit policy found regarding training on customer data. When users connect external LLM providers (OpenAI, Anthropic, etc.), data flows to those providers' APIs per their terms. Self-hosted instances do not send data externally.

    // Security controls

    Application-Level Isolation

    NOT ENFORCED - Langflow explicitly states it 'neither enforces isolation between users within a single Langflow process, nor restricts access to the local disk or network resources'

    docs.langflow.org

    Multi-Tenant Deployment Security

    RELIES ON INFRASTRUCTURE - Langflow defers to infrastructure-level security controls; application does not enforce tenant isolation

    docs.langflow.org

    Encryption in Transit

    Recommended but not enforced by application; users must implement HTTPS/TLS at infrastructure level

    docs.langflow.org

    Encryption at Rest

    Recommended best practice; Langflow stores encrypted key references but relies on deployment environment

    docs.langflow.org

    API Key Management

    Optional LANGFLOW_REMOVE_API_KEYS flag allows omitting keys from database; environment variables recommended for secure storage

    docs.langflow.org

    Authentication

    Vulnerable - Multiple CVEs show unauthenticated remote code execution via public build endpoints (CVE-2026-33017, CVE-2025-3248)

    github.com

    Authorization Bypass

    Vulnerable - CVE-2025-34291 allows unauthenticated cross-user MCP access and tool execution via CORS/CSRF bypass (CVSS 9.4)

    ibm.com

    Path Traversal

    Previously vulnerable - CVE-2026-5027 (CVSS 8.8) in file upload endpoint, patched in v1.9.0 (April 2026)

    github.com

    Vulnerability Disclosure

    HackerOne-based responsible disclosure; 7-day response target; public advisories on GitHub

    github.com

    // Products & data scope

    Langflow (Open Source)Low-code AI Agent Builder

    data: User-controlled (fully on-premises); zero data sent to Langflow vendors if self-hosted

    Available on GitHub (MIT License); can be deployed locally or on any infrastructure. No vendor involvement in data handling for self-hosted deployments. Known security vulnerabilities documented in public advisories.

    Langflow CloudManaged Cloud Service

    data: Langflow flows, integrations, and connected API credentials stored on Langflow Cloud infrastructure

    Hosted cloud offering for rapid prototyping and deployment. Data residency and compliance posture not clearly documented. Inherits IBM watsonx governance controls but application-level isolation NOT enforced.

    Langflow on IBM watsonx OrchestrateEnterprise AI Agent Orchestration

    data: Agents, flows, governance metadata on IBM Cloud infrastructure

    Enterprise edition with SSO, RBAC, audit trails, and lifecycle management. Adds governance layer but underlying Langflow isolation issues remain. IBM watsonx provides compliance wrapper but Langflow itself has documented security gaps.

    // What to watch

    • NO FORMAL SECURITY CERTIFICATIONS - Langflow has zero documented SOC 2, ISO 27001, GDPR, or HIPAA certifications; IBM watsonx certification does not directly apply to the Langflow product itself
    • CRITICAL VULNERABILITIES - Multiple recent CVEs with active exploitation: CVE-2026-33017 (unauthenticated RCE exploited within 20 hours of disclosure), CVE-2025-34291 (CORS/CSRF bypass, CVSS 9.4), CVE-2026-5027 (path traversal)
    • NO APPLICATION-LEVEL ISOLATION - Langflow explicitly does not enforce multi-tenant isolation or restrict disk/network access; relies entirely on infrastructure-level controls
    • ACTIVE EXPLOITATION - Approximately 7,000 exposed Langflow instances found on the internet actively being exploited as of June 2026; cryptocurrency mining and ransomware campaigns confirmed
    • MISSING LEGAL DOCUMENTS - No formal privacy policy, terms of service, or data processing agreement found on langflow.org; privacy link redirects to IBM's generic privacy statement
    • INCOMPLETE COMPLIANCE TRANSPARENCY - Cloud service offerings (Langflow Cloud, watsonx integration) lack documented compliance posture; no data residency guarantees published
    • CISA KEV LISTED - CVE-2025-3248 added to CISA Known Exploited Vulnerabilities catalog in May 2025; indicates active, weaponized exploitation
    • IDENTITY VERIFICATION - Confirmed IBM acquisition of DataStax (including Langflow) but IBM product pages return 403 Forbidden; unclear if Langflow is offered as standalone or only via watsonx

    // At a glance

    Pricing model

    Free (open source) | Free tier cloud | Paid cloud/enterprise tiers (IBM watsonx)

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on DataStax (IBM subsidiary)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    docs.langflow.org

    > Browse all vendor trust reports