// Trust & Security Report
DataStax (IBM subsidiary)
Low-code AI builder for RAG applications and AI agents; available as open-source, self-hosted, or cloud-managed service on IBM watsonx platform
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
source: docs.langflow.orgNo public evidence of SOC 2 Type I certification on langflow.org, docs.langflow.org, or IBM product pages
source: docs.langflow.orgNo public evidence of SOC 2 Type II certification on langflow.org, docs.langflow.org, or IBM product pages
source: docs.langflow.orgNo public evidence of ISO 27001 certification documented in Langflow security pages or IBM watsonx documentation
source: ibm.comIBM Watson AI services hold ISO 27018, but Langflow as a product does not independently claim this certification
source: docs.langflow.orgLangflow documentation recommends GDPR best practices but does not claim GDPR compliance certification or Data Processing Agreement
source: docs.langflow.orgNo evidence of HIPAA compliance or certification; IBM Aspera supports HIPAA but Langflow product does not
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Self-hosted: user-controlled; Cloud: IBM watsonx infrastructure (exact regions not publicly documented for Langflow)
No explicit policy found regarding training on customer data. When users connect external LLM providers (OpenAI, Anthropic, etc.), data flows to those providers' APIs per their terms. Self-hosted instances do not send data externally.
// Security controls
Application-Level Isolation
NOT ENFORCED - Langflow explicitly states it 'neither enforces isolation between users within a single Langflow process, nor restricts access to the local disk or network resources'
docs.langflow.orgMulti-Tenant Deployment Security
RELIES ON INFRASTRUCTURE - Langflow defers to infrastructure-level security controls; application does not enforce tenant isolation
docs.langflow.orgEncryption in Transit
Recommended but not enforced by application; users must implement HTTPS/TLS at infrastructure level
docs.langflow.orgEncryption at Rest
Recommended best practice; Langflow stores encrypted key references but relies on deployment environment
docs.langflow.orgAPI Key Management
Optional LANGFLOW_REMOVE_API_KEYS flag allows omitting keys from database; environment variables recommended for secure storage
docs.langflow.orgAuthentication
Vulnerable - Multiple CVEs show unauthenticated remote code execution via public build endpoints (CVE-2026-33017, CVE-2025-3248)
github.comAuthorization Bypass
Vulnerable - CVE-2025-34291 allows unauthenticated cross-user MCP access and tool execution via CORS/CSRF bypass (CVSS 9.4)
ibm.comPath Traversal
Previously vulnerable - CVE-2026-5027 (CVSS 8.8) in file upload endpoint, patched in v1.9.0 (April 2026)
github.comVulnerability Disclosure
HackerOne-based responsible disclosure; 7-day response target; public advisories on GitHub
github.com// Products & data scope
data: User-controlled (fully on-premises); zero data sent to Langflow vendors if self-hosted
Available on GitHub (MIT License); can be deployed locally or on any infrastructure. No vendor involvement in data handling for self-hosted deployments. Known security vulnerabilities documented in public advisories.
data: Langflow flows, integrations, and connected API credentials stored on Langflow Cloud infrastructure
Hosted cloud offering for rapid prototyping and deployment. Data residency and compliance posture not clearly documented. Inherits IBM watsonx governance controls but application-level isolation NOT enforced.
data: Agents, flows, governance metadata on IBM Cloud infrastructure
Enterprise edition with SSO, RBAC, audit trails, and lifecycle management. Adds governance layer but underlying Langflow isolation issues remain. IBM watsonx provides compliance wrapper but Langflow itself has documented security gaps.
// What to watch
- NO FORMAL SECURITY CERTIFICATIONS - Langflow has zero documented SOC 2, ISO 27001, GDPR, or HIPAA certifications; IBM watsonx certification does not directly apply to the Langflow product itself
- CRITICAL VULNERABILITIES - Multiple recent CVEs with active exploitation: CVE-2026-33017 (unauthenticated RCE exploited within 20 hours of disclosure), CVE-2025-34291 (CORS/CSRF bypass, CVSS 9.4), CVE-2026-5027 (path traversal)
- NO APPLICATION-LEVEL ISOLATION - Langflow explicitly does not enforce multi-tenant isolation or restrict disk/network access; relies entirely on infrastructure-level controls
- ACTIVE EXPLOITATION - Approximately 7,000 exposed Langflow instances found on the internet actively being exploited as of June 2026; cryptocurrency mining and ransomware campaigns confirmed
- MISSING LEGAL DOCUMENTS - No formal privacy policy, terms of service, or data processing agreement found on langflow.org; privacy link redirects to IBM's generic privacy statement
- INCOMPLETE COMPLIANCE TRANSPARENCY - Cloud service offerings (Langflow Cloud, watsonx integration) lack documented compliance posture; no data residency guarantees published
- CISA KEV LISTED - CVE-2025-3248 added to CISA Known Exploited Vulnerabilities catalog in May 2025; indicates active, weaponized exploitation
- IDENTITY VERIFICATION - Confirmed IBM acquisition of DataStax (including Langflow) but IBM product pages return 403 Forbidden; unclear if Langflow is offered as standalone or only via watsonx
// At a glance
Pricing model
Free (open source) | Free tier cloud | Paid cloud/enterprise tiers (IBM watsonx)
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on DataStax (IBM subsidiary)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
docs.langflow.org