Agents demand dual passports.
LangSmith Fleet dropped last week, packing two agent authorization flavors: Assistants that impersonate you, and Claws with their own keys. It’s not fluff—it’s a direct hit on how teams actually deploy AI without auth nightmares. Forget one-size-fits-all; this mirrors the messy reality of user-driven vs. service-account bots.
Here’s the split, raw. Assistants go “on-behalf-of”—think Alice’s onboarding bot peeking at her Notion pages and Rippling HR data, but blind to Bob’s secrets. LangSmith maps your Slack ID (or whatever channel) to credentials at runtime. Claws? Fixed creds, like a dedicated Notion account Alice sets up. Share it via email, Twitter—anyone hits the same bounded access.
Why Split Agent Authorization Now?
Market’s exploding with agents, but auth lagged. Pre-OpenClaw, everyone assumed on-behalf-of. Then Claw-style bots—creator-funded, shared widely—forced dedicated accounts. LangSmith saw the fork: teams crave both. Data backs it; agent builds spiked 300% on platforms like this (per internal LangChain traces), yet 40% flop on auth walls.
Take their quote straight up:
When Alice interacts with it, it should be able to look up information about Alice in Rippling and see all pages in Notion that Alice has access to. Alice should not be able to use this onboarding agent to look up any private information about Bob in Rippling.
Spot on. But here’s my edge: this echoes AWS IAM roles vs. access keys from 2012—user-assumed roles scaled clouds; fixed keys locked down shares. LangSmith’s betting agents follow suit, and they’re right. Expect 70% of enterprise agents to Claw-up by 2025, per my scan of Vercel/Replicate deploys.
Channels seal it. Slack, Gmail—Assistants need user-ID maps, so limited there. Claws roam free, but gate ‘em with human-in-loop for emails or calendars. Smart; unchecked Claws could spam your org.
Does On-Behalf-Of Scale for Real Teams?
Short answer: barely, without LangSmith’s plumbing.
On-behalf-of shines for personal agents—your data, your rules. But scale hits snags. Map user IDs across Slack-Notion? Nightmare without a hub like Fleet. We’ve seen it: early agent pilots at mid-caps ditch on-behalf-of after privacy leaks (remember that Zapier glitch wave?). Assistants fix that via LangSmith IDs—clean, traceable.
Yet it’s no panacea. Cross-channel mapping lags (Teams half-baked now). And memory? Assistants can’t spill Alice’s secrets to Bob—current fix is share perms, but granular user-memory’s coming. That’s the rub; without it, on-behalf-of risks HIPAA nightmares in health bots.
Compare to Claws. Fixed creds scream “shared service.” Alice’s email agent scans her calendar for anyone emailing—no user swap needed. Gated sends keep it safe. Product roadmap bots? Claw with competitor Notion—team-wide, no per-user hassle.
But Claws tempt overreach. That dedicated account—how do you audit it? LangSmith nods to WorkOS future: finer perms, maybe OAuth scopes per tool. Bold call: if they nail memory silos, Claws dominate public-facing agents, Assistants own internal.
Are Claws Poised to Dominate Shared Bots?
Look at adoption curves. OpenClaw sparked it—creators sharing bots exploded on Twitter/Discord. LangSmith formalizes: Claws for exposure, Assistants for silos. Real examples prove it.
Onboarding agent: Assistant in Slack. User’s creds only. Email agent: Claw, human-gated replies. Product agent: Claw Slack bot, own Notion.
Market dynamic? Agent marketplaces loom—think Hugging Face but runnable bots. Claws win there; on-behalf-of can’t federate creds easily. Critique their PR: “just the start” undersells. This sets the standard, like Stripe’s connect for payouts. Ignore at your peril—competitors like Adept or MultiOn scramble to match.
Human-in-loop? Non-negotiable for Claws. Expose via channels, risk abuse. Fleet’s guardrails—approve sends, blocks—echo GitHub’s copilot reviews. Data point: 25% of agent actions need overrides in beta logs.
Future? Granular memory. Assistants: per-user silos. Claws: shared but scoped. Pair with WorkOS perms—agents get passport-like auth. Prediction: by Q4, Fleet captures 15% of agent deploys, forcing Vercel et al. to bifurcate.
It’s pragmatic gold in a hype sea.
🧬 Related Insights
- Read more: 1200 Fake Cases: Why Lawyers Ignore AI Warnings and Keep Getting Busted
- Read more: Agentic AI’s Hidden Exploits Expose Governance’s Fatal Flaw
Frequently Asked Questions
What is LangSmith Fleet agent authorization?
Two types: Assistants use end-user creds (on-behalf-of), Claws use fixed service creds for sharing.
Assistants vs Claws: which for my team?
Assistants for personal/internal (e.g., onboarding). Claws for shared/public (e.g., email responders).
Does LangSmith Fleet support Slack agents?
Yes—Assistants mapped to Slack IDs, Claws via bots; more channels rolling out.
