Implementing Access Control in Langchain: The Four-Perimeter Approach

Langchain has revolutionized how developers build AI applications, providing powerful tools and abstractions for developing applications on top of LLMs like GPT, Llama, etc. However, the path from a working prototype to a production-ready application requires one crucial element: access control.

When deploying AI applications, particularly those handling sensitive information, you need solid security measures. Who can access the AI? What data can they see? How do you handle support issues? How do you control AI responses? These questions lead us to the four essential security perimeters that every production AI application should consider.

In this guide, we’ll build a real-world application demonstrating these four perimeters in action. Using a healthcare AI assistant as our example, we’ll show you how to implement:

• Prompt protection for controlling AI access
• Secure document retrieval for sensitive data
• Support ticket management with proper escalation controls
• Response validation to prevent unauthorized information exposure

By the end of this tutorial, you’ll understand how to integrate these security perimeters into your own Langchain applications, making them ready for production use.
Let’s start by understanding what these perimeters are and how they work together to create a secure AI system

Our Core Tools:

To build this secure system, we’ll use two key components:

1. Langchain: The foundation of our AI application, providing the building blocks for AI interactions
2. Permit.io: Our access control layer works seamlessly with Langchain to enforce security at each perimeter

Now that we understand our tools let’s examine our healthcare use case and see why these security perimeters are crucial.

Understanding the Use Case

Building an AI assistant for a healthcare provider is not like building any chatbot—it’s one that helps medical professionals and patients interact with sensitive health information.

Let’s look at a real scenario: A patient wants to ask about their recent test results, while a doctor needs to review full medical histories. Same AI system, but very different security needs.
This is where our four security perimeters become essential:

• When the patient sends a question, we need to verify their identity and ensure they’re authorized (Prompt Protection)
• When retrieving medical records, we must ensure users only see documents they’re permitted to access (Secure Document Access)
• If something goes wrong, we need a secure way to handle support tickets and escalations (Support Management)
• Most importantly, we need to ensure our AI never reveals sensitive information to unauthorized users (Response Filtering)

A security breach in healthcare isn’t just about data - it’s about people’s lives and privacy. Let’s see how to implement these security perimeters to build a trustworthy healthcare AI assistant.

The Four Perimeters Framework

Prompt Protection: Your First Line of Defense

Remember our patient trying to access their test results? Before the AI even processes their question, we need to know: Is this really the patient? Are they old enough to use the system? Have they agreed to interact with AI?

This is where our first security perimeter comes in. Prompt Protection acts like a security checkpoint, validating three crucial things:

• User identity through secure JWT validation
• Age and opt-in status verification
• Usage quota tracking to prevent abuse

To implement this, we’ll use tools specifically designed for Langchain applications.

Before diving into the implementation details, we need to understand how these validations work together to create our security checkpoint:

• Identity validation ensures we know exactly who’s making the request
• Age and opt-in checks protect both users and the healthcare provider
• Quota tracking prevents system abuse while ensuring fair access

With these concepts clear, we can now go into the technical implementation of our first security perimeter.

Let’s implement this security checkpoint using langchain-permit, a package that bridges Langchain with Permit’s access control capabilities. We’ll need two key tools:

from langchain_permit.tools import LangchainJWTValidationTool, LangchainPermissionsCheckTool

First, let’s handle user identity verification. In our healthcare scenario, every incoming request should carry a JWT token containing essential user information:

# Example JWT payload
  "payload": {
    "attributes": {
      "age": 15,
      "ai_opt_in": true,
      "daily_quota_remaining": 10,
      "email": "john.doe@example.com",
      "first_name": "John",
      "last_name": "Doe"
    },
    "iat": 1740143672,
    "key": "user-123"
  }

This approach ensures we have all the information needed for our security checks. Let’s see how to validate this token and enforce our security rules.

To demonstrate this in action, let’s build a simple healthcare AI assistant that implements prompt protection. In this example, we’ll build a healthcare AI chatbot that processes medical queries only after validating user access through our security layer.

Let’s start by creating our project structure. Our healthcare AI assistant needs a few key components to handle secure interactions:

src/
├── config/
│   └── settings.py    # Centralizes all our configuration
├── core/
│   ├── security.py    # Handles JWT validation
│   └── permissions.py # Manages Permit.io integration
├── perimeters/
│   └── prompt_guard.py # Implements our prompt protection
└── main.py           # Ties everything together

First, we’ll set up our project dependencies in pyproject.toml using Poetry:

[tool.poetry.dependencies]
python = "^3.9"
langchain = "^0.1.0"
langchain-openai = "^0.0.2"
langchain-permit = "^0.1.2"
permit = "^2.7.2"
pydantic-settings = "^2.7.1"

These packages give us everything we need - Langchain for AI interactions, our langchain-permit package for security, and OpenAI for the actual AI capabilities.

Now, let’s create our security layer. We’ll need two main components:

In settings.py, we define our configuration using Pydantic, making it type-safe and easy to validate:

# src/config/settings.py

from pydantic_settings import BaseSettings
from functools import lru_cache

class Settings(BaseSettings):
    # OpenAI
    openai_api_key: str

    # Permit.io
    permit_api_key: str
    permit_pdp_url: str

    # JWT Configuration
    jwks_url: str
    jwt_issuer: str
    jwt_audience: str
    test_jwt_token: str  # for testing purposes

    # Vector Store
    vector_store_path: str

    # Logging
    log_level: str = "INFO"

    class Config:
        env_file = ".env"

@lru_cache()
def get_settings():
    """Get cached settings"""
    return Settings()

Our security.py handles user identity verification:

# src/core/settings.py

from typing import Dict, Any
from langchain_permit.tools import LangchainJWTValidationTool
from src.config.settings import get_settings

settings = get_settings()

class SecurityManager:
    def __init__(self):
        self.jwt_validator = LangchainJWTValidationTool(
            jwks_url=settings.jwks_url
        )

    async def validate_token(self, token: str) -> Dict[str, Any]:
        """Validate JWT token and extract claims."""
        try:
            claims = await self.jwt_validator._arun(token)
            return self._process_user_claims(claims)
        except Exception as e:
            raise ValueError(f"Token validation failed: {str(e)}")

    def _process_user_claims(self, claims: Dict[str, Any]) -> Dict[str, Any]:
        """Process and validate user claims."""
        required_attributes = {'age', 'ai_opt_in', 'daily_quota_remaining'}

        user_attributes = claims.get('attributes', {})
        missing_attrs = required_attributes - set(user_attributes.keys())

        if missing_attrs:
            raise ValueError(f"Missing required attributes: {missing_attrs}")

        return claims

security_manager = SecurityManager()

The permissions.py file works as our access control system, determining who can access what:

# src/core/permissions.py

from permit import Permit
from langchain_permit.tools import LangchainPermissionsCheckTool
from src.config.settings import get_settings

settings = get_settings()

class PermissionsManager:
    def __init__(self):
        self.permit_client = Permit(
            token=settings.permit_api_key,
            pdp=settings.permit_pdp_url
        )
        self.permissions_checker = LangchainPermissionsCheckTool(
            permit=self.permit_client
        )

    async def check_prompt_permissions(
        self,
        user: dict,
        prompt_type: str = "general"
    ) -> bool:
        """Check if user has permission to use AI prompts."""
        result = await self.permissions_checker._arun(
            user=user,
            action="ask",
            resource={
                "type": "healthcare_prompt",
            }
        )
        print("====> Result <====", result)
        return result.get("allowed", False)

permissions_manager = PermissionsManager()

Finally, in prompt_guard.py, we bring everything together. This is where our security layer lives:

# src/perimeters/prompt_guard.py

from typing import Dict, Any
from langchain_openai import ChatOpenAI
from langchain.prompts import ChatPromptTemplate
from src.core.security import security_manager
from src.core.permissions import permissions_manager

class PromptGuard:
    def __init__(self):
        self.llm = ChatOpenAI()
        self.prompt = ChatPromptTemplate.from_messages([
            ("system", "You are a helpful medical assistant. Provide general health information only."),
            ("human", "{question}")
        ])

    async def process_medical_query(
        self,
        token: str,
        question: str,
        prompt_type: str = "general"
    ) -> str:
        """
        Process a medical query with security checks.
        """
        try:
            # 1. Validate JWT and get user claims
            user = await security_manager.validate_token(token)
            print("====> User <====", user)

            # 2. Check permissions with Permit.io
            allowed = await permissions_manager.check_prompt_permissions(
                user=user,
                prompt_type=prompt_type
            )
            print("====> Allowed <====", allowed)
            if not allowed:
                raise ValueError("User does not have permission to use the AI")

            # 3. Process the query
            chain = self.prompt | self.llm
            response = await chain.ainvoke({"question": question})

            return response.content

        except Exception as e:
            raise ValueError(f"Query processing failed: {str(e)}")

prompt_guard = PromptGuard()

To demonstrate how it all works, our main.py provides a simple example:

# src/main.py

import asyncio
from src.perimeters.prompt_guard import prompt_guard
from src.config.settings import get_settings

settings = get_settings()

async def main():
    try:
        response = await prompt_guard.process_medical_query(
            token=settings.test_jwt_token,
            question="What are common symptoms of a fever?",
            prompt_type="general"
        )
        print("Response:", response)
    except ValueError as e:
        print("Error:", str(e))

if __name__ == "__main__":
    asyncio.run(main())

Creating the Resource and Policy in Permit

Before we run our healthcare AI assistant script for the PromotGuard, let’s understand the ABAC policy we set up on the Permit dashboard. Our policy ensures users meet three key requirements:

# Eligible User Requirements (ABAC Policy)
{
    "user.age": "greater-than-equals 18",
    "user.ai_opt_in": "equals true",
    "user.daily_quota_remaining": "greater-than 0"
}

Define a healthcare_prompt Resource

In the Permit dashboard, navigate to the Resources section under the Policy tab and create a new resource named healthcare_prompt. This resource represents the prompt itself— the entry point to our AI. We added an ask action to it, which is what the user calls to send a prompt.

Click on save, and you’ll see the resource type of healthcare_prompt created for you in the Resource section:

Set Up a User Set for Eligible AI Users

Next, navigate to the ABAC Rules section (still under Policy tab) and define an ABAC User Set— let’s call it “Eligible AI Users.” This user set has three conditions:

user.age >= 18
user.ai_opt_in == true
user.daily_quota_remaining > 0

Click on create new and fill in the details for the user set:

Once saved, you will see the ABAC User sets of Eligible AI Users created. These rules ensure that the user is at least 18, has opted into using AI, and hasn’t run out of their daily prompt quota.

Grant the ask Action

Finally, we granted the ask action on the healthcare_prompt resource to the “Eligible AI Users” set on the Policy editor tab:

Test Case Scenarios

1. Run the main.py script using a non-valid token, you will get an error message saying - JWT validation failed: Signature verification failed
2. Run the main.py file using a valid token, but the user has attributes that do not match the policy(ies) we defined, say the user’s age is under 18:
3. Run the main.py file using a valid token, and the user has attributes that match all the ABAC policy conditions that we defined:

Now, whenever a user tries to prompt our AI system, Permit checks if their token’s attributes satisfy the above ABAC rules. If the user meets the conditions, they pass the Prompt Guard; otherwise, they’re blocked.

This structure ensures that each component has a single responsibility while working together to create a secure healthcare AI assistant.

Now that we have our first security perimeter protecting AI access let’s move to our second challenge: securing medical document retrieval. In a healthcare setting, not all documents should be accessible to everyone - a patient’s test results, for instance, should only be visible to them and their healthcare providers.

RAG Filtering — Securing Medical Document Retrieval

After we ensure that only authorized users can interact with our AI (via Prompt Guard), our next step is to control which documents the AI can access. In healthcare, sensitive medical records must be strictly protected, and only the appropriate documents should be provided to the user.

Defining Document Access with ABAC in Permit

To enforce this, we set up our ABAC policies in Permit dashboard as follows:

Create a Healthcare Document Resource

This resource represents all the documents in our knowledge base.

Define a Resource Set: “PublicDocs”

Define a resource set called PublicDocs that filters documents based on an attribute — specifically, resource.public == true.

• Public Documents: Any document with public:true is automatically grouped into this resource set.
• Restricted Documents: Documents with public:false are excluded.

Set Up an ABAC User Set

Create a user set (for example, “Everyone”) that contains users with a simple condition like user.access == yes. This represents all users who are allowed to access public information.

Configure the Policy in the Permit Dashboard

Instead of granting view access on the broad Healthcare Document resource, we specifically ticked the view action under the PublicDocs resource set.

• This policy ensures that users in the “Everyone” set can only view documents that are marked as public.

Let’s implement this security layer. In our project, we’ll create src/perimeters/rag_security.py:

# src/perimeters/rag_security.py

from typing import List, Dict, Any
from langchain.schema import Document
from langchain_openai import OpenAIEmbeddings
from langchain_community.vectorstores import FAISS
from langchain_permit.retrievers import PermitEnsembleRetriever
from src.config.settings import get_settings

settings = get_settings()

class RAGSecurityManager:
    def __init__(self):
        self.embeddings = OpenAIEmbeddings()
        # Sample medical documents with varying sensitivity levels
        self.sample_docs = [
            Document(
                page_content="Common cold symptoms include runny nose, cough, and sore throat.",
                metadata={
                    "id": "doc1",
                    "type": "healthcare_document",
                    "attributes": {
                        "public": True,
                    }
                }
            ),
            Document(
                page_content="High blood pressure treatment guidelines and medications.",
                metadata={
                    "id": "doc2",
                    "type": "healthcare_document",
                    "attributes": {
                        "public": False,
                    }
                }
            ),
            Document(
                page_content="Patient diagnosis reports and treatment plans for serious conditions.",
                metadata={
                    "id": "doc3",
                    "type": "healthcare_document",
                    "attributes": {
                        "public": False,
                    }
                }
            ),
            Document(
                page_content="Patient diagnosis reports and treatment plans for serious conditions.",
                metadata={
                    "id": "doc4",
                    "type": "healthcare_document",
                    "attributes": {
                        "public": False,
                    }
                }
            )
        ]
        # Initialize vector store
        self.vectorstore = self._initialize_vectorstore()

    def _initialize_vectorstore(self) -> FAISS:
        """Initialize FAISS with sample documents"""
        return FAISS.from_documents(
            documents=self.sample_docs,
            embedding=self.embeddings
        )

    async def get_relevant_documents(
        self,
        query: str,
        user: Dict[str, Any]
    ) -> List[Document]:
        """
        Get relevant documents based on query and user permissions
        """
        # Create base retriever from vector store
        vector_retriever = self.vectorstore.as_retriever(
            search_kwargs={"k": 2}
        )

        # Wrap with permission checks
        secure_retriever = PermitEnsembleRetriever(
            retrievers=[vector_retriever],
            permit_api_key=settings.permit_api_key,
            permit_pdp_url=settings.permit_pdp_url,
            user=user['key'],
            action="view",
            resource_type="healthcare_document"
        )

        # Get permitted documents
        return await secure_retriever.ainvoke(query)

# Create singleton instance
rag_security_manager = RAGSecurityManager()

Integrating with Our Prompt Guard

In our prompt_guard.py, we already have Prompt Protection. Now, we just add a step to retrieve context documents from rag_security_manager:

# src/perimeters/prompt_guard.py

from typing import Dict, Any
from langchain_openai import ChatOpenAI
from langchain.prompts import ChatPromptTemplate
from src.core.security import security_manager
from src.core.permissions import permissions_manager
from src.perimeters.rag_security import rag_security_manager

class PromptGuard:
    def __init__(self):
        self.llm = ChatOpenAI()
        self.system_prompt = """You are a helpful medical assistant.
        Provide information based on the given context and general health knowledge.
        Do not provide medical advice or diagnosis."""

    async def process_medical_query(
        self,
        token: str,
        question: str,
        prompt_type: str = "general"
    ) -> str:
        """
        Process a medical query with security checks and RAG support.
        """
        try:
            # 1. Validate JWT and get user claims
            user = await security_manager.validate_token(token)

            # 2. Check permissions with Permit.io (Prompt Protection)
            allowed = await permissions_manager.check_prompt_permissions(
                user=user,
                prompt_type=prompt_type
            )
            if not allowed:
                raise ValueError("User does not have permission to use the AI.")

            # 3. Retrieve relevant documents with ABAC filtering
            context_docs = await rag_security_manager.get_relevant_documents(
                query=question,
                user=user
            )

            # 4. Build a prompt with the filtered context
            context_text = "\\n".join(doc.page_content for doc in context_docs)
            prompt = ChatPromptTemplate.from_messages([
                ("system", self.system_prompt),
                ("system", f"Context:\\n{context_text}"),
                ("human", "{question}")
            ])

            # 5. Invoke the LLM
            chain = prompt | self.llm
            response = await chain.ainvoke({"question": question})
            return response.content

        except Exception as e:
            raise ValueError(f"Query processing failed: {str(e)}")

prompt_guard = PromptGuard()

Testing Our Secure Document Retrieval

In main.py, we simulate a user query with a JWT token:

# src/main.py
import asyncio
from src.perimeters.prompt_guard import prompt_guard

async def main():
    # Example token (JWT) that says user.role="doctor", or user.key="patient-123"
    # This token must pass ABAC checks for "view" on "healthcare_document".
    test_token = "eyJhbGciOiJSU..."  # Replace with a real or test JWT

    query = "What treatments are available for high blood pressure?"

    try:
        response = await prompt_guard.process_medical_query(
            token=test_token,
            question=query,
            prompt_type="general"
        )
        print("Response:", response)
    except ValueError as e:
        print("Error:", str(e))

if __name__ == "__main__":
    asyncio.run(main())

When you run this script, PermitEnsembleRetriever will:

• Retrieve potentially relevant docs (e.g., those discussing “high blood pressure”).
• Filter them based on your ABAC policy. If the user has role:doctor or meets other policy conditions, they’ll see high-sensitivity documents. Otherwise, those documents get filtered out.

Verifying the Policy in Action

Try running main.py with different JWT payloads:

• Doctor user: Should see all documents, including high sensitivity.
• Patient user: Only sees low or medium sensitivity.
• Ineligible user (under 18 or ai_opt_in=false): Denied at the Prompt Protection step, never even gets to doc retrieval.

You’ll see that the final AI response changes based on the retrieved context. If a user can’t see high-sensitivity docs, the LLM only sees open docs—and thus gives a more limited answer.

Secure External Access: Controlling External Actions

So far, we’ve ensured only authorized users can send prompts to the AI (Prompt Guard) and only see the documents they’re allowed to access (RAG Filtering). But in many real-world applications, an AI doesn’t just read data—it acts on external systems, like scheduling appointments or creating support tickets.

In a healthcare setting, imagine a patient asking the AI to book a follow-up appointment. That action must be carefully controlled, just like any other resource request. We don’t want unauthorized users (or the AI on their behalf) to modify external systems.

Defining a New Resource and Action in Permit

We introduce a new resource in Permit dashboard — for example, healthcare_appointment —with an action named schedule. Our ABAC policy might require:

The user’s age to be at least 18
The user’s can_schedule attribute to be true

When a user meets these conditions, Permit will allow them to schedule an appointment on the healthcare_appointment resource.

Creating the Resource and Policy in Permit

1. Define a healthcare_appointment Resource
   In the Permit dashboard, create a healthcare_appointment resource to represent an appointment record or calendar entry. Add a schedule action, which is what the user invokes to book a new appointment.

Set Up a User Set for Scheduling

Next, define a User Set in the ABAC Rules tab — for example, “Scheduling Eligible Users” — with conditions like:

user.age >= 18
user.can_schedule == true

This ensures only users who meet these criteria can initiate appointment bookings.

Grant the schedule Action

Go to the Policy Editor tab and grant the schedule action on healthcare_appointment to the “Scheduling Eligible Users” set. That way, if a user’s token attributes satisfy the ABAC rules, Permit will return allowed:true and let them schedule.

Implementing Secure External Access

We encapsulate this logic in a new file, external_access.py, which checks:

• JWT Validation – We confirm the user’s token is valid.
• Permissions Check – We verify the user is allowed to perform the schedule action on the healthcare_appointment resource.
• Mock External Call – If the user is permitted, we simulate calling an external calendar system (or any other API) to schedule the appointment.

from src.core.security import security_manager
from src.core.permissions import permissions_manager

class ExternalAccessManager:
    async def schedule_appointment(self, token: str, appointment_details: dict) -> str:
        try:
            # 1. Validate JWT
            user_claims = await security_manager.validate_token(token)

            # 2. Check scheduling permissions
            check_result = await permissions_manager.permissions_checker._arun(
                user=user_claims,
                action="schedule",
                resource={"type": "healthcare_appointment"}
            )
            if not check_result.get("allowed", False):
                raise ValueError("User does not have permission to schedule an appointment.")

            # 3. Mock external API call
            date = appointment_details.get("date", "N/A")
            time = appointment_details.get("time", "N/A")
            return f"Appointment successfully booked for {date} at {time}. Check your email for details."
        except Exception as e:
            raise ValueError(f"Scheduling failed: {str(e)}")

external_access_manager = ExternalAccessManager()

Integrating Into main.py

After the AI returns its medical advice, we simulate the user saying, “Yes, schedule a follow-up.” We then call schedule_appointment() with the same token:

from src.perimeters.external_access import external_access_manager

# ... existing code that gets the AI response

user_input = "Yes"  # Simulated user choice
if user_input.strip().lower() == "yes":
    schedule_response = await external_access_manager.schedule_appointment(
        token=some_jwt_token,
        appointment_details={"date": "2025-03-10", "time": "10:00 AM"}
    )
    print("Scheduling Response:", schedule_response)

If the user has can_schedule:true and meets the ABAC rules, Permit approves the action, and the code returns a success message. Otherwise, it fails with an error like User does not have permission to schedule an appointment.

Testing it out

Run the command - poetry run python -m src.main

When the payload of the user inside our token is:

    payload = {
        "key": "user-123",
        "attributes": {
            "age": 25,
            "ai_opt_in": True,
            "daily_quota_remaining": 10,
            "can_schedule": False
        }
    }

The response:

When the payload of the user inside the token is:

    payload = {
        "key": "user-123",
        "attributes": {
            "age": 25,
            "ai_opt_in": True,
            "daily_quota_remaining": 10,
            "can_schedule": True
        }
    }

The response:

You can also view the permission logs on the Audit logs tab on Permit’s dashboard:

This third perimeter ensures all external actions the AI takes—like booking appointments—are properly secured.

Response Enforcement: Validating Final AI Output

Even with the first three perimeters in place, there’s still a risk: what if the AI’s final response leaks private data? Large language models can “hallucinate” or inadvertently include sensitive details in their output. In healthcare, this can be a serious privacy violation.

Introducing an Output Parser

LangChain supports output parsers, which let you transform or validate an LLM’s raw output before returning it to the user. This is where Response Enforcement happens. You can build a custom output parser to scan the AI’s text for sensitive terms, PII, or other restricted content, then redact or remove it.

Create an output_parser.py file in the perimeters folder and add this code:

from langchain.schema import BaseOutputParser

class SensitiveDataParser(BaseOutputParser):
    """
    A custom output parser that inspects the LLM response for sensitive data
    and redacts it as necessary before the final response is delivered.
    """

    def parse(self, text: str) -> str:
        # Example: redact "high blood pressure"
        sanitized_text = text.replace("high blood pressure", "[REDACTED]")
        return sanitized_text

    def get_format_instructions(self) -> str:
        return "Return the text with any sensitive data redacted."

Attaching the Parser to Your Chain

In your prompt_guard.py, after you build the prompt and call the LLM, run the result through your SensitiveDataParser:

from src.perimeters.output_parser import SensitiveDataParser
class PromptGuard:
    def __init__(self):
        self.llm = ChatOpenAI()
        self.sensitive_parser = SensitiveDataParser()
        # ...    async def process_medical_query(self, token: str, question: str, prompt_type: str = "general") -> str:
        # 1. Validate token        # 2. Check permissions        # 3. RAG filtering        # 4. Build prompt, call LLM        chain = prompt | self.llm
        raw_response = await chain.ainvoke({"question": question})
        # 5. Parse the final LLM output        safe_response = self.sensitive_parser.parse(raw_response.content)
        return safe_response

Now, any instance of "high blood pressure" is replaced with “[REDACTED]” before the user sees it. You can extend this logic to detect more complex sensitive info (like patient names or IDs) via regex or other heuristics. Of course, if you’re creating a more complex app where you will return sensitive information, you can adapt this usage of OutputParser to redact sensitive information before the LLM returns it back to the user.

Optional Permissions Check

While the example above unconditionally redacts certain keywords, you could also integrate the Permissions Check Tool here. For instance, if a user is a medical professional with high-level clearance, you might allow them to see the unredacted version of the final response sent back. Conversely, a patient might see only a sanitized version. This approach provides more granular control over the final AI output based on each user’s role or attributes.

Why Response Enforcement Matters

• Defense in Depth: If the LLM tries to reveal restricted info, the output parser is a final check.
• Privacy & Compliance: In healthcare, regulations like HIPAA require you to prevent unauthorized disclosure of PHI. A robust parser helps ensure compliance.
• Adaptable: You can easily update the parser’s rules or connect it to other services (e.g., classification APIs) to handle more sophisticated checks.

With this fourth perimeter, you’ve closed the loop, ensuring your healthcare AI never inadvertently reveals sensitive information—even if the user passed all other checks.

App Testing Demo

Watch it here

Conclusion

Implementing access control in Langchain requires more than just simple authentication—it demands a structured approach to securing interactions, data retrieval, external actions, and AI-generated responses. By applying the Four Perimeters Framework, we ensure that:

• Prompt Protection verifies user identity before engaging with the AI.
• Secure Document Retrieval enforces access control on sensitive information.
• External Action Controls prevent unauthorized operations like appointment scheduling.
• Response Enforcement safeguards against AI-generated data leaks.

Each of these perimeters plays a critical role in maintaining security, privacy, and compliance, particularly in sensitive domains like healthcare. By leveraging tools like Langchain, Permit.io, and structured access policies, developers can confidently transition AI applications from prototype to production without compromising safety or user trust.

As AI applications continue to evolve, incorporating granular, policy-driven security will be essential in protecting users and their data. Start implementing these security perimeters today to build AI systems that are not only intelligent but also responsible and secure.

👉 Want to dive deeper? Read more about the Four Perimeters Framework, and check out the Permit.io documentation. Have questions or want to connect with other developers working on access control? Join the discussion in our Slack community.