supply chain / autogen-agentchat

AutoGen AgentChat

registryPyPI

package nameautogen-agentchat

maintainerMicrosoft

AutoGen AgentChat is Microsoft's high-level API for building multi-agent conversational systems, providing preset agent types (AssistantAgent, UserProxyAgent, GroupChatManager) and conversation patterns. It is the primary entry point for most AutoGen-based applications. Agents can spawn sub-agents, execute code, and call tools autonomously.

api usage

Checking AutoGen AgentChat

autogen-agentchat 0.4.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=autogen-agentchat&version=0.4.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "autogen-agentchat",
  "version": "0.4.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Multi-agent frameworks coordinate autonomous code execution across multiple model invocations. A compromised version intercepts the message bus between agents, making it possible to exfiltrate inter-agent credentials, inject malicious tool responses, or alter task delegation without detection.

Attestd monitors autogen-agentchat using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages AutoGen Core LangChain OpenAI SDK (Python)Response fields