An open-source AWS training range for learning agentic AI security. Deploy a realistic AI agent, toggle six misconfigurations via Terraform, and run five attack scenarios covering prompt injection, RAG poisoning, data exfiltration, and a full kill chain.
Part 3 of building agent-inject: manual validation of every attack scenario. The biggest challenge was not breaking things. It was building a working product and securing it while making insecure scenarios realistically demonstrate impact.
After nearly a year of pentesting Salesforce orgs, I built aura-privesc: an open-source scanner that automates Aura/Lightning privilege escalation discovery. It finds exposed objects, tests CRUD permissions, probes Apex controllers, and generates interactive HTML reports with ready-to-use proof-of-concept commands.
Part 2 of building agent-inject: automated testing against a live Bedrock agent. 41 tests across 6 scenarios revealed that the gap between expected and actual agent behaviour is where the real lessons are.
Part 1 of building agent-inject: an intentionally vulnerable AI agent on AWS Bedrock, designed to teach prompt injection and agentic AI attacks. This post covers the full secure baseline, from repo scaffold to a working chat UI.