Testing

Part 3 of building agent-inject: manual validation of every attack scenario. The biggest challenge was not breaking things. It was building a working product and securing it while making insecure scenarios realistically demonstrate impact.

Part 2 of building agent-inject: automated testing against a live Bedrock agent. 41 tests across 6 scenarios revealed that the gap between expected and actual agent behaviour is where the real lessons are.