Show HN: VoiceGoat – A vulnerable voice agent for practicing LLM attacks
VoiceGoat is an intentionally vulnerable voice agent platform designed for security training, allowing practitioners to practice exploiting LLM-based systems in a controlled environment. It covers key OWASP Top 10 LLM vulnerabilities such as prompt injection, excessive agency, and vector database weaknesses. The platform supports CTF-style learning with flag-capturing challenges and integrates with tools like Docker, Twilio, and OpenAI. It is meant for educational use only and should not be exposed publicly without safeguards.
- ▪VoiceGoat is a modular, deliberately insecure voice agent for practicing red team techniques on LLM-powered systems.
- ▪It includes challenges covering OWASP LLM Top 10 categories like prompt injection, excessive agency, and RAG poisoning.
- ▪The platform uses Docker and supports multiple LLM providers including mock, OpenAI, and AWS Bedrock.
- ▪Users can capture flags in a CTF-style format to validate successful exploitation of vulnerabilities.
- ▪VoiceGoat supports real voice interactions via Twilio Media Streams for realistic attack simulation.
Opening excerpt (first ~120 words) tap to expand
VoiceGoat A purposely vulnerable voice agent application for security practitioners to practice exploiting voice-based AI systems. Disclaimer This application is intentionally vulnerable. It is designed for educational and security training purposes only. Do NOT deploy this in production or expose it to the public internet without proper safeguards. See Public Hosting Security Assessment for details. Demo Warning: This video contains spoilers including challenge solutions and flag captures. Overview VoiceGoat is a modular vulnerable voice agent platform that covers the OWASP Top 10 for LLM Applications.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.