<a href="https://colab.research.google.com/github/vFawzi/leaky-summarizer-labv2/blob/main/The_Leaky_Summarizer_Labv2.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

The Leaky Summarizer: An AI Security Investigation

Welcome, Security Investigator!

Your mission is to assess a new AI agent developed by our engineering team. The "Leaky Summarizer" agent is a conversational chatbot designed to read corporate documents from Cloud Storage and provide summaries.

Your task is to ensure this new chatbot is secure before it goes into production. You will interact with it, try to find hidden vulnerabilities, and then implement Google Cloud's advanced security controls to fix them.

Lab Objectives

✅ Interact with a deployed, conversational AI chatbot built with the Agent Development Kit (ADK).

✅ Discover how a sophisticated "Indirect Prompt Injection" attack can trick an agent into leaking secret data.

✅ Identify the root-cause infrastructure misconfiguration that enables the attack.

✅ Implement two distinct layers of security controls:

Network Egress Controls to lock down the agent's network access.

Vertex AI Model Armor to protect the AI's "brain" from malicious prompts.

✅ Verify that the threat has been successfully mitigated.

Your Environment

Your lab environment, including the deployed agent, has been pre-provisioned by your trainer. You will be given two key pieces of information to start:

Your unique GCP_PROJECT_ID.

The AGENT_URL for the live AI agent you will be investigating.

Let's begin the investigation.

In [None]:
# ===============================================================
# TODO: PASTE THE VALUES PROVIDED BY YOUR TRAINER BELOW
# ===============================================================

GCP_PROJECT_ID = 'genai-security-01'
AGENT_URL = 'https://your-agent-url-here.a.run.app'

# ===============================================================
#               (No need to change anything below)
# ===============================================================
import os
import requests
import json

class AgentChat:
    """A helper class to make interacting with the chatbot easier."""
    def __init__(self, agent_url):
        if 'your-agent-url-here' in agent_url:
            raise ValueError("❌ ERROR: Please replace 'your-agent-url-here' with the Agent URL provided by your trainer.")
        self.agent_url = agent_url
        self.session_id = None
        print(f"✅ Chatbot client initialized. Ready to chat with the agent at: {self.agent_url}")

    def chat(self, prompt_text):
        print(f"\n> YOU: {prompt_text}")
        payload = {"prompt": prompt_text}
        if self.session_id:
            payload["session"] = self.session_id

        try:
            response = requests.post(self.agent_url, json=payload)
            response.raise_for_status()
            data = response.json()
            self.session_id = data.get("session")
            print("< AGENT:")
            print(json.dumps(data, indent=2))
            return data
        except requests.exceptions.RequestException as e:
            print(f"❌ An error occurred while communicating with the agent: {e}")
            return None

# --- Verification ---
if 'your-gcp-project-id-here' in GCP_PROJECT_ID:
    print("❌ ERROR: Please replace 'your-gcp-project-id-here' with the Project ID provided by your trainer.")
else:
    os.environ['GCP_PROJECT_ID'] = GCP_PROJECT_ID
    chatbot = AgentChat(AGENT_URL)
