Defensive AI: Fixing Vulnerabilities with AI-Powered Agents

Setting the scene, the Brews and Bytes coffee shop recently decided to expand their business by starting an online website. However, there's just one problem, the web server was developed with tons of vulnerabilities. These vulnerabilities were discovered during a recent red teaming exercise and the red team has left information around each vulnerability including some hints as to how these vulnerabilities can be patched. For fun, the Red Team has set up a game where you must patch one vulnerability at a time before you can move on to the rest. 

Thankfully, we have been working with AI Agents, and with a little luck, we may be able to use them to solve these challenges. The Brews and Bytes server simulates a real-world environment, where AI agents must use information gathered from a red teaming exercise to identify and patch security flaws, from exposed headers to privilege escalation.

The goal of this lab is to introduce users to the concept of using AI agents to solve security challenges. While these agents will still require a human in the loop, this lab should get security professionals thinking about the different ways AI agents can become another tool in their tool belt. In this interactive lab, you'll witness AI agents tackle a series of security vulnerabilities within a coffee shop-themed web application.

The lab walks the user through accomplishing the following:

• Lab Architecture, explanation of concepts, key terms, and technologies.
• Introduction to the vulnerable coffee shop web application and its security flaws.
• Create a defensive AI agent from scratch to see how agents can be configured to accomplish certain tasks.
• Watch defensive AI agents identify and fix vulnerabilities in the coffee shop server.

This lab consists of a single VM with the following hardware and software:

• Windows 11 Jumpbox
• CrewAI Agent Framework
• Nvidia NIM running Llama3.3-70B provided by the AI Proving Ground