ai-sec-lab001: Generative AI System Security Offense and Defense Practical Lab

ai-sec-lab001 is a generative AI security engineering experimental environment built on AWS EKS, designed to help security engineers, developers, and architects systematically learn the construction, attack, and hardening of generative AI systems. The lab covers OWASP LLM Top 10 vulnerability practices, AWS Bedrock protection mechanisms, container security, and DevSecOps pipeline practices. It uses an open-source model to provide reproducible experimental scenarios, helping organizations uphold security baselines in AI innovation.

The rapid development of generative AI technology brings innovation opportunities, but also introduces new security risks such as prompt injection, data leakage, and model theft. Traditional application security frameworks are difficult to adapt to the special architecture of LLM systems, and the industry urgently needs targeted security practice guidelines and experimental environments. ai-sec-lab001 emerged as a cloud-native AI security engineering lab to help users systematically master generative AI system security capabilities.

The lab is built on Amazon EKS, using OpenTofu (an open-source fork of Terraform) to implement Infrastructure as Code (IaC), and Helm Charts for automated application layer deployment. Its advantages include:

• One-click deployment: Set up a complete experimental environment in minutes
• Environment isolation: Independent Kubernetes namespaces to avoid interference
• Cost optimization: Automatic resource destruction after experiments, pay-as-you-go
• Reproducibility: Versioned configuration storage ensures verifiable results

The lab deeply covers the OWASP LLM Top 10 security risks:

1. Prompt Injection (direct/indirect manipulation of model behavior)
2. Unsafe Output Handling (unfiltered outputs leading to vulnerabilities like code execution)
3. Training Data Poisoning (contaminating data to affect long-term model behavior)
4. Model Denial of Service (resource-exhausting inputs making services unavailable)
5. Supply Chain Vulnerabilities (risks from pre-trained models, third-party libraries, and datasets)
6. Sensitive Information Leakage (model memorization of training data leading to privacy leaks)
7. Unsafe Plugin Design (permission issues in LLM integration with external tools)
8. Over-Privileged Agents (excessive permissions leading to unauthorized operations)
9. Over-Reliance (users' blind trust in model outputs causing decision-making errors)
10. Model Theft (reverse-engineering proprietary models via APIs)

AWS Bedrock Guardrails Protection

Integrate Amazon Bedrock Guardrails features, practice configuring protection layers such as denied topics, content filters, sensitive information desensitization, and vocabulary filters, and understand the concept of defense-in-depth for AI systems.

Container Security and Supply Chain Protection

Targeting the containerization characteristics of AI workloads, it covers Kubernetes security best practices such as image security scanning, least-privilege container runtime configuration, Secrets management, and network policy isolation to prevent supply chain attacks on model files and dependency libraries.

Embed security detection into AI application CI/CD pipelines:

• Code phase: Static analysis to detect unsafe API calls and hard-coded sensitive information
• Build phase: Container image vulnerability scanning and SBOM (Software Bill of Materials) generation
• Deployment phase: Security compliance checks for Kubernetes resource configurations
• Runtime phase: Runtime threat detection and abnormal behavior monitoring
• Model phase: Model card documentation and bias detection The shift-left security strategy ensures early detection and fixing of security issues, reducing remediation costs.

The lab adopts a progressive learning design: Phase 1: Environment Familiarization Understand EKS cluster architecture, OpenTofu workflow, and Helm deployment mode Phase 2: Vulnerability Reproduction Reproduce typical OWASP LLM Top10 vulnerabilities in a controlled environment to understand attack principles Phase 3: Protection and Hardening Implement protection measures such as Bedrock Guardrails configuration, input/output filtering, and access control Phase 4: Red-Blue Exercise Simulate real attack scenarios to test the effectiveness of the protection system and optimize it Phase 5: Production Migration Learn to migrate security practices to production environments and establish continuous monitoring and response mechanisms

Community Contribution and Open-Source Value

ai-sec-lab001 is open-sourced under the Apache 2.0 license. The community is welcome to contribute new experimental scenarios, attack vectors, and protection schemes. Enterprises can freely use it for internal training and compliance audits, and it is expected to become an authoritative reference implementation in the AI security field.

Conclusion

Generative AI security governance is an inevitable trend of technological development and regulatory requirements. ai-sec-lab001 provides an actionable practice platform for this emerging field, helping organizations uphold security baselines in AI innovation, and is an indispensable learning resource for teams deploying LLM applications in production environments.