AIToday

VoiceGoat: Open-source vulnerable voice agent platform for security training released on GitHub

Hacker NewsApr 28, 20262 min read
VoiceGoat: Open-source vulnerable voice agent platform for security training released on GitHub

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. VoiceGoat is a modular platform designed for security practitioners to practice exploiting voice-based AI systems, covering OWASP Top 10 for LLM Applications across three services: VoiceBank (LLM01: Prompt Injection), VoiceAdmin (LLM06: Excessive Agency), and VoiceRAG (LLM08: Vector/Embedding vulnerabilities).

  2. The platform runs in Docker and supports multiple LLM backends—mock (free, no API keys), OpenAI, and AWS Bedrock—with optional real phone call integration via Twilio; practitioners capture flags in CTF-style for successful exploits across Easy, Medium, and Hard difficulty levels.

  3. The project is intentionally vulnerable and designed for educational and security training purposes only; deployment in production or exposure to the public internet without proper safeguards is explicitly discouraged, with source code and documentation available on GitHub.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →