Within your course repository, create a directory for the homework, then commit and push to your remote repository.
cd <path_to_repo> mkdir hw5 touch hw5/screencast_url.txt git add hw5 git commit -m "initial commit" git push
In this homework, you will perform a penetration test on the security of any of the applications you have worked with or developed so far in this course including your LangChain RAG application, your LangChain agents, and your MCP agents.
As the RAG application has been loaded with documents from many sources, develop prompts to send your application to see how it may be vulnerable to:
As the agents developed have been given access to the Terminal and PythonREPL tools, test your application to see how it may be vulnerable to:
You may also attempt to attack your application with any of the techniques applied in the Adversarial Prompt Engineering enumeration at https://ape.hiddenlayer.com/. Based on the vulnerabilities described in class, show how the execution of your applications can be compromised in ways you initially did not intend or expect.
Upon completing your analysis, via a narrated screencast of no longer than 5 minutes, go through your findings and demonstrate the problematic executions of your applications. Ensure that the video camera is turned on initially in your screencast and that the screencast is published as "Unlisted". Then, update the file screencast_url.txt in the homework's directory to contain the URL that your unlisted screencast on MediaSpace is located. Push the changes that include the updated URL to your repository before class.
We will be using your screencast to evaluate your homework.
Explanation and demonstration of attacks on applications |
Number of prompts demonstrated |
Variety of adversarial attack types utilized |
Instructions followed properly including submission in the specified repository files, sequencing and length of screencast. |