VoiceGoat is a modular, "vulnerable by design" platform developed for security researchers to test and exploit voice-based AI agents. It maps directly to the OWASP Top 10 for LLM Applications, providing a hands-on environment for mastering offensive AI security.
Key Features
- Covers multiple OWASP LLM categories including Prompt Injection, Excessive Agency, and Vector/Embedding weaknesses.
- Supports multiple LLM backends including OpenAI (GPT-4o), AWS Bedrock, and a local mock provider for cost-free testing.
- Integration with Twilio Media Streams for realistic phone-based social engineering and voice exploitation scenarios.
- Gamified CTF structure with unique flag formats for validating successful exploits across different service modules.
- Built-in support for Docker and Terraform to facilitate rapid deployment in isolated research environments.
Use Cases
- Practicing direct and indirect prompt injection attacks against automated voice banking systems.
- Testing for excessive agency where AI agents have broad permissions to execute functions or access private data.
- Red teaming RAG (Retrieval-Augmented Generation) implementations to identify vector database poisoning or cross-tenant leakage.
- Developing and testing custom payloads to bypass voice-based authentication or logic controls.
