Valentin Gorbachev@vlangf793

AgentSurface is a tool for testing the security of real AI agents that are exposed through HTTP JSON APIs. Instead of relying on mock agents or generic jailbreak examples, AgentSurface connects to an actual agent endpoint, injects adversarial prompts into a configurable JSON request field, sends real HTTP requests, and records the full evidence trail: masked request, raw response, extracted answer, finding type, risk score, and recommendations. The project focuses on practical risks in AI-powered products: prompt injection, system prompt or secret disclosure, private data exposure, unsafe tool/action compliance, BOLA/IDOR-style cross-user access, and authorization gaps in support, finance, trading, CRM, and marketplace agents. AgentSurface includes a Streamlit UI with three main workspaces: Attack Sets for creating reusable adversarial prompt sets, Run for configuring the real API target and launching scans, and History for reviewing previous runs, findings, raw evidence, JSON exports, and policy drafts. It can also generate a Lobster Trap YAML policy draft, helping teams turn some detected risks into proxy-layer mitigations when applicable. The main idea behind AgentSurface is to treat an AI agent as an attack surface, not just as a chatbot. It helps teams test whether their agent follows security and business rules under adversarial input, while keeping concrete evidence that developers can use to debug and fix the issue.

ChaosMonkey MCP is a local-first MCP server for autonomous fault injection and crash discovery. It gives AI agents such as IBM Bob, Claude, Cursor, and Codex provider-agnostic chaos engineering tools that can stress-test local projects, inject failures, execute commands, and identify resilience issues automatically. The project focuses on autonomous crash discovery rather than remediation. ChaosMonkey MCP does not modify repositories or generate fixes. Instead, it helps AI agents uncover hidden failure modes such as null-handling bugs, malformed payload assumptions, weak validation, and fragile error handling. The platform currently includes: * fault injection through nested null mutation, * repeated chaos execution with deterministic seeds, * structured crash and traceback reporting, * safe local command execution, * secure local file reading, * a production-ready local FastMCP server. ChaosMonkey MCP runs entirely locally over stdio using the Model Context Protocol, without requiring any cloud backend or hosted infrastructure. The project was developed using IBM Bob IDE during the hackathon, including the MCP architecture, tool design, fault injection workflows, and crash discovery pipeline. It demonstrates how IBM Bob can be used to design AI-native developer tooling and autonomous resilience testing workflows.

Build solutions that improve how software is built. Work with an AI that understands your codebase, helping you reduce repetitive work and build with real context. ⏳ Build your project in 48 hours. 🚀 Get hands-on with IBM Bob and explore how AI fits into real development workflows before it becomes standard. 💡 Build tools and workflows that developers would actually use. ⭐ Learn directly from experts throughout the event. 🤝 Join a team or build solo. 💰 Prize pool: $10,000 🧑🏻‍💻 Register before the Kick-Off Stream and start building with Bob.

📅 May 11–19, 2026 • May 11 – 19: Online Build Phase. • May 18 (Hybrid Build Day – Online & Onsite) • May 19 (Demos & Awards – Online & Onsite) 🌍 Hybrid event. Join online from anywhere or build onsite at the venue. 🏆 Winners will be announced live on stage at the AI & Big Data Expo North America on May 19 📍 On-site Venue (May 18–19): San Jose McEnery Convention Center, CA, USA 🤝 Join solo or with a team. 🎟 FREE AI & Big Data Expo North America ticket included for participants that are able to join the on-site phase. 🏆Compete for a $10,000 prize pool 🧑‍💻 Apply now to design, prototype, and showcase enterprise-ready innovation.