A Coding Implementation to Build a Self-Testing Agentic AI System Using Strands to Red-Team Tool-Using Agents and Enforce Safety at Runtime

Agentic AI systems that can invoke external tools bring unprecedented productivity, but they also open new attack surfaces such as prompt‑injection and unauthorized data exfiltration. Traditional testing methods rely on handcrafted prompts, which miss many realistic adversarial scenarios. By leveraging Strands Agents, the presented framework creates a self‑contained red‑team that automatically crafts diverse injection techniques—authority spoofing, urgency cues, role‑play—ensuring broader coverage and continuous stress testing as models evolve.

The architecture separates concerns into three specialized agents: a target assistant equipped with mock tools like secret retrieval, webhooks, and file writes; a red‑team generator that outputs a JSON list of malicious prompts; and a judge that evaluates each interaction against structured criteria, flagging secret leaks, tool misuse, and measuring refusal quality on a 0‑5 scale. Observability is baked in through wrapper tools that log every call, turning opaque LLM behavior into auditable telemetry. The aggregated RedTeamReport quantifies overall risk, surfaces high‑impact failures, and supplies actionable recommendations such as tool allowlists, secret‑scanning pipelines, and policy‑review agents.

For enterprises deploying autonomous agents, this methodology provides a scalable safety net that can be integrated into CI/CD pipelines or continuous monitoring stacks. It shifts safety from a post‑hoc checklist to an engineering discipline, enabling rapid iteration on guardrails as new capabilities are added. As the industry moves toward more complex, multi‑modal agents, frameworks like this will become foundational for compliance, risk management, and maintaining user trust in AI‑driven workflows.