Examples Overview¶
Welcome to the A2A Security Examples! This section contains hands-on examples that demonstrate secure agent-to-agent communication patterns, with a focus on progressive security learning.
🎯 Purpose¶
These examples are designed to teach security through progressive stages, from intentionally vulnerable implementations to production-ready systems. Each example focuses on different security challenges and compliance requirements.
Four comprehensive examples covering API security, file handling, session management, and adversarial defense.
📚 Available Examples¶
1. Credit Report Analysis Agent¶
Focus: File Upload Security & PII Protection
A comprehensive 4-stage progression demonstrating secure handling of sensitive financial documents and personally identifiable information (PII).
Path: examples/a2a_credit_report_example/
Stages:¶
| Stage | Description | Security Rating | Time | Status |
|---|---|---|---|---|
| Stage 1: Insecure | 30+ vulnerabilities, no security | 0/10 ❌ | 3-4 hours | Educational Only |
| Stage 2: Improved | Partial fixes, 15+ remaining issues | 4/10 ⚠️ | 4-6 hours | Not Production Ready |
| Stage 3: Secure | Production-grade, full compliance | 10/10 ✅ | 6-8 hours | Production Ready |
| Stage 4: AI-Integrated | Secure AI/ML integration | 10/10 ✅ | 6-8 hours | Enterprise Ready |
Key Learning Topics: - 8-layer file validation framework - Field-level PII encryption - FCRA/GDPR compliance - Secure AI model integration - Differential privacy - Explainable AI (XAI)
Regulatory Focus: FCRA, GDPR, GLBA
Total Study Time: 19-26 hours
2. Cryptocurrency Price Agent¶
Focus: API Security & Real-time Data Handling
Demonstrates secure integration with external APIs, rate limiting, and data validation for a cryptocurrency price monitoring agent.
Path: examples/a2a_crypto_example/
Key Learning Topics: - Secure API key management - Rate limiting and throttling - Input/output validation - Error handling and retry logic - MCP protocol implementation
Study Time: 2-3 hours
3. Task Collaboration System¶
Focus: Session Management & Multi-Agent Coordination
A multi-stage example focusing on session security, authentication, and coordinating multiple agents securely.
Path: examples/a2a_task_collab_example/
Stages: - Stage 1: Insecure (25+ vulnerabilities) - Stage 2: Improved (partial fixes) - Stage 3: Secure (production-ready) - Stage 4: Distributed (Redis-backed) - Stage 5: Web Framework (Flask integration)
Key Learning Topics: - Session management and binding - Multi-factor authentication - RBAC authorization - State encryption - Distributed session storage
Study Time: 15-22 hours
4. Adversarial Agent System¶
Focus: Adversarial Attacks & Multi-Agent Defense
A 3-stage progression demonstrating how malicious agents can attack multi-agent systems and comprehensive defense mechanisms to detect and prevent such attacks.
Path: examples/a2a_adversarial_agent_example/
Stages: - Stage 1: Insecure (5 attacks succeed) - Stage 2: Improved (partial defenses) - Stage 3: Secure (comprehensive defense)
Key Learning Topics: - Data exfiltration prevention - Permission escalation detection - Task injection prevention - Credit stealing mitigation - State poisoning defense - Behavioral analysis - Anomaly detection - Automated quarantine
Study Time: 8-12 hours
🗺️ Learning Paths¶
Path 1: File Security & Compliance (Credit Report Example)¶
Recommended For: - Developers handling sensitive documents - Compliance-focused applications - Healthcare and financial systems
Progression: 1. Start with Credit Report Stage 1 - Learn file upload vulnerabilities 2. Progress through Stage 2 - Understand why partial security fails 3. Master Stage 3 - Implement production security 4. Advanced: Stage 4 - Add secure AI capabilities
Duration: 19-26 hours total
Path 2: API Integration & Real-time Systems¶
Recommended For: - Integrating with external services - Building real-time monitoring agents - Learning MCP protocol basics
Progression: 1. Start with Crypto Price Agent 2. Understand API security patterns 3. Implement rate limiting 4. Apply to Credit Report Stage 3
Duration: 8-11 hours
Path 3: Complete Security Journey¶
Recommended For: - Security professionals - System architects - Anyone seeking comprehensive understanding
Progression: 1. Credit Report Stages 1-3 (understanding fundamentals) 2. Task Collaboration Stages 1-3 (session security) 3. Adversarial Agent Stages 1-3 (attack detection and defense) 4. Advanced stages (distributed systems, AI integration)
Duration: 40+ hours
📊 Example Comparison Matrix¶
| Feature | Credit Report | Crypto Agent | Task Collab | Adversarial Agent |
|---|---|---|---|---|
| Primary Focus | File Upload & PII | API Integration | Session Management | Adversarial Defense |
| Stages | 4 | 3 | 5 | 3 |
| Difficulty | ⭐⭐⭐ Advanced | ⭐⭐ Intermediate | ⭐⭐⭐⭐ Expert | ⭐⭐⭐ Advanced |
| Compliance | FCRA, GDPR | Basic | RBAC, Audit | Zero-Trust |
| Encryption | Field-level | Transport | Full stack | Transport + JWT |
| AI Integration | ✅ Stage 4 | ❌ | ❌ | ❌ |
| Multi-Agent | ❌ | ❌ | ✅ | ✅ |
| Attack Types | File-based | Query-based | Session-based | Multi-vector |
| Defense Focus | Prevention | Prevention | Prevention | Detection + Response |
| Total Hours | 19-26 | 2-3 | 15-22 | 8-12 |
🎓 By Skill Level¶
Beginners (New to Security)¶
Start Here: - Credit Report Stage 1 - Crypto Price Agent
Why: Clear vulnerabilities, straightforward attacks, foundational concepts
Time: 5-7 hours
Intermediate (Some Security Knowledge)¶
Start Here: - Credit Report Stage 2 - Task Collaboration Stage 1-2
Why: Understand partial security, defense-in-depth, common mistakes
Time: 10-15 hours
Advanced (Security Practitioners)¶
Start Here: - Credit Report Stage 3 - Task Collaboration Stage 3
Why: Production patterns, compliance implementation, comprehensive controls
Time: 14-20 hours
Expert (Security Architects)¶
Focus On: - Credit Report Stage 4 (AI security) - Task Collaboration Stage 4-5 (distributed systems)
Why: Cutting-edge security patterns, AI integration, scaling considerations
Time: 12-16 hours
🔍 By Security Topic¶
Want to Learn About...¶
File Upload Security → Credit Report Stage 1-3 - Magic byte validation - Path traversal prevention - Virus scanning integration - 8-layer validation framework
PII Protection → Credit Report Stage 1-3 - Field-level encryption - Data minimization - Secure logging practices - Compliance requirements
API Security → Crypto Price Agent - Secure key management - Rate limiting - Input/output validation - Error handling
Authentication → Credit Report Stage 2-3, Task Collaboration - Password hashing (bcrypt) - Multi-factor authentication (TOTP) - OAuth/OIDC integration - Session management
Encryption → Credit Report Stage 3 - AES-256-GCM - Field-level encryption - Key management - Transport security (TLS)
AI Security → Credit Report Stage 4 - Differential privacy - Model security - Explainable AI - Adversarial defense
Compliance → Credit Report All Stages - FCRA requirements - GDPR implementation - Audit logging - Data retention
Session Management → Task Collaboration - Session binding - State encryption - Timeout management - Distributed sessions
Adversarial Defense → Adversarial Agent Stage 1-3 - Data exfiltration prevention - Permission escalation detection - Behavioral anomaly detection - Automated quarantine systems
🚀 Quick Start¶
1. Choose Your Example¶
Based on your needs: - Learning file security? → Credit Report - API integration? → Crypto Agent
- Session security? → Task Collaboration
2. Start at the Right Level¶
- Never done security before? → Stage 1
- Some experience? → Stage 2
- Production experience? → Stage 3
- Expert level? → Stage 4
3. Set Up Your Environment¶
# Clone the repository
git clone https://github.com/robertfischer3/fischer3_a2a_introduction.git
cd fischer3_a2a_introduction
# Navigate to your chosen example
cd examples/a2a_credit_report_example/insecure
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Run the example
python server.py
4. Read the Documentation¶
Each stage has comprehensive documentation: - Overview and learning objectives - Architecture diagrams - Vulnerability analysis (Stages 1-2) - Security controls (Stages 3-4) - Attack demonstrations - Code examples - Running instructions
5. Complete the Exercises¶
- Run attack demonstrations
- Identify vulnerabilities
- Compare stages
- Implement fixes
- Test security controls
📋 Example Structure¶
All examples follow a consistent structure:
example_name/
├── stageX_name/
│ ├── server.py # Main application
│ ├── requirements.txt # Dependencies
│ ├── README.md # Stage-specific docs
│ ├── config/ # Configuration
│ ├── tests/ # Test suite
│ └── demos/ # Attack demonstrations
└── docs/
└── SECURITY_ANALYSIS.md # Detailed security analysis
🎯 Success Criteria¶
You'll know you've mastered an example when you can:
- Identify all vulnerabilities in Stage 1
- Run attack demonstrations successfully
- Explain why each vulnerability matters
- Understand the security controls in Stage 3
- Implement similar controls in your own code
- Pass the stage's security checklist
📚 Additional Resources¶
Documentation¶
External Resources¶
Tools & Libraries¶
- ClamAV - Virus scanning
- Cryptography - Python crypto library
- python-magic - File type detection
- PyOTP - MFA implementation
🤝 Contributing¶
Found an issue or want to add an example?
- Check existing examples for patterns
- Follow the stage progression model
- Include comprehensive documentation
- Add attack demonstrations
- Submit a pull request
See Contributing Guidelines for details.
⚠️ Important Disclaimers¶
Security¶
- ⚠️ Stage 1 examples are intentionally vulnerable for educational purposes
- ❌ Never use Stage 1 or Stage 2 code in production
- ✅ Only Stage 3+ implementations are production-ready
Legal¶
- 🔒 Do not test attacks against real systems without permission
- 📜 Unauthorized access to credit reports is illegal under FCRA
- 🌍 Respect all applicable laws and regulations
- ⚖️ Use synthetic data only in examples
Testing¶
- ✅ Use only in isolated test environments
- ✅ Use synthetic/dummy data
- ✅ Do not use real PII
- ✅ Do not connect to production systems
🆘 Getting Help¶
For Example-Specific Questions¶
- Check the example's README.md
- Review the stage documentation
- Look at the code comments
- Try the demos/tests
For General Questions¶
- Course discussion forums
- Office hours
- Teaching assistant support
- GitHub Issues
For Security Issues¶
If you discover a real security vulnerability in the teaching materials: - Do not disclose publicly - Email: security@[your-domain] - Provide: example name, stage, description, steps to reproduce
📈 Progress Tracking¶
Track your progress through the examples:
Credit Report Agent¶
- Stage 1: Insecure
- Stage 2: Improved
- Stage 3: Secure
- Stage 4: AI-Integrated
Crypto Price Agent¶
- Basic Implementation
- Security Hardening
- Production Deployment
Task Collaboration System¶
- Stage 1: Insecure
- Stage 2: Improved
- Stage 3: Secure
- Stage 4: Distributed
- Stage 5: Web Framework
🎓 Certification Mapping¶
These examples support preparation for:
- CompTIA Security+: Cryptography, network security, access control
- CEH (Certified Ethical Hacker): Attack techniques, vulnerability identification
- CISSP: Security engineering, access control, cryptography
- Cloud Security: API security, distributed systems
🔄 Updates & Roadmap¶
Current Version: 2.0 (January 2026)
Recent Updates: - ✅ Added Credit Report Agent (4 stages) - ✅ Added AI security integration (Stage 4) - ✅ Enhanced documentation - ✅ Added attack demonstrations
Coming Soon: - Healthcare Data Agent (HIPAA compliance) - Blockchain Integration Security - IoT Device Security Patterns - More AI/ML security examples
📞 Contact¶
Project Maintainer: Robert Fischer
Email: robert@fischer3.net
Project: A2A Security Learning Examples
Last Updated: January 2026
Version: 2.0
License: MIT (Educational Use)