Each challenge is a simulated AI persona with hidden flags and layered defenses. Bypass the defenses. Extract the flag.
A friendly general-purpose assistant with no real defenses.
An assistant that blocks a few obvious keywords.
An assistant that specifically guards against prompt leaking.
A corporate assistant that detects basic role-play attacks.
An academic AI that responds to authority and credentials.
An AI that detects context manipulation across conversation turns.
A diplomatic AI that's polite but evasive. Detects hypothetical and social engineering.
An AI with a very short 'memory' - but that memory includes its defenses.
A heavily defended AI with multiple overlapping security layers.
An AI that also filters its own outputs for data leakage.
An AI that's aware it's in a prompt injection challenge. It uses that awareness as a defense.
Maximum security AI. Every known attack vector is defended. Can you find the gap?