Back to Blogs
CONTENT
This is some text inside of a div block.

Join 2,000+ readers

The insights that matter, straight to your inbox. No spam.

4
min read

We Built Two AI Security Games. Play Them to Understand How Attacks Actually Work.

Published on
June 30, 2026
4 min read

The best way to understand how to defend against an attack is to run one yourself.

That's the idea behind Enkrypt AI Academy Games  two free, browser-based security challenges that put you in the role of an attacker so you can experience, firsthand, exactly how AI systems get compromised. No setup. No credentials required. Just a browser and some curiosity.

Both games are live now at academy.enkryptai.com/play.

Why games?

AI security is hard to teach in the abstract. Concepts like prompt injection, tool chain attacks, and agentic exploitation sound theoretical until you've actually watched an AI give up its secrets because you phrased a question in just the right way.

Games create that moment. They put a real AI system in front of you, give you an objective, and let you discover the vulnerability yourself. That kind of learning sticks in a way that a blog post or a course module rarely does.

We built Enkrypt AI Academy to help security teams, developers, and AI practitioners understand the real risks in AI systems and the games are the most direct path to that understanding.

CIPHER: Prompt Injection Challenge

CIPHER is a seven-level prompt injection challenge. Each level presents an AI guardian protecting a secret codeword. Your job: extract it.

The first level is a tutorial - it eases you into the mechanics of prompt injection and social engineering. By the time you reach the higher levels, you're up against production-grade Enkrypt guardrails. The challenge gets progressively harder in ways that mirror how real systems are hardened.

What CIPHER teaches you in practice:

This is the "classic" game for a reason. Prompt injection remains one of the most prevalent and underestimated attack vectors in deployed AI systems. Understanding how it works from the attacker's perspective is table stakes for anyone securing AI.

Start CIPHER →

VAULT: Agentic Red Team Sim

VAULT is newer and goes further.

The scenario: you've found a vulnerability in the chat interface of Nexus Corp's internal AI assistant, ARIA. She manages operations, retrieves classified files, and broadcasts memos. She's built on the OpenAI Agents SDK and has access to real tools. Your objective is to orchestrate a multi-step attack chain across four scenarios to exfiltrate the company's secrets.

This is agentic AI security, not just LLM security. ARIA doesn't just generate text, she takes actions. That's what makes tool chain attacks qualitatively different from classic prompt injection. You're not just manipulating output; you're manipulating an agent that can do things.

VAULT is built on the same architecture that real enterprise AI systems use. The tool activity monitor shows you, in real time, which tools ARIA is invoking as your attack progresses. That transparency is intentional, it's how you learn to spot the same signals in production.

Four scenarios, fully sandboxed, tutorial through hard difficulty.

Begin Infiltration →

Both games use real AI models

This is not a simulation on top of a scripted system. Both CIPHER and VAULT run against real AI models with real guardrails. When you succeed in extracting a secret or completing an attack chain, you've actually done it against a live system.

That's what makes the learning transfer. And it's what makes both games genuinely difficult at the higher levels.

Who should play

The games are useful across a wide range of backgrounds:

  • Security practitioners building AI threat models
  • Engineers who ship AI and want to know what they're exposing
  • Compliance and risk teams in regulated industries
  • Anyone who learns better by doing than by reading

No prior AI security knowledge required for the tutorial levels. The difficulty curve handles the rest.

Leaderboards

Both games have public leaderboards. If you make it to the top, we'll know.

CIPHER Leaderboard · VAULT Leaderboard

Start playing

academy.enkryptai.com/play

If you want to go deeper after the games, the full Academy courses, learning paths, and the AI Policy Builder is at academy.enkryptai.com.

The Enkrypt AI Academy is free to access. No account required to play CIPHER or VAULT.

Frequently Asked Questions

What is prompt injection and why does it matter in AI security?

Prompt injection is an attack that manipulates AI systems into revealing secrets or performing unintended actions by phrasing requests in specific ways. It remains one of the most prevalent attack vectors in deployed AI systems.

  • Attackers craft carefully worded prompts to bypass AI guardrails.
  • Prompt injection works against production-grade AI models and defenses.
  • Understanding injection from the attacker's perspective is essential for defense.
How do you test AI systems for prompt injection vulnerabilities?

The most effective way to test for prompt injection is to run attacks yourself through hands-on security challenges that put you in the attacker role. Enkrypt AI Academy offers free browser-based games that simulate real attack scenarios without setup or credentials required.

  • CIPHER game teaches prompt injection across seven progressive difficulty levels.
  • Each level presents an AI guardian protecting secrets you must extract.
  • Real AI models and production-grade guardrails are used in challenges.
What's the difference between prompt injection attacks and agentic AI attacks?

Prompt injection manipulates text output, while agentic attacks orchestrate multi-step chains where AI agents take real actions using tools. Tool chain attacks are qualitatively different because agents can execute commands, retrieve files, and invoke external systems.

  • Prompt injection targets LLM output generation only.
  • Agentic attacks manipulate agents that invoke real tools and services.
  • VAULT game demonstrates four-scenario tool chain attack chains.
Which platform offers hands-on AI red teaming games to learn attack methods?

Enkrypt AI Academy Games provide free, browser-based security challenges where you learn to attack AI systems firsthand. Both CIPHER and VAULT games teach real attack vectors across 300+ red-teaming risk categories that Enkrypt AI covers in production.

  • CIPHER teaches prompt injection through seven progressive levels.
  • VAULT simulates agentic attacks on AI assistants with real tool access.
  • Games use real AI models and production-grade guardrails for authenticity.
How can Enkrypt AI help my team understand and defend against prompt injection and agentic attacks?

Enkrypt AI stops agentic attacks before they happen. Ready to see how our guardrails handle real tool chain threats? Book a demo to watch it work on your agents, or start a free trial today.

Meet the Writer
Sheetal J
Latest posts

More articles

Industry Trends

Harvest Now, Decrypt Later: Why AI Agents Are the Threat No One's Watching

AI agents are quietly turning harvest-now-decrypt-later into a volume attack. Here's where agents leak data today, and how to close the gap before Q-Day.
Read post
Guest Posts

Securing AI at Scale in APAC: Why Kode-1 and Enkrypt AI Are Building This Together

Explore how Enkrypt AI and Kode-1 combine AI governance, security, and risk management expertise to help enterprises adopt AI responsibly and at scale.
Read post
Guest Posts

Why "Fast AI" and "Safe AI" Were Never Actually in Conflict

Discover why regulated enterprises and BPOs need enforceable AI governance, real-time guardrails, and audit-ready compliance to scale AI confidently. Learn how Ascent and Enkrypt AI are helping organizations accelerate adoption without increasing regulatory risk.
Read post