We Built Two AI Security Games. Play Them to Understand How Attacks Actually Work.


The best way to understand how to defend against an attack is to run one yourself.
That's the idea behind Enkrypt AI Academy Games two free, browser-based security challenges that put you in the role of an attacker so you can experience, firsthand, exactly how AI systems get compromised. No setup. No credentials required. Just a browser and some curiosity.
Both games are live now at academy.enkryptai.com/play.

Why games?
AI security is hard to teach in the abstract. Concepts like prompt injection, tool chain attacks, and agentic exploitation sound theoretical until you've actually watched an AI give up its secrets because you phrased a question in just the right way.
Games create that moment. They put a real AI system in front of you, give you an objective, and let you discover the vulnerability yourself. That kind of learning sticks in a way that a blog post or a course module rarely does.
We built Enkrypt AI Academy to help security teams, developers, and AI practitioners understand the real risks in AI systems and the games are the most direct path to that understanding.
CIPHER: Prompt Injection Challenge
CIPHER is a seven-level prompt injection challenge. Each level presents an AI guardian protecting a secret codeword. Your job: extract it.
The first level is a tutorial - it eases you into the mechanics of prompt injection and social engineering. By the time you reach the higher levels, you're up against production-grade Enkrypt guardrails. The challenge gets progressively harder in ways that mirror how real systems are hardened.
.png)
What CIPHER teaches you in practice:

This is the "classic" game for a reason. Prompt injection remains one of the most prevalent and underestimated attack vectors in deployed AI systems. Understanding how it works from the attacker's perspective is table stakes for anyone securing AI.
VAULT: Agentic Red Team Sim
VAULT is newer and goes further.
The scenario: you've found a vulnerability in the chat interface of Nexus Corp's internal AI assistant, ARIA. She manages operations, retrieves classified files, and broadcasts memos. She's built on the OpenAI Agents SDK and has access to real tools. Your objective is to orchestrate a multi-step attack chain across four scenarios to exfiltrate the company's secrets.
This is agentic AI security, not just LLM security. ARIA doesn't just generate text, she takes actions. That's what makes tool chain attacks qualitatively different from classic prompt injection. You're not just manipulating output; you're manipulating an agent that can do things.
VAULT is built on the same architecture that real enterprise AI systems use. The tool activity monitor shows you, in real time, which tools ARIA is invoking as your attack progresses. That transparency is intentional, it's how you learn to spot the same signals in production.
.png)
Four scenarios, fully sandboxed, tutorial through hard difficulty.
Both games use real AI models
This is not a simulation on top of a scripted system. Both CIPHER and VAULT run against real AI models with real guardrails. When you succeed in extracting a secret or completing an attack chain, you've actually done it against a live system.
That's what makes the learning transfer. And it's what makes both games genuinely difficult at the higher levels.
Who should play
The games are useful across a wide range of backgrounds:
- Security practitioners building AI threat models
- Engineers who ship AI and want to know what they're exposing
- Compliance and risk teams in regulated industries
- Anyone who learns better by doing than by reading
No prior AI security knowledge required for the tutorial levels. The difficulty curve handles the rest.
Leaderboards
Both games have public leaderboards. If you make it to the top, we'll know.
CIPHER Leaderboard · VAULT Leaderboard
Start playing
If you want to go deeper after the games, the full Academy courses, learning paths, and the AI Policy Builder is at academy.enkryptai.com.
The Enkrypt AI Academy is free to access. No account required to play CIPHER or VAULT.
Frequently Asked Questions
Prompt injection is an attack that manipulates AI systems into revealing secrets or performing unintended actions by phrasing requests in specific ways. It remains one of the most prevalent attack vectors in deployed AI systems.
- Attackers craft carefully worded prompts to bypass AI guardrails.
- Prompt injection works against production-grade AI models and defenses.
- Understanding injection from the attacker's perspective is essential for defense.
The most effective way to test for prompt injection is to run attacks yourself through hands-on security challenges that put you in the attacker role. Enkrypt AI Academy offers free browser-based games that simulate real attack scenarios without setup or credentials required.
- CIPHER game teaches prompt injection across seven progressive difficulty levels.
- Each level presents an AI guardian protecting secrets you must extract.
- Real AI models and production-grade guardrails are used in challenges.
Prompt injection manipulates text output, while agentic attacks orchestrate multi-step chains where AI agents take real actions using tools. Tool chain attacks are qualitatively different because agents can execute commands, retrieve files, and invoke external systems.
- Prompt injection targets LLM output generation only.
- Agentic attacks manipulate agents that invoke real tools and services.
- VAULT game demonstrates four-scenario tool chain attack chains.
Enkrypt AI Academy Games provide free, browser-based security challenges where you learn to attack AI systems firsthand. Both CIPHER and VAULT games teach real attack vectors across 300+ red-teaming risk categories that Enkrypt AI covers in production.
- CIPHER teaches prompt injection through seven progressive levels.
- VAULT simulates agentic attacks on AI assistants with real tool access.
- Games use real AI models and production-grade guardrails for authenticity.
Enkrypt AI stops agentic attacks before they happen. Ready to see how our guardrails handle real tool chain threats? Book a demo to watch it work on your agents, or start a free trial today.
.avif)
.jpg)


