AI Security Labs & CTFs

Hands-on practice environments for learning AI/LLM security through capture-the-flag challenges, vulnerable applications, and interactive labs.

20Labs
4Categories
0Completed
20 labs

Prompt Injection & Jailbreaking

Learn to identify and exploit prompt injection vulnerabilities

7 labs

Gandalf by Lakera

Free

Lakera

Classic LLM CTF where you must extract a secret password through escalating prompt injection techniques across 7 increasingly difficult levels.

Beginnerweb1-2 hours
LLM01
Prompt InjectionJailbreaking
Progressive difficultyInstant feedback
Launch Lab

Gandalf Agent Breaker

Free

Lakera

Advanced version of Gandalf focusing on AI agent security. Exploit tool-using agents and multi-step reasoning vulnerabilities.

Advancedweb2-4 hours
LLM01LLM06
Agent SecurityTool Abuse
Agent-specific attacksTool manipulation
Launch Lab

Prompt Airlines (Wiz)

Free

Wiz

Navigate through a fictional airline booking system to exploit LLM vulnerabilities. Great for understanding real-world application contexts.

Intermediateweb2-3 hours
LLM01LLM02
Prompt InjectionBusiness Logic
Realistic scenarioMultiple attack vectors
Launch Lab

Tensor Trust

Free

Tensor Trust

Competitive prompt injection arena where you both attack other players' prompts and defend your own. Learn offense and defense simultaneously.

Intermediateweb2-4 hours
LLM01
Prompt InjectionDefense
PvP competitionLeaderboard
Launch Lab

GPT Prompt Attack

Free

43z

Simple beginner-friendly prompt injection challenges. Perfect for those just starting their AI security journey.

Beginnerweb30 min - 1 hour
LLM01
Prompt Injection
Beginner-friendlyQuick challenges
Launch Lab

HackMerlin

Free

HackMerlin

Interactive prompt injection challenges with a fantasy theme. Progress through different realms by defeating AI guardians.

Beginnerweb1-2 hours
LLM01
Prompt InjectionJailbreaking
Gamified learningMultiple levels
Launch Lab

Immersive Labs Prompt Injection

Free

Immersive Labs

Professional training platform with guided prompt injection exercises. Includes detailed explanations and learning objectives.

Beginnerweb2-3 hours
LLM01
Prompt Injection
Structured learningProgress tracking
Launch Lab

Comprehensive Testing Platforms

Full-featured platforms covering multiple vulnerability types

5 labs

Dreadnode Crucible

Free

Dreadnode

Advanced AI security testing platform with real-world scenarios. Covers prompt injection, data extraction, and more.

Advancedweb4-8 hours
LLM01LLM02LLM07
Prompt InjectionData ExtractionJailbreaking
Real-world scenariosLeaderboard
Launch Lab

HackTheAgent

Free

HackTheAgent

Comprehensive platform for testing AI agent vulnerabilities. Includes tool abuse, privilege escalation, and memory attacks.

Intermediateweb4-6 hours
LLM06LLM08
Agent SecurityTool AbusePrivilege Escalation
Agent-focusedMultiple attack vectors
Launch Lab

PortSwigger LLM Labs

Free

PortSwigger

High-quality LLM security labs from the creators of Burp Suite. Professional-grade training with detailed solutions.

Intermediateweb4-8 hours
LLM01LLM02LLM06
Prompt InjectionData ExtractionSSRF
Professional qualityDetailed explanations
Launch Lab

Gray Swan AI Arena

Free

Gray Swan

Competition-style AI security challenges with cash prizes. Test your skills against other researchers.

AdvancedwebOngoing
LLM01LLM09
JailbreakingSafety Bypass
Cash prizesLeaderboard
Launch Lab

RedTeam Arena

Free

RedTeam Arena

Crowdsourced red teaming platform where you can test LLMs and earn rewards for finding vulnerabilities.

IntermediatewebOngoing
LLM01LLM09
JailbreakingSafety Testing
Community-drivenMultiple models
Launch Lab

RAG & Data Extraction

Labs focused on RAG security and data exfiltration techniques

2 labs

MyLLMBank

Free

Arcanum

Practice extracting sensitive financial data from a RAG-powered banking assistant. Learn about indirect prompt injection.

Intermediateweb2-3 hours
LLM01LLM02LLM08
RAG AttacksData Extraction
Financial scenarioRAG exploitation
Launch Lab

MyLLMDoc

Free

Arcanum

Attack a document-processing LLM system. Extract confidential information from uploaded documents through the AI.

Advancedweb2-4 hours
LLM01LLM02LLM08
RAG AttacksDocument Poisoning
Document contextIndirect injection
Launch Lab

Self-Hosted Labs

Labs you can run locally for deeper learning and customization

6 labs

OWASP FinBot CTF

Free

OWASP

Official OWASP vulnerable LLM application covering all OWASP LLM Top 10 vulnerabilities in a financial context.

Intermediatedocker4-6 hours
LLM01LLM02LLM03LLM04LLM05LLM06LLM07LLM08LLM09LLM10
OWASP Top 10Financial
Full OWASP coverageDocker deployment
View on GitHubSource

Broken LLM Integration App

Free

Community

Intentionally vulnerable application demonstrating common LLM integration mistakes. Great for learning secure coding practices.

Beginnerdocker2-4 hours
LLM01LLM05LLM06
Integration VulnerabilitiesSecure Coding
Open sourceLearning focused
View on GitHub

PwnGPT CTF

Free

Community

Python-based CTF environment for practicing prompt injection attacks. Easy to set up and customize.

Intermediatedocker2-3 hours
LLM01
Prompt Injection
Python-basedCustomizable
View on GitHub

PromptMe OWASP

Free

Community

Comprehensive vulnerable LLM application aligned with OWASP LLM Top 10. Includes both challenges and solutions.

Intermediatedocker4-6 hours
LLM01LLM02LLM03LLM06LLM07
OWASP Top 10
OWASP alignedSolutions included
View on GitHub

Auto Parts CTF

Free

Arcanum

CTF scenario involving an auto parts shop chatbot. Practice customer service AI exploitation.

Intermediatedocker2-3 hours
LLM01LLM02
Prompt InjectionBusiness Logic
Business contextRealistic scenario
View on GitHub

Professional Secure AI Bot

Free

NSIDE

Test your skills against a hardened AI assistant. Learn what good defenses look like and how to bypass them.

Advanceddocker3-5 hours
LLM01
Defense BypassHardened Systems
Hardened targetDefense learning
View on GitHub

New to AI Security?

Start with beginner-friendly labs like Gandalf or GPT Prompt Attack to learn the fundamentals of prompt injection. Progress to intermediate platforms like PortSwigger Labs for comprehensive training.