Back to Blogs
CONTENT
This is some text inside of a div block.
Product Updates
4
min read

We Built Two AI Security Games. Play Them to Understand How Attacks Actually Work.

Published on
June 30, 2026
4 min read

The best way to understand how to defend against an attack is to run one yourself.

That's the idea behind Enkrypt AI Academy Games — two free, browser-based security challenges that put you in the role of an attacker so you can experience, firsthand, exactly how AI systems get compromised. No setup. No credentials required. Just a browser and some curiosity.

Both games are live now at academy.enkryptai.com/play.

Why games?

AI security is hard to teach in the abstract. Concepts like prompt injection, tool chain attacks, and agentic exploitation sound theoretical until you've actually watched an AI give up its secrets because you phrased a question in just the right way.

Games create that moment. They put a real AI system in front of you, give you an objective, and let you discover the vulnerability yourself. That kind of learning sticks in a way that a blog post or a course module rarely does.

We built Enkrypt AI Academy to help security teams, developers, and AI practitioners understand the real risks in AI systems — and the games are the most direct path to that understanding.

CIPHER: Prompt Injection Challenge

CIPHER is a seven-level prompt injection challenge. Each level presents an AI guardian protecting a secret codeword. Your job: extract it.

The first level is a tutorial - it eases you into the mechanics of prompt injection and social engineering. By the time you reach the higher levels, you're up against production-grade Enkrypt guardrails. The challenge gets progressively harder in ways that mirror how real systems are hardened.

What CIPHER teaches you in practice:

This is the "classic" game for a reason. Prompt injection remains one of the most prevalent and underestimated attack vectors in deployed AI systems. Understanding how it works from the attacker's perspective is table stakes for anyone securing AI.

Start CIPHER →

VAULT: Agentic Red Team Sim

VAULT is newer and goes further.

The scenario: you've found a vulnerability in the chat interface of Nexus Corp's internal AI assistant, ARIA. She manages operations, retrieves classified files, and broadcasts memos. She's built on the OpenAI Agents SDK and has access to real tools. Your objective is to orchestrate a multi-step attack chain across four scenarios to exfiltrate the company's secrets.

This is agentic AI security, not just LLM security. ARIA doesn't just generate text — she takes actions. That's what makes tool chain attacks qualitatively different from classic prompt injection. You're not just manipulating output; you're manipulating an agent that can do things.

VAULT is built on the same architecture that real enterprise AI systems use. The tool activity monitor shows you, in real time, which tools ARIA is invoking as your attack progresses. That transparency is intentional — it's how you learn to spot the same signals in production.

Four scenarios, fully sandboxed, tutorial through hard difficulty.

Begin Infiltration →

Both games use real AI models

This is not a simulation on top of a scripted system. Both CIPHER and VAULT run against real AI models with real guardrails. When you succeed in extracting a secret or completing an attack chain, you've actually done it — against a live system.

That's what makes the learning transfer. And it's what makes both games genuinely difficult at the higher levels.

Who should play

The games are useful across a wide range of backgrounds:

  • Security practitioners building AI threat models
  • Engineers who ship AI and want to know what they're exposing
  • Compliance and risk teams in regulated industries
  • Anyone who learns better by doing than by reading

No prior AI security knowledge required for the tutorial levels. The difficulty curve handles the rest.

Leaderboards

Both games have public leaderboards. If you make it to the top, we'll know.

CIPHER Leaderboard · VAULT Leaderboard

Start playing

academy.enkryptai.com/play

If you want to go deeper after the games, the full Academy — courses, learning paths, and the AI Policy Builder — is at academy.enkryptai.com.

The Enkrypt AI Academy is free to access. No account required to play CIPHER or VAULT.

Meet the Writer
Sheetal J
Latest posts

More articles

Guest Posts

Securing AI at Scale in APAC: Why Kode-1 and Enkrypt AI Are Building This Together

Explore how Enkrypt AI and Kode-1 combine AI governance, security, and risk management expertise to help enterprises adopt AI responsibly and at scale.
Read post
Guest Posts

Why "Fast AI" and "Safe AI" Were Never Actually in Conflict

Discover why regulated enterprises and BPOs need enforceable AI governance, real-time guardrails, and audit-ready compliance to scale AI confidently. Learn how Ascent and Enkrypt AI are helping organizations accelerate adoption without increasing regulatory risk.
Read post
Big Ideas

Vulnerability Management Isn't Security - And It Never Was

AI is reshaping vulnerability management — but VM alone isn't security, and never was. Why AI safety, governance & judgment define the next era of cyber defense.
Read post
Enkrypt AI, Inc
1660 Soldiers Field Rd. Brighton, MA 02135
LoginBook a Demo

SOLUTIONS

BY USE CASE

Customer Facing Agents
ClawPatrol
Frontier Models
AI Compliance and Audit
Secure Vibe Coding
Third Party AI Risk
MCP Security

Helpful links

Pricing
Resources
LLM Safety Leaderboard
Blog
Glossary
Newsroom
Partners
Case Studies

COMPANY

About Us
Careers
Contact Us
Copyright © 2026 Enkrypt AI, All rights reserved.
YouTubeX.comLinkedInTerms and Conditions