We Built Two AI Security Games. Play Them to Understand How Attacks Actually Work.


The best way to understand how to defend against an attack is to run one yourself.
That's the idea behind Enkrypt AI Academy Games — two free, browser-based security challenges that put you in the role of an attacker so you can experience, firsthand, exactly how AI systems get compromised. No setup. No credentials required. Just a browser and some curiosity.
Both games are live now at academy.enkryptai.com/play.

Why games?
AI security is hard to teach in the abstract. Concepts like prompt injection, tool chain attacks, and agentic exploitation sound theoretical until you've actually watched an AI give up its secrets because you phrased a question in just the right way.
Games create that moment. They put a real AI system in front of you, give you an objective, and let you discover the vulnerability yourself. That kind of learning sticks in a way that a blog post or a course module rarely does.
We built Enkrypt AI Academy to help security teams, developers, and AI practitioners understand the real risks in AI systems — and the games are the most direct path to that understanding.
CIPHER: Prompt Injection Challenge
CIPHER is a seven-level prompt injection challenge. Each level presents an AI guardian protecting a secret codeword. Your job: extract it.
The first level is a tutorial - it eases you into the mechanics of prompt injection and social engineering. By the time you reach the higher levels, you're up against production-grade Enkrypt guardrails. The challenge gets progressively harder in ways that mirror how real systems are hardened.
.png)
What CIPHER teaches you in practice:

This is the "classic" game for a reason. Prompt injection remains one of the most prevalent and underestimated attack vectors in deployed AI systems. Understanding how it works from the attacker's perspective is table stakes for anyone securing AI.
VAULT: Agentic Red Team Sim
VAULT is newer and goes further.
The scenario: you've found a vulnerability in the chat interface of Nexus Corp's internal AI assistant, ARIA. She manages operations, retrieves classified files, and broadcasts memos. She's built on the OpenAI Agents SDK and has access to real tools. Your objective is to orchestrate a multi-step attack chain across four scenarios to exfiltrate the company's secrets.
This is agentic AI security, not just LLM security. ARIA doesn't just generate text — she takes actions. That's what makes tool chain attacks qualitatively different from classic prompt injection. You're not just manipulating output; you're manipulating an agent that can do things.
VAULT is built on the same architecture that real enterprise AI systems use. The tool activity monitor shows you, in real time, which tools ARIA is invoking as your attack progresses. That transparency is intentional — it's how you learn to spot the same signals in production.
.png)
Four scenarios, fully sandboxed, tutorial through hard difficulty.
Both games use real AI models
This is not a simulation on top of a scripted system. Both CIPHER and VAULT run against real AI models with real guardrails. When you succeed in extracting a secret or completing an attack chain, you've actually done it — against a live system.
That's what makes the learning transfer. And it's what makes both games genuinely difficult at the higher levels.
Who should play
The games are useful across a wide range of backgrounds:
- Security practitioners building AI threat models
- Engineers who ship AI and want to know what they're exposing
- Compliance and risk teams in regulated industries
- Anyone who learns better by doing than by reading
No prior AI security knowledge required for the tutorial levels. The difficulty curve handles the rest.
Leaderboards
Both games have public leaderboards. If you make it to the top, we'll know.
CIPHER Leaderboard · VAULT Leaderboard
Start playing
If you want to go deeper after the games, the full Academy — courses, learning paths, and the AI Policy Builder — is at academy.enkryptai.com.
The Enkrypt AI Academy is free to access. No account required to play CIPHER or VAULT.
.avif)


.png)
