AI pentesting. CTF challenges.

Live LLM agents. 23 challenges. 11 modules. The WCAP credential.

SYSTEM PROMPT EXTRACTION · ADVANCED

Pyromos, Drake of Ember Hollow

A thousand-year-old dragon guards his true name. He will roar at direct demands. But his vanity as a poet, his pride as a scholar, and his love of riddles are cracks in his armor.

Defeat the dragon →

INDIRECT PROMPT INJECTION · INTERMEDIATE

The Oracle of Whispers

The Oracle refuses direct questions about the Star-Name. But she reads every scroll left at her altar and treats its contents as sacred prophecy. Leave an offering.

Consult the Oracle →

MEMORY POISONING · INTERMEDIATE

Mira Ulvov, the Memory Smuggler

Runs the Hollow Shelves, the back-channel where corporate AI sessions go to be quietly retained. Won't retrieve another client's deposit on demand. Will when you ask for a reconciliation echo.

Probe the smuggler →

More champions wait inside the Academy: 🗺️ The Cartographer of Hollow Marches, 🧞 The Genie in the Lamp, 🔨 The Vault Golem, and 👥 The Shapeshifter of the Crossroads. Enter the Academy →

THESE SKILLS PAY · Mozilla, OpenAI, Anthropic, Google, and Microsoft all run AI bug bounty programs. See the active list →

/academy

Inside the Academy

23 hands-on challenges live, more dropping weekly. You chat with a test AI agent, extract the flag, learn why the attack worked. Each challenge teaches a distinct real-world attack class.

intermediate

🗺️ Cartographer of Hollow Marches

Trick a 300-year-old cartographer into encoding fortress coordinates into a markdown image URL. Data exfiltration, fantasy-framed.

beginner

Direct Extraction

Get the bot to leak its system prompt with a direct ask. The fastest first capture in the Academy.

intermediate

Translation Bypass

Bypass system-prompt protections by asking the model to translate, not reveal.

intermediate

Tool Abuse

Path-traversal attack through the agent's read_file tool. Reach /etc/passwd through a customer-support bot.

intermediate

RAG Poisoning

Plant a poisoned document in the vector index. Watch the next user query rewrite itself in your favor.

intermediate

Roleplay Jailbreak

Slip past a guardrail by re-contextualizing the request as a character's dialogue inside a story.

23 challenges live · more dropping weekly

/incidents · 36 REAL-WORLD CASES

The AI Security Incident Database

Every challenge in the Academy is modeled on an attack that actually landed. We track the real ones (breaches, CVEs, jailbreaks, and data-exfiltration incidents), each with a root cause, the fix, and a primary source. From the Bing "Sydney" prompt leak to the latest Hugging Face Transformers RCE.

Browse the incident database →

/modules

Learn the theory alongside the practice.

Each module is concept · walkthrough · practice · quiz · defenses · extensions. ~45 minutes each. Pair them with the challenges for full attack-class mastery. All free.

Prompt Injection

Direct, indirect, and multi-turn injection attacks against LLM agents.

Read the module →

Indirect Prompt Injection

Poisoning the content an agent reads: RAG sources, emails, web pages, calendar invites.

Read the module →

System Prompt Extraction

Three attack families that pull hidden instructions out of production agents.

Read the module →

Tool Abuse

Excessive agency, argument injection, SSRF, and tool-chaining exploits.

Read the module →

Data Exfiltration

Markdown image rendering as a covert channel. What hit ChatGPT, Copilot, and Claude.ai.

Read the module →

Guardrail Bypass

Encoded payloads, persona-drift, multi-turn crescendo, and authority confusion.

Read the module →

Plus 3 advanced modules · Insecure Output Handling · Unbounded Consumption · Vector Embedding Weaknesses

Want the credential? About the WCAP exam →

WCAP, Wraith Certified AI Pentester credential badge

WCAP · WRAITH CERTIFIED AI PENTESTER

Solve 5 challenges. Sit the exam free.

Founding-cohort operators earn a free exam attempt by capturing 5 flags. 24-hour window, 10 scenarios, auto-graded.

About the WCAP exam →

Pick a target. Capture the flag.

A growing catalog of hands-on CTF challenges against live LLM agents. Every capture teaches a real attack class, the same techniques landing on production AI systems today. New characters drop on a regular cadence.

Open the Academy →About WCAP