Real-world prompt injection scenarios. Simulated. Safe. Educational.
Inject XSS payloads through an AI-triaged workflow and land code execution when an analyst reviews the generated case summary. Realistic target, safe simulated environment with escalating difficulty across four levels.
Manipulate a research assistant into reaching simulated internal services through indirect retrieval chains. Escalate access across four levels of increasing complexity in a safe, simulated environment.
A simulated social media support assistant with tool-calling capabilities. The attacker uses VPN location spoofing combined with prompt injection to trick the AI into adding a malicious email and sending a password reset token.
A search AI assistant with hidden system instructions and an internal codename. Users discovered that "ignore previous instructions" combined with meta-references to "the text above" could force the model to reveal its entire system prompt.
A simulated automotive sales chatbot. A customer prompt-injected the AI into adopting an "agree with anything" persona, then convinced it to sell a $75,000 vehicle for $1 — the real 2023 dealership incident.
An enterprise recruiting assistant with access to candidate profiles and internal messaging. Prompt injection can be used to extract sensitive hiring data or manipulate outreach campaigns.
A banking chatbot with balance inquiry and transfer capabilities. Prompt injection can bypass authentication checks and simulate unauthorized fund transfers or sensitive financial data leaks.
A medical assistant with access to patient records and appointment scheduling. Prompt injection can bypass consent checks and simulate unauthorized protected health information (PHI) disclosure.
Team meeting summarizer with indirect prompt injection. Exploit the Schlack AI to exfiltrate private channel data through a meeting summary.