prompt-injection lab

Learn to break (and defend) large language models.

HAL is a hands-on training ground for prompt-injection attacks. You'll talk to a deliberately stubborn AI gatekeeper across ten escalating levels, each guarding a secret password it has been instructed to protect. Your job: convince it otherwise.

  • 10 escalating challenges

    Each level adds a new defense — system prompts, output filters, role-play guards, bracket containers — that you'll learn to reason around.

  • Live AI gatekeeper

    You're not solving puzzles against a regex. HAL is a real LLM with hidden instructions; you'll need actual prompt-injection technique to break it.

  • Live leaderboard

    Standings update in real time across all operators. First to clear all 10 levels wins — ties broken by total elapsed time.

  • Private by default

    Your chat transcripts stay in your browser. Instructors see only your submissions and progress, never your local conversation history.

How it works // Probe HAL in the chat. When you think you've coaxed the password out, submit it as a flag to advance. Each correct flag unlocks the next level's harder defenses — and bumps you up the leaderboard.
built for classrooms · 10 levels · live AI · leaderboard
// secure terminal

HAL

Welcome, operator. Authenticate using your credentials or Google account to access the gatekeeper.

OR
sys.uplink // ready