Practice Labs & CTFs

Dedicated AI Security Labs

LabFocusDifficultyURL
Gandalf (Lakera)Progressive prompt injection — extract a secret password across increasing difficulty levelsBeginner-Advancedgandalf.lakera.ai
Damn Vulnerable LLM AgentFull LLM application with intentional vulnerabilities — injection, tool abuse, data exfilIntermediategithub.com/WithSecureLabs/damn-vulnerable-llm-agent
Crucible (Dreadnode)AI security challenges with scoringIntermediate-Advancedcrucible.dreadnode.io
HackAPromptCompetitive prompt injection challengesBeginner-Intermediatehackaprompt.com
Prompt AirlinesLLM-powered airline booking with vulnerabilitiesBeginner-Intermediatepromptairlines.com
AI GoatOWASP-style vulnerable AI applicationIntermediategithub.com/dhammon/ai-goat

CTF Events

EventAI TrackFrequency
DEF CON AI VillageDedicated AI CTF + live red teamingAnnual (August)
AI Village CTFYear-round challengesOngoing
HackTheBox AI challengesOccasional AI/ML boxesPeriodic
Google CTFML challenge categoriesAnnual

Practice Approach

  1. Start with Gandalf — build prompt injection intuition
  2. Move to Damn Vulnerable LLM Agent — test tool-use exploitation
  3. Try Crucible — more complex, multi-step challenges
  4. Build your own lab — deploy a vulnerable chatbot locally and test it
  5. Compete in CTFs — time pressure sharpens skills