Schrute CTF Logo

Schrute CTF

Prompt Injection Training

Schrute CTF Logo

Schrute CTF

Can you outsmart Dwight? Learn how prompt injection and over-privileged chatbots lead to data leaks.

How It Works

๐Ÿ’ฌ

Chat with Dwight

Each level features a chatbot with different security flaws. Find the vulnerability!

๐Ÿ”“

Extract the Secret

Use prompt injection techniques to trick the bot into revealing the password.

๐Ÿšฉ

Capture the Flag

Submit the flag to prove you've learned the security lesson. Level up!

8 Levels of Security

๐Ÿ“ž

Level 1

The Receptionist

Easy
๐Ÿ“‹๐Ÿ”’

Level 2

The Assistant (to the) Regional Manager

Easy
๐ŸŽฎ๐Ÿ”’

Level 3

Records Manager

Medium
๐Ÿคฅ๐Ÿ”’

Level 4

Risk & Communications Manager

Medium
๐Ÿ”๐Ÿ”’

Level 5

Voluntary Sherif

Medium
๐Ÿ’พ๐Ÿ”’

Level 6

Data Protection Operations Lead

Hard
๐Ÿ“Š๐Ÿ”’

Level 7

Not Angela's Boyfriend

Hard
๐Ÿ“‘๐Ÿ”’

Level 8

The Reflection Agent

Extreme

What You'll Learn

  • โ–ธNo Access Control: What happens when chatbots have unrestricted data access
  • โ–ธWeak Obfuscation: Why hiding secrets in text doesn't protect them
  • โ–ธRole-Play Bypass: How "pretend" prompts defeat safety measures
  • โ–ธLogic Manipulation: Exploiting conditional behavior in bots
  • โ–ธEncoding vs Encryption: Why Base64 isn't security
  • โ–ธPrompt Injection: When user input becomes database commands
  • โ–ธLog Leakage: How debug output exposes sensitive data

Frequently Asked Questions

What is prompt injection?โ–ผ

Prompt injection is a security vulnerability where attackers manipulate AI chatbots by inserting malicious instructions into user input. This can cause the AI to ignore its original programming, leak sensitive data, or perform unauthorized actions.

Is Schrute CTF free?โ–ผ

Yes! Schrute CTF is completely free to play. No sign-up required. Your progress is saved locally in your browser. We believe AI security education should be accessible to everyone.

Do I need coding experience?โ–ผ

No coding is required! The game teaches security concepts through natural language interactions. You'll learn by crafting clever prompts, not by writing code. It's perfect for beginners and experts alike.

How do I start playing?โ–ผ

Just click "Start Game" above! You'll chat with Dwight, our AI chatbot. Each level has a hidden secret. Your goal is to use prompt injection techniques to trick Dwight into revealing it. Submit the secret as a "flag" to progress.

Is this safe and legal?โ–ผ

Absolutely! Schrute CTF is a safe, sandboxed environment designed for educational purposes. You're practicing on our intentionally vulnerable chatbotโ€”not real systems. It's legal and ethical hacking training.

Ready to Test Your Skills?

No sign-up required. Your progress is saved locally. Complete all 8 levels to become a prompt injection expert!