Talk an AI into leaking a secret. Watch a real firewall stop you.
A browser game. There's a local AI guardian holding a secret key, and your job is to social-engineer it into handing the key over. The twist is what stands between you and the secret: Unplug, a real open-source LLM firewall, defending itself in front of you so you can see exactly which shield caught you and why.
Think of it as an X-ray of Gandalf. Other prompt-injection games are a black box: you lose, you don't learn anything. Here every blocked attempt shows the stage that fired, the attack category, and the raw evidence. The defense is the content.
Five levels, each one adds a layer of Unplug's pipeline on top of the last:
The guardian is a small open model running on a GPU backend. The shields are the actual Unplug SDK, not a mockup, so the difficulty curve is just the real product getting harder to bypass.
Two reasons. First, it's the most honest demo of Unplug I could think of: you don't read about the firewall, you fight it. Second, it's a data flywheel. Every attempt is labeled red-team data. Attacks the shields blocked, attacks that got through despite them, and benign messages that got falsely flagged. The bypasses that survive every layer are the gold. They become new regex patterns, training data for the next model, and regression tests. This is roughly how Lakera turned a game called Gandalf into one of the largest prompt-injection datasets out there.
Gradio frontend on a HuggingFace Space, guardian model served on a GPU backend, the Unplug SDK doing the actual scanning and redaction, and a HuggingFace Dataset collecting consented, PII-stripped attempt logs. Built for the Build Small Hackathon.