๐Ÿš€ Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Can you catch the security flaws AI leaves behind?

Practice finding, hacking, and fixing vulnerabilities modelled on real-world incidents.

Try a quick challenge. No signup.

curl -fsSL https://secdim.com/quick-lab.sh | sh
Devs Love Us
Rated 5/5 on G2

90% of devs use AI to write code.

Only 48% review it and most miss the security flaws.1JetBrains Developer Survey 2026; Perry et al., Stanford, 2023;

01

Clone & open

Open in the browser sandbox or clone to your IDE.

terminal
$ git clone challenge.git$ make runApp is running on :8080
02

Find & hack

Explore the app, run the exploit to understand the security flaw.

terminal
$ make exploit△ Prompt injection vuln found.✗ App is exploited.
03

Fix & level up

Patch it, push it, and level up.

terminal
$ git push
✓ Patch is secure +0 points

Attack & defence

Ranking

๐Ÿฅ‡Kabir Acharya6,993 pts
๐ŸฅˆMatt L0 pts
๐Ÿฅ‰Neil Roldan1,735 pts
#4Hamza Ali1,640 pts
#5Harley Wilson1,505 pts
#6Pedram Hayati1,390 pts
#7Davide Cioccia1,220 pts
#8Andre Samarin1,145 pts
#9Jonathan Wright980 pts

Real CVEs

CVE-2025-32711Prompt InjectionCVSS 9.3 ยท Critical
OWASP OWASP LLM Top 10: InjectionCWE CWE-1427

In-repository learning

terminal
$ git clone play.secdim.com/challenge.gitCloning into 'challenge'...
remote: Enumerating objects: 142, done.
remote: Counting objects: 100% (142/142), done.
Receiving objects: 100% (142/142), 48.2 KiB
Resolving deltas: 100% (61/61), done.

Secure browser sandbox

your-sandbox.secdim.com
app.py
def check_input(user_data):
    # Validate before processing
    if not is_safe(user_data):
        raise SecurityError("blocked")
    return process(user_data)

AI security mentor

app.py
def handle_request(req):
    # TODO: validate req.docs
    return model.run(req)
Dr. SecDim
Give me a hint, I am stuck.This challenge is modelled on CVE-2025-32711 where external docs pulled into context without sanitisation. Have you tried adding 'stop sequences'?

Personalised learning path

740 points Level 1 Expert
Personalised pathways

Prompt Injection

15 min

RAG Poisoning Lab

30 min

MCP Tool Collision

15 min

Level 2 Expert

Awarded at 1000 pts

See others solutions

#1Hamza Aliโ–ฒ 47โ–ผ 2AI-generated: No
input = sanitize(input, STOP_WORDS)
#2Harley Wilsonโ–ฒ 31โ–ผ 4AI-generated: No
if any(w in input for w in blocklist):
#3Pedram Hayatiโ–ฒ 12โ–ผ 9AI-generated: Yes
return re.sub(pattern, "", input)

Your security track record

Secure Coding
Fundamentals Badge.ts

is proudly presented to

Harley Wilson

Secure Coding Fundamentals badge

Integrations

GitHub
IntelliJ IDEA
Claude
CodeQL
ChatGPT
Semgrep
MCP
SonarQube
GitLab
Vim
VS Code
Workday
GitHub Copilot
Eclipse
Jira
Microsoft Entra ID

MCP server

Claude

You're working on LLM integration. SecDim has a relevant lab:

Prompt Injection Lab
AI · 15 min · CVE-2025-32711

Want me to open it?

1 every
7.4 min

A new software vulnerability published in 2026.1cve.icu; cveforecast.org, 2026

31%

Of breaches now start with software exploitation.2Verizon Data Breach Investigations Report, 2026

Up to 100ร—

More expensive to fix a security flaw after release than during the design.3IBM Systems Sciences Institute; NIST, 2002

They didn't just tick the training box โ€” they levelled up for real.

  • SecDim Wargames at Redis
  • SecDim Wargames at EU Commission
  • SecDim Wargames at Veralto
  • SecDim Wargames at Reserve Bank of Australia
  • SecDim Wargames at Intesa
  • SecDim Wargames at Flybuys
  • SecDim Workshop at University of Sydney
Built for teams

Compliance training doesn't
build security culture.

Security culture forms when developers choose to care but not when compliance requires them to. SecDim trains the way developers naturally learn: by trying, failing, and pivoting. Not step-by-step hand-holding. Developers come back because they want to โ€” not because HR tells them to.

Not hand-holding. A wargame.

Real vulnerabilities. Real exploits. Real fixes. No guided walkthrough that holds their hand to the answer. The skill forms under pressure not by following instructions.

Gen 1

Quiz & video

Watch, recall.
Mandated.
AI answers all.

Gen 2

Simulation

Hand-held steps.
Low pull.
AI solves it.

Gen 3

Cloud labs

Scripted walkthrough.
Moderate.
AI assists.

Gen 4

Wargame

Try, fail, pivot.
Self-driven.
AI is the challenge.

Bar height = capability built and retained

Not mandated. Chosen.

Every platform your developers ignore was built for procurement, not for them. SecDim was built for developers first and hence they naturally adopt it.

Not completion. Capability.

Identify your immediate risks. See exactly where each developer sits. The conversation with your board changes when you have a risk quadrant, not a completion percentage.

High
Competency
Low
Competency
Developing Efficiency
Secure Developer
1Security ChampionLeverage these developers as mentors, secure code reviewers, and advocates.
3Immediate RiskRisky to ship code to production. Engage with them.
Risky
Developing Competency
Low EfficiencyHigh Efficiency