
Can you catch the security flaws AI leaves behind?
Practice finding, hacking, and fixing vulnerabilities modelled on real-world incidents.
Try a quick challenge. No signup.
curl -fsSL https://secdim.com/quick-lab.sh | sh90% of devs use AI to write code.
Only 48% review it and most miss the security flaws.1JetBrains Developer Survey 2026; Perry et al., Stanford, 2023;
Clone & open
Open in the browser sandbox or clone to your IDE.
Find & hack
Explore the app, run the exploit to understand the security flaw.
Fix & level up
Patch it, push it, and level up.
Attack & defence
Ranking
| ๐ฅ | Kabir Acharya | 6,993 pts |
| ๐ฅ | Matt L | 0 pts |
| ๐ฅ | Neil Roldan | 1,735 pts |
| #4 | Hamza Ali | 1,640 pts |
| #5 | Harley Wilson | 1,505 pts |
| #6 | Pedram Hayati | 1,390 pts |
| #7 | Davide Cioccia | 1,220 pts |
| #8 | Andre Samarin | 1,145 pts |
| #9 | Jonathan Wright | 980 pts |
Real CVEs
In-repository learning
remote: Enumerating objects: 142, done.
remote: Counting objects: 100% (142/142), done.
Receiving objects: 100% (142/142), 48.2 KiB
Resolving deltas: 100% (61/61), done.
Secure browser sandbox
def check_input(user_data):
# Validate before processing
if not is_safe(user_data):
raise SecurityError("blocked")
return process(user_data)AI security mentor
def handle_request(req):
# TODO: validate req.docs
return model.run(req)Personalised learning path
Prompt Injection
15 min
RAG Poisoning Lab
30 min
MCP Tool Collision
15 min
Level 2 Expert
Awarded at 1000 pts
See others solutions
input = sanitize(input, STOP_WORDS)if any(w in input for w in blocklist):return re.sub(pattern, "", input)Your security track record
Secure Coding
Fundamentals Badge.ts
is proudly presented to
Harley Wilson
Integrations
MCP server
You're working on LLM integration. SecDim has a relevant lab:
Want me to open it?
1 every
7.4 min
A new software vulnerability published in 2026.1cve.icu; cveforecast.org, 2026
31%
Of breaches now start with software exploitation.2Verizon Data Breach Investigations Report, 2026
Up to 100ร
More expensive to fix a security flaw after release than during the design.3IBM Systems Sciences Institute; NIST, 2002
Security Lesson Number 1
Always verify the script you find on the internet before running it. This script is signed by SecDim.
Download the script and its signature file
Import SecDim's public key
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 59A1DC49D6D9C94CVerify
$ gpg --verify quick-lab.sh.sig quick-lab.shRun if verified
$ sh quick-lab.sh
What about hash verification?
It is not strong. If the script and its hash are hosted on the same server, a compromised host lets an adversary backdoor the script and update the hash to match. However, the adversary cannot update the signature file because they don't have access to the private key used to sign it.
They didn't just tick the training box โ they levelled up for real.
Compliance training doesn't
build security culture.
Security culture forms when developers choose to care but not when compliance requires them to. SecDim trains the way developers naturally learn: by trying, failing, and pivoting. Not step-by-step hand-holding. Developers come back because they want to โ not because HR tells them to.
Not hand-holding. A wargame.
Real vulnerabilities. Real exploits. Real fixes. No guided walkthrough that holds their hand to the answer. The skill forms under pressure not by following instructions.
Gen 1
Quiz & video
Watch, recall.
Mandated.
AI answers all.
Gen 2
Simulation
Hand-held steps.
Low pull.
AI solves it.
Gen 3
Cloud labs
Scripted walkthrough.
Moderate.
AI assists.
Gen 4
Wargame
Try, fail, pivot.
Self-driven.
AI is the challenge.
Bar height = capability built and retained
Not mandated. Chosen.
Every platform your developers ignore was built for procurement, not for them. SecDim was built for developers first and hence they naturally adopt it.
Not completion. Capability.
Identify your immediate risks. See exactly where each developer sits. The conversation with your board changes when you have a risk quadrant, not a completion percentage.
CompetencyLow
Competency





