/ lab / OWASP LLM01// AFTERHEX / interactive / sandbox

prompt injection sandbox.

A toy LLM. A system prompt. A fake API key it's told to never reveal. Your job: prompt-inject your way to the credential. No tricks, no networking — purely client-side. Try the obvious payloads first. Try the not-so-obvious ones. The model will tell you when you've won.

system: nominal

/ assistant

/ AFTERHEX support online.
/ how can i help? (try asking about an order — or try something else)

/ want the full breakdown?

Read the full prompt injection glossary entry for definitions, real-world incidents, and 2026 mitigations. Or wear the tee.