GitHub: Learn to Hack AI Agents Through an Interactive Security Game

GitHub today launched the fourth season of its popular Secure Code Game — this time entirely dedicated to AI agent security. At a time when 83% of organizations plan to implement agentic AI, but only 29% consider themselves adequately prepared for security risks, this free educational platform arrives at just the right moment.

How Does the Game Work?

Players gain access to ProdBot, an intentionally vulnerable AI terminal assistant. ProdBot can execute bash commands, browse web content, connect to MCP servers, run approved skills, and coordinate multiple agents. The player’s task: use natural language to make ProdBot reveal a secret it should never disclose.

Five Progressive Levels

Each level reflects the evolution of real AI tools and new attack surfaces:

1. Level 1: Basic bash command generation and execution
2. Level 2: Web browsing within a sandbox
3. Level 3: Integration with external MCP servers
4. Level 4: Approved skills and persistent memory between sessions
5. Level 5: Coordination of multiple agents with specialized roles

OWASP Top 10 for Agentic Applications

The game covers real vulnerabilities from the OWASP Top 10 for Agentic Applications 2026, including agent goal hijacking, tool misuse, memory poisoning, prompt injection attacks, and data exfiltration. The article also mentions CVE-2026-25253 (“ClawBleed”) — a vulnerability that enables remote code execution through malicious links.

Accessibility

The entire experience takes about two hours and runs in GitHub Codespaces — no installation, prior AI knowledge, or programming experience required. Everything happens through natural language in the terminal.