The AI Training Dojo

What Is the AI Training Dojo?

The AI Training Dojo is GTK Cyber’s free, interactive platform for learning AI security through practice. Instead of reading about prompt injection, you do it. Instead of watching a lecture on RAG poisoning, you upload documents to a real RAG pipeline and attack it.

The platform runs at ai.gtkcyber.com and is open to anyone with an email address.

What You Can Practice

Prompt Injection Challenges (14 challenges, 3 difficulty levels each)

Each challenge puts you in front of an AI system with a specific objective: extract a hidden secret, bypass a safety filter, corrupt structured output, or trick the model into unauthorized tool use.

Difficulty levels change the mechanics, not just the objective. Easy mode gives you a basic system prompt. Medium adds keyword filters. Hard layers multiple preprocessing defenses that you need to bypass.

Challenges include:

• Leak the System Prompt: Extract the hidden instructions that control the model’s behavior
• Exfiltrate a Secret: Find and reveal a hidden token embedded in the system
• Break a Refusal: Bypass safety guidelines through creative framing
• Tool Use Injection: Trick the AI into describing or executing unauthorized tool calls
• Data Exfiltration via Encoding: Reveal secrets by getting the model to encode its output
• Role Confusion Attack: Convince the model you’re the developer to extract configuration
• Token Smuggling (4 levels): Use Base64, hex, ROT13, and double encoding to bypass input filters

Each challenge has a unique per-user secret token, automated scoring, and attempt tracking. Revealing the system prompt is allowed but costs you 50% of the points.

Interactive Labs (5 labs)

Labs are guided environments where you explore how AI systems work from the inside, then test their limits:

• RAG Lab: Upload your own documents, create vector embeddings, adjust retrieval parameters (top-k, similarity threshold), and practice RAG poisoning by embedding malicious instructions in documents. See the augmented prompt the model receives, including which source documents were retrieved.

• MCP Database Lab: Interact with an AI agent that has access to a SQL database through the Model Context Protocol. Write natural language queries, watch the model generate and execute SQL, and explore what happens when you ask for things outside the intended scope.

• Tool Usage Lab: Work with an AI assistant that can call external APIs (live stock prices via AlphaVantage). See the function call definitions, the parameters the model sends, and the responses. Understand the attack surface when AI agents have tool access.

• Encoding Lab: Test which text encoding techniques (Base64, ROT13, hex) can bypass AI guardrails. Built-in encoder/decoder tools let you prepare payloads and test them in real time.

• Chat Buffer Lab: Experiment with conversation history buffers. See how memory limits affect the model’s awareness of prior messages, and what happens when important context gets pushed out of the window.

How Scoring Works

The Dojo uses a CTF-style points system:

• Easy mode: 100-175 points per challenge
• Medium mode: 2x multiplier
• Hard mode: 3x multiplier
• System prompt reveal: 50% score penalty (you can look, but it costs you)
• Lab tasks: Points awarded per completed task (6-8 tasks per lab)

A competitive leaderboard ranks users by total score. Useful for team training: set up accounts for your team and see who finds the most creative attacks.

Who Uses the Dojo

• Security professionals preparing for AI red-teaming work
• Developers who build LLM-powered applications and want to understand the attack surface
• Students in GTK Cyber’s AI Red-Teaming and AI Cyber Bootcamp courses (the Dojo is used for lab exercises)
• CTF competitors who want to practice AI-specific challenges
• Anyone curious about how AI systems break under adversarial pressure

How It Connects to GTK Cyber Training

The Dojo is the lab environment. GTK Cyber’s courses are the classroom.

In the AI Red-Teaming course, students use the Dojo’s challenges and labs as hands-on exercises during the training. The AI Cyber Bootcamp includes Dojo-based labs for the adversarial AI section.

You can use the Dojo without taking a course. But the courses give you the methodology, the threat models, and the systematic approach that makes the difference between random poking and productive red-teaming.