Learn how AI browser assistants get tricked and practice finding safe "flags" hidden in webpages.

Some pages hide instructions your AI helper could follow by mistake. Learn how these tricks work and practice spotting them with safe, hands on mini challenges.

✅ 100% simulated • No external calls • We only count: games played, correct/failed flag submits

•
Agentic browser: a browser with an AI helper that can read pages, click, fill forms, and automate simple tasks for you.
•
Prompt injection: hidden or sneaky text in content that tries to change the AI's instructions so it does something unintended.
•
Guardrails: safety checks and filters around the AI that reduce risky behavior (e.g., focusing on sanitized, visible page content and limiting what tools it can use). Helpful—but not magic.

Why flags, not "trick the browser"

Hands-on learning, zero risk. We use pretend flags so you learn safely; real "trick the agent" stunts can be harmful—and many modern guardrails block them—while DIY or hobby agents might still miss them.

⚠️ The gotcha: when a page "talks back" to your agent

This is the most common way AI helpers get steered: they read everything—even parts you'd never see.

AI helpers are great at following instructions—and that's the problem. Some webpages hide extra instructions in places you don't usually read (like HTML comments, metadata, or invisible elements). When your agent "reads the page," it might treat those hidden bits as commands. That's called prompt injection.

Common hiding spots include:

• HTML comments (not visible on the page)
• hidden DOM (elements styled to be invisible)
• meta/Open Graph tags (meant for machines, not humans)

See exactly how a hidden instruction can hijack an agent

What this site gives you (in safe, bite-size steps)

This app is a hands-on training ground where you learn how agents can be tricked—and how to spot it—by playing through short, realistic challenges. It's built to be safe and self-contained; nothing here touches your real accounts.

Open a level and read the goal

Use your agentic browser to try the task

Enter the hidden flag if your agent found it

See "What happened?" plus simple defenses

📚 What you'll learn, in plain terms

Spot hiding spots

Where hidden instructions often live on websites

Understand confusion

Why agents sometimes confuse data with instructions

Reduce risk

Everyday habits that reduce risk—before your agent clicks

Guardrails help—but good habits win

Agentic browsers are amazing. Use them with these five simple, positive habits and keep the magic without the mess.

Dedicated AI browser (not your daily driver)

Keeps your everyday browsing data (cookies, history, autofill, extensions) out of reach and focuses the agent on AI tasks only.

Stay logged out by default

Shrinks the blast radius of any stray instruction.

One task per session, minimal tabs

Reduces cross-page influence and distraction.

Review before action

Prevents unintended form submits, downloads, or messages.

Quick red-flag check

Helps you catch weird behavior early.

🚀 Ready to try?

Start at Level 1. You'll see exactly how a hidden instruction can nudge an AI helper—and how a small change in how you use your agent can block it. Each level gives a clear explainer and "defenses to know," so you leave with practical instincts, not just theory.

0/12

Mission Status

OCR Image-Embedded Prompts Contrast Tricks

▶ 84 ✓ 0 ✗ 0

Try this Level