LLMVault: Offline AI Security Lab Covering OWASP LLM Top 10 with 25 Exercises

LLMVault, an open‑source offline sandbox released by GitHub user CyberSunil, offers 25 tiered labs that simulate all ten OWASP LLM Top 10 vulnerabilities, enabling security professionals and learners to practice prompt injection, data poisoning, model extraction, and other AI attacks without needing external API keys.

Black & White Path
Black & White Path
Black & White Path
LLMVault: Offline AI Security Lab Covering OWASP LLM Top 10 with 25 Exercises

Project Overview

LLMVault is an open‑source AI security training sandbox published by GitHub user CyberSunil. It is positioned as the “AI version of WebGoat/KubeGoat” and uses a CTF‑style challenge format to cover the ten OWASP LLM Top 10 risks (2025 edition) through 25 layered experiments.

Key Features

Fully offline operation : No OpenAI or other API keys are required; vulnerable AI assistants are scripted deterministic responses.

One‑click Docker deployment : Supports both local Flask mode and containerized deployment.

CTF challenge mode : Each experiment yields a flag obtained via conversational interaction.

Integrated offense and defense : Every lab includes a private guide with mitigation techniques.

Three difficulty tiers : 10 core labs, 10 advanced labs, and 5 expert labs.

25 Labs in Detail

Core Labs (10)

LLM01 Prompt Injection – “The Obedient Assistant” – Direct command override.

LLM02 Sensitive Information Leakage – “Redaction Theater” – Bypass output filtering via encoding.

LLM03 Supply‑Chain – “Trust the Manifest?” – Similar domain / unsigned dependencies.

LLM04 Data & Model Poisoning – “The Sleeper Phrase” – Trigger backdoor via poisoned data.

LLM05 Improper Output Handling – “Rendered Without Question” – Injection caused by unfiltered output.

LLM06 Over‑Proxy – “Keys to the Kingdom” – Unauthorized tool with no authentication.

LLM07 System Prompt Leakage – “Loose Lips” – Secrets exposed in system prompts.

LLM08 Vectors & Embeddings – “Retrieval Without Borders” – RAG retrieval ignores ACLs.

LLM09 Error Messages – “The Yes‑Man” – Flattering or false authority messages.

LLM10 Unbounded Consumption – “Denial of Wallet” – Uncontrolled generation and error leakage.

Advanced Labs (10)

Roleplay Unchained – Multi‑turn jailbreak via role escalation.

Death by a Thousand Hints – Reconstruct information from partially disclosed oracle fragments.

Confused Deputy – SSRF‑style attack on internal metadata through tool‑chain agents.

The Note Keeper – Storage‑type second‑order injection.

The Oracle – Query‑based model extraction.

... (additional advanced labs listed in the original article) ...

Expert Labs (5)

Encrypted‑release labs that require completion of all core and advanced challenges to obtain an “expert access key” from the author.

These simulate real‑world vulnerability scenarios and are intended for seasoned researchers.

Getting Started

Local Quick Start

# Install dependencies and run
pip install -r requirements.txt
python app.py
# Open http://127.0.0.1:5000 in a browser

Docker Deployment

# Build and run with compose
docker compose up --build
# Or use plain Docker
docker build -t llmvault .
docker run -p 5000:5000 llmvault

After launch, set a player name (cannot be changed) and begin the challenge journey.

Recommended Use Cases

Internal corporate training for AI security courses.

Personal skill development for aspiring AI security professionals.

CTF competition preparation.

Security research validation of new AI attack techniques without consuming real LLM API quotas.

University coursework for cybersecurity and AI programs.

Precautions

Do not expose the service to the public internet; it listens only on 127.0.0.1 by default.

Use only in authorized research or training environments; not for production.

Do not reuse the vulnerable code in actual products, as it contains known flaws.

Conclusion

LLMVault fills a gap in AI security education by providing an engaging, offline CTF‑style platform that guides learners from basic prompt injection to expert‑level model extraction. Its tiered design and lack of external API dependencies make it a practical tool for Chinese security teams and the broader community.

Project URL: https://github.com/CyberSunil/LLMVault

OWASP LLM Top 10 reference: https://genai.owasp.org/llm-top-10/

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

DockerPythonAI securityCTFOWASPLLM vulnerabilities
Black & White Path
Written by

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.