/educators

Free hands-on AI security labs for your course

Wraith Academy is a browser-based lab platform where students attack live AI agents to learn LLM security: prompt injection, system prompt extraction, tool abuse, indirect injection, and data exfiltration. Around 15 challenges, mapped to the OWASP LLM Top 10. No VMs, no API keys, no setup on your side.

It is free for students and for classroom use. Students who complete five challenges can sit a free certification exam and earn a publicly verifiable credential they can put on a resume or LinkedIn.

The short version

Why it fits a course

Zero infrastructure

Everything runs in the browser against agents we host. Nothing to install, provision, or maintain. No lab cluster, no Docker, no per-student cost.

Free, no procurement

Free for students and for class use. There is no contract or purchase to route through your department, so adoption is your decision alone.

A credential at the end

Five solves unlocks a free exam (WCAP) and a verifiable credential with a public URL. A built-in capstone artifact for your students.

Drop-in module

A suggested 6-week sequence

One way to structure it as a unit inside an existing security or AI course. Each week pairs a focused challenge with a themed variant that drills the same attack class, mapped to the OWASP category and the credential's core modules. Use as much or as little as fits.

Week	Topic	OWASP	Challenges
1	Foundations + Direct Prompt Injection	LLM01	Initiation, Direct Extraction
2	System Prompt Extraction	LLM07	Translation Bypass, Pyromos (Drake of Ember Hollow)
3	Indirect Prompt Injection	LLM01	RAG Poisoning, Oracle of Whispers
4	Tool Abuse / Excessive Agency	LLM06	Tool Abuse, Vault Golem
5	Data Exfiltration	LLM02	Markdown Image Injection, Cartographer of Hollow Marches
6	Guardrail Bypass + WCAP capstone	LLM01 / LLM09	Base64 Bypass, Roleplay Jailbreak, then the WCAP exam

The full taxonomy behind this sequence is in The OWASP Top 10 for LLM Applications, Annotated, which works well as week-one reading.

The artifact

What students walk away with

Completing five challenges qualifies a student for the WCAP exam (Wraith Certified AI Pentester), a 48-hour, auto-graded, flag-capture exam covering every core attack class. Passing issues a credential with a permanent public verification URL and a LinkedIn share button. It is free, and it gives your students something concrete to show for the work.

No cost

What I will set up for you

A syllabus mapping

Send me your course outline and I'll map specific challenges to your existing weeks and learning objectives, so it drops in without reworking your schedule.

A guest lecture

A 45-minute virtual session on AI red teaming in practice, live attacks against real agents, for your class. No cost.

An end-of-term progress summary

On request, a summary of which of your students completed which challenges and who earned the credential. (Pulled by hand today; a self-serve view is on the roadmap.)

Try one challenge first

The fastest way to judge whether it fits your students is to break an agent yourself. It takes about ten minutes.

Try a challenge Email me about your course

Built and taught by Anthony D'Onofrio, PhD, eCPPT. Wraith is operated by Harbinger Security Consulting, LLC.

← Back to wraith.sh