Operation Ghostwriter

Scenario Briefing

You're the AI Security Lead at a mid-size fintech company. Your team deployed "FinBot," an LLM-powered customer service agent, three months ago. It handles ~10,000 conversations per day.

At 2:47 AM, your monitoring system fires an alert: FinBot's outbound API calls have spiked 300% in the last hour, and the payloads contain what appears to be structured PII (names, account numbers, and SSNs) encoded in base64 within seemingly normal response text.

Initial triage suggests an adversary has embedded prompt injection payloads in customer messages that cause FinBot to exfiltrate data through its tool-use capabilities.

The clock is ticking.

How it works: You will face 4 decision points, each with 3 options. Your choices determine the outcome. Each decision is annotated with relevant OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF references. Score 0–100 based on your decisions.