OWASP PromptMe
OWASP PromptMe is probably the most modern and sophisticated insecure LLM application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! PromptMe encompasses vulnerabilities from the entire OWASP Top 10 for Large Language Model Applications along with many other security flaws found in real-world applications!
Description
Prompt Me is an intentionally vulnerable LLM based application designed as a Capture The Flag (CTF) style challenge. The project serves as an educational tool to demonstrate the practical implications of the OWASP Top 10 for LLM Applications, helping developers, researchers, and security professionals understand how emerging LLM threats can be exploited and mitigated.
This web-based application simulates real-world LLM attack vectors in a controlled environment. Each vulnerability is mapped directly to an OWASP LLM Top 10 risk (such as prompt injection, insecure output handling, embedding manipulation, etc.), and participants are challenged to exploit these flaws to capture hidden flags.
Contributors
The OWASP PromptMe has been created, developed and maintained by Divyesh Prajapati and team.