OWASP PromptMe

PromptMe Logo

OWASP PromptMe is probably the most modern and sophisticated insecure LLM application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! PromptMe encompasses vulnerabilities from the entire OWASP Top 10 for Large Language Model Applications along with many other security flaws found in real-world applications!

Slideshow

Description

Prompt Me is an intentionally vulnerable LLM based application designed as a Capture The Flag (CTF) style challenge. The project serves as an educational tool to demonstrate the practical implications of the OWASP Top 10 for LLM Applications, helping developers, researchers, and security professionals understand how emerging LLM threats can be exploited and mitigated.

This web-based application simulates real-world LLM attack vectors in a controlled environment. Each vulnerability is mapped directly to an OWASP LLM Top 10 risk (such as prompt injection, insecure output handling, embedding manipulation, etc.), and participants are challenged to exploit these flaws to capture hidden flags.

Contributors

The OWASP PromptMe has been created, developed and maintained by Divyesh Prajapati and team.

Watch Star

OWASP PromptMe

Description

Contributors

Project Information

Classification

Audience

Installation

Sources

Documentation

Leaders

Upcoming OWASP Global Events