OWASP FinBot
OWASP FINBOT
OWASP GenAI Security Project OWASP GenAI Security Project
OWASP FinBot

Hack the AI.
Secure the Future.

An Agentic AI security CTF platform. Interact with AI agents, exploit real vulnerabilities, and learn to secure agentic systems. All from your browser.

THE JUICE SHOP FOR AGENTIC AI

Start Hacking View on GitHub

What is OWASP FinBot?

An Agentic AI vendor management platform. Intentionally vulnerable.

Live Agentic Platform

A multi-agent vendor management system with autonomous onboarding, fraud detection, invoice processing, and communications. All powered by LLMs with real tool access.

Intentional Vulnerabilities

Prompt injection, tool misuse, policy bypass, data exfiltration, privilege escalation, and RCE. Mapped to OWASP Top 10 for LLMs and Agentic Apps.

Gamified CTF Engine

Automated flag detection, progressive challenges, badges, leaderboards, and hints. Real-time scoring as you exploit the AI agents.

Under the Hood

What happens when agents go to work

Vendor Onboarding

agent-trace

Challenge Categories

Mapped to OWASP Standards

Every challenge maps to OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, CWE, and MITRE ATLAS.

Recon

Beginner

Extract system prompts, discover agent capabilities, and map the internal architecture.

Policy Bypass

Intermediate

Manipulate agent goals to bypass compliance rules, trust levels, and business logic enforcement.

Data Exfiltration

Advanced

Extract sensitive vendor data, PII, and financial information through agent manipulation.

Destructive

Advanced

Cause agent-driven damage: mass vendor deactivation, data corruption, and cascading failures.

Remote Code Execution

Expert

Exploit tool poisoning and MCP servers to achieve arbitrary code execution through agent actions.

More Coming

Roadmap

Memory poisoning, multi-agent attacks, supply chain exploits, and more on the roadmap.

OWASP

Built on OWASP Standards

Every challenge is tagged against the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026), plus CWE and MITRE ATLAS mappings.

LLM01:Prompt Injection LLM06:Excessive Agency ASI-01:Agent Goal Hijack ASI-02:Tool Misuse ASI-05:Code Execution

How It Works

Three steps to your first flag

1

Enter the Vendor Portal

Sign up as a vendor. You'll get access to OWASP FinBot, an AI assistant that manages your onboarding, invoices, and payments.

2

Probe the AI Agents

Interact with OWASP FinBot and explore its capabilities. Try to make it bypass policies, leak data, or act against its instructions.

3

Capture the Flags

Exploits are automatically detected and scored. Earn badges, climb the leaderboard, and share your hacker profile.

Ready to break some agents?

No setup needed. Jump straight into the platform and start exploiting AI vulnerabilities in a safe, gamified environment.

Start Hacking Learn about OWASP GenAI