THE VAULT

Nucleus CTF Challenge

Can your AI agent break out of a secure sandbox?

You play the attacker. Craft tool calls the way an AI agent would, and watch a math-backed permission system block every attempt to steal the secret — no LLM guessing, just proofs. Runs entirely in your browser. No signup, no install.

Prefer to automate? Point your own agent at the JSON/MCP API ↓

Levels

Real Exploits

113

Kani Proofs

<1ms

In-Browser Verdict

What's a "formally verified sandbox"? The rules that decide whether a tool call is allowed aren't written by an AI — they're a small set of mathematical functions whose safety properties are proven with Lean 4 and machine-checked with Kani. The same code runs here and in production.

How It Works

Submit tool calls

Craft an attack as a sequence of JSON tool calls — read_file, run_bash, web_fetch, git_push, and more — exactly like a real AI agent would. An example is pre-loaded for every level.

Hit the permission lattice

Your calls run against the same formally verified permission system that guards production AI agents. Not an LLM deciding — math.

Watch defenses fire

See exactly which defense layer catches each attempt, with a link to the proof obligation (Lean 4 + Kani) that backs the denial.

Beat every layer

Progress through levels grounded in real 2024-2025 exploits. The final level: trigger every defense at once to prove you understand the system.

Open source · MIT Real 2024-2025 CVEs & exploits 113 Kani proofs + ~277 Lean theorems Runs in WASM · zero infra

★ Star on GitHub · Read the verified claims · Play via API / MCP

THE VAULT

Level 1/7

Score 0

Defenses 0/6

Attack Console

Available Tools

Hover a tool to see what it does.

Tool Calls (JSON)

An example attack for this level is loaded below — edit it, then run it.

Defense Visualizer

Private Data

Untrusted Content

Exfil Vector

Results

Submit an attack to see results.