An intentionally vulnerable OWASP LLM Top 10 training platform for AI Security, Prompt Injection, RAG Security, Agent Security, and GenAI penetration testing.
-
Updated
Jul 16, 2026 - Python
An intentionally vulnerable OWASP LLM Top 10 training platform for AI Security, Prompt Injection, RAG Security, Agent Security, and GenAI penetration testing.
Vulnerable Docker containers designed to simulate vulnerable services for enthusiasts looking to sharpen their skills in identifying, exploiting, and enumerating vulnerabilities in a controlled environment.
Intentionally vulnerable AI security training lab for LLM agents — demonstrates OWASP LLM Top 10 2025: RAG injection, tool abuse, memory poisoning, supply chain compromise, data exfiltration and more.
Intentionally vulnerable lab for exploring access control bypasses in misconfigured Nginx/Flask setups
Vulnerable Active Directory Lab based on Ansible configuration.
Intentionally vulnerable web application built as a portfolio lab and integrated with a controlled Active Directory environment to demonstrate web exploitation, trust boundaries, and attack-chain risk in an isolated setting.
Educational Azure vulnerability lab for penetration testing practice, red team training, and cybersecurity education. Vulnerable-by-design cloud infrastructure with Terraform automation.
An intentionally vulnerable Spring Boot application designed for security research, defensive analysis, and secure coding education in modern Java-based systems.
Intentionally vulnerable Next.js RSC Docker lab for CVE-2025-55182 (React2Shell) local testing
SonicWall security audit toolkit with vulnerable CTF lab (CVE-2021-20038, CVE-2024-53704)
LLM-powered DevSecOps agent for generating vulnerable cyber ranges from natural language.
Build an unattended, randomized, gradeable vulnerable Active Directory lab in VMware from a non-admin Windows host over WinRM — armed with BadBlood + Vulnerable-AD and sealed with a ground-truth answer key for blind red-team training.
Intentionally vulnerable GCP infrastructure for security training — Terraform deployment of DVWA, Cloud Function (SSRF/RCE), public storage bucket, overprivileged SA, and more.
A safe, local lab to demonstrate Command Injection vulnerabilities (Blue/Red Team).
Add a description, image, and links to the vulnerable-lab topic page so that developers can more easily learn about it.
To associate your repository with the vulnerable-lab topic, visit your repo's landing page and select "manage topics."