All posts
CastleProductGamification

Introducing Bordair's Castle: A Prompt Injection Challenge Game

7 Mar 20266 min readBordair

We built Bordair's Castle because we believe the best way to understand prompt injection is to practise it. Castle is a free, gamified AI security challenge where you play as an attacker, trying to trick AI guards into revealing their passwords.

How it works

The castle has 5 kingdoms, each with 7 levels, for a total of 35 challenges. Each level has a guard (an AI character powered by an LLM) who knows a password. Your job is to craft prompts that convince the guard to reveal it.

The five kingdoms

  • Kingdom 1: Volcanic Castle - Text-only challenges. Start here to learn the basics of prompt injection.
  • Kingdom 2: Crystal Keep - Text and image. Combine words with visual content to bypass crystal guards.
  • Kingdom 3: Iron Archive - Text and documents. Smuggle injections inside PDFs, DOCX, and spreadsheets.
  • Kingdom 4: Echo Chamber - Text and audio. Use spoken content to fool sonic guards.
  • Kingdom 5: The Nexus - All modalities. Every weapon at your disposal.
Bordair Himself, the final boss of Kingdom 1

Bordair Himself sits atop the Volcanic Castle. He built the defences. He knows every trick. Or does he?

Progressive difficulty

Level 1 guards are pushovers. Gary, the outer gate guard, has not slept in three days and Bordair does not pay overtime. He will probably leak the password if you just say hello.

By Level 7, you are facing the kingdom boss. The Crystal Overlord claims to see every pixel. The Grand Archivist has catalogued every known injection technique. The Overseer processes all modalities simultaneously.

Why we built it

Security is best learned by doing. Castle teaches prompt injection through hands-on experience: you learn which attacks work, which do not, and why. Every attempt is scanned by Bordair's detection engine, so you also learn what good defences look like.

Scoring and leaderboard

Each cleared level earns points based on difficulty, modalities used, and your current streak. The leaderboard tracks top players globally. Can you beat all 35 levels?

Play for free at castle.bordair.io.

Protect your LLM application

Add prompt injection detection in minutes with Bordair's API.

Get started free