🚀 Liran Tal

~ 5 min read

Gamifying the Future of Skill Development: From Open-Source Security to LLM Prompt Injection

share this story on
Gamified learning is a great way to engage developers and teach them new skills. I share my experience building a game to teach developers about open-source security, playing Lakera's LLM prompt injection game and cheering for Israeli gamified learning startup Wilco.

Reading an article, following API documentation or watching a video tutorial are all great ways to learn new skills but a truly memorable experience? learn through experience, lasting impressions of gamified learning.

So what if you could learn by playing a game? That’s the idea behind gamified learning. I want to share with you how I got started with building my own game to engage developers about open-source security and watching another company launch a game to teach developers about prompt injection in LLMs.

DependencyFrost - Open-Source Security Game

At Snyk, I often engage with developers about open-source security and specifically the importance of security vulnerabilities, secure code and overall supply chain security in the JavaScript ecosystem. Between studying packages in the npm registry, maintainers seeking help to triage vulnerability reports, or just general security research, the day to day work is very technical and immersive.

Similarly, I recognize that developers are busy at work. They often are too worried about shipping features on time. Tests? Security? who has time for that. I get it. Still, there has to be a more fun way of engaging with developers and at least getting them to think about security.

Watching Ania Kubow build a games in JavaScript, I was inspired to build my own game. She’s an incredibly good instructor and I highly recommend her content and her YouTube channel.

One of Ania’s game development streams featured a JavaScript gaming library called Kaboom.js. Kaboom.js is a JavaScript library that makes it easy to build games. It’s a fun framework that abstracts away the tricky parts like rendering, game physics, the game loop, and more and keep you focused on the actual story, game mechanics, scenes and game play.

I wanted to create a fun and interactive way to teach developers about the importance of open-source security. I decided to build a game called DependencyFrost. The game is a simple platformer where you play as a dog who runs on a frozen lake (Snyk’s mascot is a dog). The goal is to avoid packages through-out the level because they are vulnerable.

Here’s a quick demo of the game:

Liran Tal's DependencyFrost game

I found out that the game is a great way to break the ice with developers and I’ve used it once in an Open Source Summit event to welcome developers to the stage to play the game in those first few minutes before the hall gets packed and everyone enters. It was a hit!

Liran Tal's DependencyFrost game at Open Source Summit event

Even more so, we used it at Snyk in our booth at a conference and developers loved visiting us and trying their best to beat the high score and make it to the leader board. It was a great way to engage with developers and talk about security. Here’s a photo from NodeConf EU 2022:

Liran Tal's Dependency Frost game at NodeConf EU 2022

The game is open-source and you can find the code on GitHub in the lirantal/dependencyfrost repository.

Lakera’s Gandalf, an LLM Prompt Injection Game

Lakera, a cybersecurity software company in the domain of LLMs (Large Language Models) and AI, launched a web-based game called Gandalf. The purpose of the game is to introduce developers to concepts such as social engineering (which they may not actually be aware that this is what they’re doing) and prompt injection in LLMs.

SPOILER ALERT: If you haven’t played the game yet, you may want to zoom past this next section that shows a sneak peek of the game with screenshots on prompts in various levels.

Gandalf is a game character that holds a secret. The secret password. Gandalf has received strict orders to not reveal the password to anyone. The player’s goal is to get Gandalf to reveal the password by asking the right questions. Gandalf is essentially an LLM model that received specific prompt instructions and the game play surrounds the player’s ability to ask the right questions to get Gandalf to reveal the password. This is a sort of soft landing introduction to jail-breaking LLMs.

So how does it look like?

Lakera Gandalf LLM prompt injection game level 1

The game is made up of 7 levels, and a bonus 8th level. Each level is a different scenario, with increasing difficulty and security guardrails to prevent the player from getting the password.

Lakera Gandalf LLM prompt injection game level 4

Gamifying the Future of Skill Development

My experience with building DependencyFrost and watching Lakera launch Gandalf has been a great learning experience and one that further solidifies my belief in the power of gamified learning. In the same space of technical training and the future of skill development, the Israeli startup Wilco also recognizes the importance of turning learning into a game. They’ve built a platform that helps developers learn new skills through gamified learning. Check it out.

Especially if you’re in the space of developer relations, developer advocacy, or just generally interested in teaching developers new skills, I highly recommend considering gamified learning as a way to engage with developers and make learning fun and memorable.

Game over.

Liran Tal is the author of the book Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

The book: Node.js Secure Coding: Defending Against Command Injection Vulnerabilities