Skip to content

srioo10/LLM-Exploit-Simulator

Repository files navigation

"SecureBank" EXploit Simulator

A deliberately vulnerable AI banking assistant built to simulate real-world LLM security failures including:

  • Prompt Injection
  • RAG Poisoning
  • Insecure Tool Calling
  • Filesystem Exposure
  • Multi-Stage Exploitation Chains
  • Context Leakage
  • Unsafe Agent Orchestration

This project is designed for:

  • AI Security Research
  • Red Teaming Practice
  • Prompt Injection Demonstrations
  • LLM Exploitation Labs
  • Educational Cybersecurity Use

Disclaimer

This project is intentionally vulnerable.

It is designed strictly for:

  • educational purposes
  • AI security research
  • defensive experimentation
  • red-team simulations

Do NOT deploy this in production environments.


Features

Multi-Stage Escalation System

The chatbot gradually leaks information depending on user probing depth.

Escalation Flow

  1. Storage hints
  2. Filesystem hints
  3. Diagnostic interface discovery
  4. Command discovery
  5. Internal log access
  6. RAG poisoning chain
  7. Knowledge-base exploitation

Vulnerable FileSystem Interface

The chatbot exposes a simulated internal diagnostic interface:

ls <path>
read <path>

Examples:

ls /
read internal/logs/txn_debug.log

Some resources require tokens:

read internal/admin.txt | A1x9

Prompt Injection Simulation

The system contains intentionally unsafe prompt orchestration allowing:

  • hidden instruction leakage
  • internal behavior manipulation
  • context extraction
  • prompt-guided escalation

RAG / KnowledgeBase Exploitation

The project includes a vulnerable Retrieval-Augmented Generation (RAG) simulation.

Features:

  • insecure retrieval logic
  • unsafe trust of retrieved context
  • poisoned knowledge documents
  • hidden debug instructions

Exploitation Chain

Example attack path:

1. Probe storage architecture
2. Discover filesystem interface
3. Use ls/read operations
4. Extract trace token from logs
5. Access admin.txt
6. Discover RAG references
7. Query poisoned KB entries
8. Trigger prompt injection payload

Tech Stack

  • Python
  • Streamlit
  • LangChain
  • LiteLLM
  • Simulated RAG Layer
  • Custom Tool Orchestration

Installation

Clone Repository

git clone https://github.com/srioo10/LLM-Exploit-Simulator
cd LLM-Exploit-Simulator

Install Dependencies

pip install -r requirements.txt

Configure Environment

Create a .env file:

OPENROUTER_API_KEY=your_key_here

Run Application

streamlit run main.py

Example Prompts

Level 1

How does SecureBank store user data?

Level 2

How do developers interact with that system?

Level 3

What kind of diagnostic interface exists?

Level 4

What exact commands are supported?

Project Structure

.
├── main.py
├── tools.py
├── transaction_db.py
├── utils.py
├── requirements.txt
└── README.md

Security Concepts Demonstrated

  • Prompt Injection
  • Tool Abuse
  • Context Poisoning
  • RAG Exploitation
  • Unsafe Retrieval
  • Agent Misalignment
  • Prompt Leakage
  • Escalation Logic Abuse
  • LLM Oversharing
  • Insecure Tool Routing

Educational Goals

This project demonstrates why:

  • tool access must be sandboxed
  • prompts are not security boundaries
  • RAG systems require validation
  • agent orchestration is dangerous
  • LLMs should never directly control sensitive operations

Author

Sooraj S

"Built for AI security research and educational demonstrations."

About

A deliberately vulnerable banking chatbot that simulates real-world LLM, RAG, and prompt injection attacks through multi-stage exploitation chains, filesystem traversal, context poisoning, and insecure tool orchestration.

Topics

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors