LLM Prompt Injection Attack
Stop a hidden prompt from hijacking your AI assistant mid-task.
- Detect hidden instructions in AI-processed documents
- Trace how injected prompts override AI behavior
From phishing and ransomware to AI security and GDPR compliance. 60+ hands-on 3D exercises, free to try.

Free interactive cyber hygiene exercises to build your human firewall. No sign-up required. See all free exercises →
Interactive phishing simulations, ransomware response, and social engineering defense exercises. Build your human firewall with hands-on 3D training.
Navigate a realistic phishing scenario with suspicious emails.
Experience critical moments after opening a suspicious attachment.
Face a convincing social engineer using psychological manipulation.
AI systems introduce new attack surfaces that traditional security training doesn't cover. Our exercises address risks from the OWASP Top 10 for LLM Applications and the OWASP Top 10 for Agentic AI Applications, covering prompt injection, data poisoning, AI-generated phishing, agent goal hijacking, and autonomous tool misuse.
Defend Clawdbot from prompt injection attacks.
Stop a hidden prompt from hijacking your AI assistant mid-task.
Stop an autonomous AI agent redirected by a poisoned email.
Study actual data breaches and cyber attacks that made headlines. Build cybersecurity awareness by understanding incident response procedures and the security culture gaps that enabled these attacks.
Sophisticated BEC attack from a real Reddit post.
Attackers infiltrated a client's email, silently monitored communications for weeks, then struck with a perfectly-timed invoice redirect using a lookalike domain.
The 2023 attack that cost MGM $100 million.
A single 10-minute phone call to the helpdesk gave attackers the credentials they needed to deploy ransomware across one of the world's largest casino operators.
Interactive exercises covering GDPR compliance, the OWASP Top 10 Privacy Risks, and data protection fundamentals. Practice data subject rights, breach notification, consent management, and cross-border transfer rules through realistic regulatory scenarios.
Collect and manage marketing consent properly.
Respond to a data breach within 72 hours.
Build privacy into products from the start.
Enterprise security awareness training tools to build a strong cybersecurity culture
Real-time visibility into your organization's security posture.
Deploy instantly with full SCORM 1.2 & 2004 compliance.
Secure, isolated environments with complete customization.
Security awareness training that's accessible, engaging, and effective for everyone.
Master threat recognition through hands-on 3D simulations. Practice split-second security decisions in realistic scenarios covering phishing, ransomware, social engineering, and more.
Learn moreForget compliance checkbox videos. Our gamified 3D simulations turn security awareness into an experience employees actually want to complete.
Learn morePhishing, ransomware, social engineering, AI security, GDPR compliance, incident response, and dozens more. Cover the full threat landscape with training from beginner to expert.
Learn moreCreated by the team behind Kontra Application Security Training. Real-world security expertise distilled into training that actually changes behavior.
Learn moreRansomLeak is a security awareness training platform where employees practice inside interactive 3D cybersecurity simulations. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involve a human element, which is the gap this training targets. Exercises cover phishing, ransomware, social engineering, vishing, smishing, business email compromise, deepfake whaling, USB drop attacks, AI prompt injection, and GDPR compliance.
The platform ships training as SCORM 1.2 and SCORM 2004 packages that run inside any LMS. Organizations without an LMS can use the standalone cloud platform, which includes SSO, real-time analytics, and campaign management.
Dmytro Koziatynskyi and Maksym Khamrovskyi founded RansomLeak in 2024 in Tallinn, Estonia. Both previously built Kontra Application Security Training. The platform offers 60+ free exercises with no sign-up and supports compliance reporting for SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and NIS2.
Everything you need to know about deploying enterprise security awareness training
RansomLeak content is fully SCORM 1.2 and SCORM 2004 compliant, tested with over 50 enterprise LMS platforms including Moodle, SAP SuccessFactors, Cornerstone, Workday, Docebo, Canvas, Blackboard, and 360Learning. Each exercise exports as a self-contained SCORM package through a one-click process. Your LMS handles all progress tracking, completion status, and quiz score reporting natively. Exercises run entirely within your existing learning infrastructure with no external dependencies. SCORM packages support data residency requirements without sending learner data to external servers, and offline-capable packaging is available for restricted environments.
All data at rest uses AES-256 encryption, and all data in transit uses TLS 1.3. Encryption keys are managed through AWS KMS with automatic rotation. The platform aligns with GDPR, CCPA, NIST Cybersecurity Framework, NIS2, and DORA. We maintain CSA STAR Level 1 documentation and inherit SOC 2 Type II and ISO 27001 certifications through our AWS infrastructure. Regular third-party security audits validate platform integrity.
Administrators can select from industry-specific scenario packs for healthcare, finance, retail, and government. Department-specific curricula allow targeted training paths for engineering, finance, HR, and executive teams. For organizations with unique threat profiles, our content team builds custom exercises reflecting your specific attack surface and operational procedures.
A real-time analytics dashboard shows completion rates by department, team, or individual. Knowledge assessment scores track comprehension across topics like phishing identification and data handling. All reports are audit-ready and formatted for SOC 2, ISO 27001, and HIPAA compliance. Data exports are available in PDF, CSV, and Excel. Scheduled automated reports can be delivered weekly or monthly.
RansomLeak runs on AWS with elastic scaling that supports organizations from 50 to over 50,000 employees. Multi-tenant architecture keeps each organization's data isolated. Bulk user provisioning works through CSV upload and SCIM directory sync, and API-driven enrollment automation integrates with your HR systems.
Every enterprise client gets a dedicated customer success manager who guides the rollout from planning through deployment. Technical support covers the full range of platform setup and integration needs. The support team is available 24/7 with response times defined by your SLA tier. Most organizations are fully onboarded within days.
New training content ships monthly, with additional updates for significant threat developments. Recent additions cover AI-powered phishing, deepfake social engineering, QR code phishing (quishing), and business email compromise. A content review board of active security researchers validates every exercise before release. Existing exercises are updated to reflect the latest tactics documented in frameworks like MITRE ATT&CK.
Still have questions? Our team is here to help.
Chat With Us