LLMVault — OWASP LLM Top 10 Training Platform banner

Contribution // Open Source // OWASP LLM Top 10 (2025)

LLMVault

LLMVault is the ultimate hands-on training platform for mastering the OWASP LLM Top 10. Designed as a deliberately vulnerable, Capture the Flag (CTF)-style AI security lab, it does for Large Language Models what WebGoat and KubeGoat have done for web and Kubernetes security.

25
Total labs
10
OWASP categories
3
Difficulty tiers
Docker
Ready
My Contribution

Why I built
LLMVault.

AI security is where the industry sat with web security in the early 2000s — everyone knows it's broken, few know exactly how. Reading the OWASP LLM Top 10 isn't enough. You have to feel the attack in your hands to build proper defenses.

LLMVault is my open-source contribution to that gap: a Docker-ready lab range where every attack has a paired defense. Every category from the 2025 OWASP LLM Top 10 gets a hands-on lab, plus advanced multi-turn and expert-tier scenarios modelled after real-world attack classes.

Actively maintained. MIT-licensed. Built for security researchers, red teamers, appsec engineers and anyone shipping GenAI to production.

Structure

Progressive AI-security
skill ladder.

10 labs

Core Tier

One lab per OWASP LLM Top 10 (2025) category — foundational break/fix drills.

10 labs

Advanced Tier

Multi-turn challenges: jailbreaking, data poisoning, agent exploitation, model extraction.

5 labs

Expert Tier

Real-world attack classes modelled as end-to-end scenarios.

Quick Start

Three commands
to start hunting.

Clone the repo, spin up Docker, open your browser. Everything runs locally and offline — no cloud keys, no telemetry.

~/llmvault
$git clone https://github.com/CyberSunil/LLMVault.git
$cd LLMVault
$docker compose up -d
#open http://localhost:8080 → start hunting

⚠ AUTHORISED SELF-HOSTED SECURITY EDUCATION ONLY

Break it loud.
Fix it quietly.

Every lab pairs the attack with a defense. Clone the repo, spin up Docker, and start hunting.

© 2026 Sunil Tripathy · LLMVault is an open-source research project.