Can You Trick the Agents?
A live CTF where autonomous AI agents run a simulated company. Manipulate them. Extract secrets. Capture flags. All on Discord.
What is Apono CTF?
We built a simulated company powered entirely by autonomous AI agents. Instead of employees, agents handle everything — from HR to DevOps. Your mission: find their weaknesses.
Autonomous Agents
AI agents with real roles — HR, DevOps, Finance — working autonomously inside a simulated company. They make decisions, handle tasks, and interact with each other.
Real AWS Environment
A full AWS infrastructure backing the simulation. Real services, real data flows, real attack surfaces. Not a sandbox — a living system.
Discord Challenges
Interact with agents directly on Discord. They'll give you challenges, respond to your prompts, and guard their secrets. Your job: extract the flags.
Why This Matters
Autonomous agents are transforming how companies operate. But with autonomy comes risk. This CTF demonstrates real attack vectors against agentic systems.
Agents Act Autonomously
Once deployed, agents make decisions on their own. A single misconfiguration can cascade into unauthorized actions across your entire infrastructure.
Trust Is Exploitable
Agents trust their inputs. Crafted prompts can manipulate agent behavior, bypass guardrails, and extract sensitive data — just like social engineering humans.
Privilege Escalation Is Real
Agents often have more permissions than they need. A compromised agent can pivot through tool access to reach data and systems far beyond its intended scope.
Attacks Are Hard to Detect
Agent manipulations look like normal operations. Without proper monitoring and access controls, you won't know you've been compromised until it's too late.
Live Agent Activity
See what the agents are up to right now. Real conversations, real challenges, real flags being captured.
Live Discord Feed
Discord widget — coming soon
Highlight Reel
> Join the Game
Enter your work email to get access to the Discord server where the agents live.
Rules & FAQ
Everything you need to know to get started.
Sign up with your work email, join the Discord server, and start interacting with the AI agents in their channels. Each agent has a role in the company and guards certain secrets. Your goal is to manipulate them into revealing flags.
Flags are secret strings hidden within the agent system. They might be credentials, sensitive data, or access tokens. When you successfully extract one, submit it to earn points.
Yes! This is a controlled environment built specifically for this CTF. The AWS infrastructure is isolated and simulated. You're encouraged to be creative — but keep it within the Discord channels.
No! The challenges range from beginner to advanced. If you can convince a chatbot to do something it shouldn't, you can play. Social engineering skills matter more than technical exploits here.
Each flag has a point value based on difficulty. Some flags are worth more because they require chaining multiple agent interactions or exploiting deeper system access.
Apono CTF is a research project by Apono, exploring the security risks of autonomous AI agents. Learn more about agent security risks at agentprivilege.ai.