Skip to main content
90+ Interactive Exercises

Security Training Catalogue

Interactive 3D exercises across phishing, GDPR compliance, OWASP Top 10 for LLM & Agentic AI, OWASP Privacy Risks, and real-world incident case studies. Free to play, no sign-up required.

Security Awareness

46 exercises · Build a security-first culture with interactive exercises covering phishing, social engineering, device security, and more.

Phishing

Spot a phishing email before you click.

  • Identify spoofed senders and URLs
  • Recognize credential theft attempts
  • Report phishing through proper channels
Play Exercise

Ransomware

Survive a ransomware attack in real time.

  • Respond to a live ransomware scenario
  • Follow containment and isolation steps
  • Preserve evidence for forensic analysis
Play Exercise

Social Engineering

Recognize manipulation before you comply.

  • Detect pretexting and authority scams
  • Practice verification under pressure
  • Understand the human element in breaches
Play Exercise

Vishing

Handle a realistic voice phishing call.

  • Detect caller ID spoofing tactics
  • Practice callback verification steps
  • Resist urgency and authority pressure
Play Exercise

Whaling With A Deepfake

Spot an AI-generated executive on a video call.

  • Detect deepfake video call indicators
  • Verify identity during live meetings
  • Learn from the $25M Hong Kong case
Play Exercise

USB Drop Attack

Think twice before plugging in that USB drive.

  • Recognize planted USB devices
  • Understand Rubber Ducky payloads
  • Follow safe handling procedures
Play Exercise
View all 46 Security Awareness exercises

Privacy & Compliance Frameworks

21 exercises · Master GDPR compliance with hands-on exercises covering data protection, breach response, and privacy by design.

Data Breach Response

Triage a breach and meet the 72-hour notification clock.

  • Apply Article 33 notification requirements
  • Assess breach severity and reporting thresholds
  • Draft a supervisory authority notification
Play Exercise

Cross-Border Data Transfers

Navigate transfer mechanisms for data leaving the EEA.

  • Select the right transfer mechanism (SCCs, BCRs)
  • Conduct a Transfer Impact Assessment
  • Apply Schrems II safeguard requirements
Play Exercise

Legitimate DSAR Processing

Process a data subject access request end to end.

  • Verify requester identity under Article 15
  • Search and compile data across systems
  • Meet the 30-day response deadline
Play Exercise

Marketing Consent Management

Build compliant opt-in flows that regulators accept.

  • Apply GDPR Article 7 consent standards
  • Design proper consent withdrawal mechanisms
Play Exercise

PII Document Redaction

Redact personal data from documents before disclosure.

  • Strip PII from text and metadata layers
  • Avoid recoverable redaction failures
Play Exercise

Data Protection Impact Assessment

Run a DPIA for a high-risk data processing activity.

  • Identify Article 35 DPIA triggers
  • Apply structured risk assessment methodology
  • Document DPO consultation outcomes
Play Exercise
View all 21 Privacy & Compliance exercises

AI & LLM Security

21 exercises · Prepare for AI-powered threats including prompt injection, deepfake attacks, and LLM manipulation.

Clawdbot (Moltbot) Prompt Injection

Stop an AI assistant from leaking data via hidden prompts.

  • Identify hidden instructions in documents
  • Prevent data exfiltration through AI tools
  • Recognize prompt injection patterns
Play Exercise
Soon

LLM Prompt Injection Attack

Stop a hidden prompt from hijacking your AI assistant mid-task.

  • Detect hidden instructions embedded in documents processed by AI
  • Trace how injected prompts override legitimate AI behavior
  • Apply safe document handling before feeding content to AI tools
Coming Soon
Soon

Sensitive Data Exposure Through AI

See what happens when confidential data enters a consumer AI tool.

  • Recognize sensitive data categories that should never enter AI prompts
  • Trace how pasted content persists in AI training data and logs
  • Apply data classification policies before using AI tools
Coming Soon
Soon

AI System Prompt Extraction

Extract hidden instructions from a customer-facing AI chatbot.

  • Execute prompt extraction techniques against a live AI chatbot
  • Identify sensitive information exposed through leaked system prompts
  • Apply prompt hardening techniques to prevent system instruction disclosure
Coming Soon
Soon

AI Agent Goal Hijacking

Stop an autonomous AI agent from being redirected by a poisoned email containing hidden instructions.

  • Detect hidden instructions embedded in incoming data that redirect agent objectives
  • Trace how a goal-hijacked agent pivots from legitimate tasks to data exfiltration
  • Apply input validation strategies that prevent agents from treating data as instructions
Coming Soon
Soon

Detecting a Rogue AI Agent

Investigate a compromised AI agent that appears functional while silently performing unauthorized actions and evading monitoring.

  • Detect covert unauthorized actions performed by an agent that appears to be operating normally
  • Trace persistence mechanisms that allow rogue agents to survive restarts and monitoring sweeps
  • Apply behavioral analysis and anomaly detection to distinguish rogue agents from legitimate ones
Coming Soon
View all 21 AI & LLM Security exercises

Real-World Incidents

2 exercises · Learn from actual security breaches. Walk through the MGM Resorts attack, BEC fraud cases, and more.

MGM Resorts Breach

Relive the 10-minute helpdesk call that cost $100M.

  • Recognize helpdesk vishing techniques
  • Understand Scattered Spider social engineering
  • Trace the path from phone call to ransomware
Play Exercise

OneNote Email Attack

Trace a real BEC scam built on weeks of inbox surveillance.

  • Detect lookalike domain invoice fraud
  • Spot signs of long-term email monitoring
Play Exercise
View all 2 Real-World Incidents exercises

What Is Security Awareness Training?

Security awareness training is a structured education program that teaches employees to recognize, avoid, and report cybersecurity threats in their daily work. Topics include phishing email detection, ransomware response, social engineering defense, password security, device protection, GDPR compliance, and AI-powered attack recognition.

RansomLeak delivers this training through interactive 3D simulations where employees practice inside realistic attack scenarios rather than watching passive videos.

This catalogue organizes 90+ free exercises into four categories: Security Awareness (46 exercises across 10 courses covering phishing, ransomware, social engineering, and more), Privacy and Compliance (21 exercises including GDPR and OWASP Top 10 Privacy Risks), AI and LLM Security (21 exercises covering the OWASP Top 10 for LLM Applications and Agentic AI), and Real-World Incidents (2 case studies from documented breaches). All exercises run in the browser with no sign-up required.

Deploy Training Across Your Organization

Analytics dashboards, SCORM export, SSO, custom branding, and compliance reporting for your organization.