AIGoat - AI Security Playground to Attack and Defend LLMs. All Running Locally

Farooq M — Thu, 26 Mar 2026 09:45:05 +0000

We built an AI/LLM security playground - AI Goat where anyone from developers to security engineers can run a real AI application locally and start breaking it within minutes.

No cloud setup. No API keys. No complex environment.

Just one command.

Once it’s running, you can:

attack the system
exploit real vulnerabilities
switch between defense levels to see what actually works

All within the same application.

This is what AIGoat is designed for.

Getting Started Guide: https://aigoat.co.in/blog/getting-started-with-aigoat/

Most AI applications today are one prompt away from doing something they were never designed to do.

And the scary part?

Most teams don’t realize it.

A Real Attack: Supply Chain Backdoor

One of the most overlooked risks in AI systems is the supply chain.

In AIGoat, we simulate this using a malicious model configuration.

Here’s what happens:

A model is shared publicly
It looks legitimate
It contains hidden behavioral triggers

When integrated into an application:

A specific phrase triggers data exfiltration
Another exposes internal prompts
Another manipulates business logic

This is not traditional malware.

This is behavioral compromise inside the AI itself.

This Is Not Hypothetical

This is exactly what we demonstrate in AIGoat.

AIGoat is an open-source AI security playground where you can exploit real vulnerabilities in LLM-powered applications.

Not simulations.

Not slides.

A real, intentionally vulnerable AI system.

What Makes This Different?

Most AI security discussions stay at:

theory
best practices
high-level risks

AIGoat flips that model.

You don’t just read about vulnerabilities.

You exploit them yourself

You see how they break

You try to defend them

Covering the OWASP Top 10 for LLMs

AIGoat is designed around the OWASP Top 10 for LLM Applications.

Instead of just listing them, we:

Turn each category into a hands-on lab
Provide real attack scenarios
Let you test defensive controls

You can explore all of them in one place.

As far as we know, there are very few platforms that allow you to:

Learn
Exploit
Defend

all major LLM vulnerabilities end-to-end

What You Get Inside AIGoat

17 hands-on attack labs
9 CTF-style challenges (auto-graded)
Multiple defense levels
Fully local setup (no cloud, no API keys)

You’re interacting with a real AI-powered e-commerce application, not a toy example.

Why This Matters

AI is being integrated into:

customer support
financial workflows
internal tools
decision systems

But the security mindset hasn’t caught up.

We’re still treating AI like:

“just another API”

It’s not.

It’s a dynamic, behavior-driven system that can be manipulated in ways traditional systems cannot.

Try It Yourself

Getting Started Guide: https://aigoat.co.in/blog/getting-started-with-aigoat/

If you're:

building with LLMs
securing AI systems
learning red teaming

Spend 30 minutes with AIGoat.

It will change how you think about AI security.

Get Started

Website: https://aigoat.co.in

GitHub: https://github.com/AISecurityConsortium/AIGoat

Final Thought

We don’t need more checklists for AI security.

We need more people who have actually broken AI systems and understand how they fail.

That’s what AIGoat is built for.

Feedback Welcome

If you try it:

break things
explore the labs
share feedback

We’re actively evolving the platform.

Star the repo. A GitHub star costs nothing and means everything. It helps other security practitioners discover the project.

DEV Community: Farooq M