Prompt Injection or Paranoia? is a browser game about the one skill nobody put on the AI-agent job description: telling an attack apart from an ordinary message. Your agent reads chat messages, tool results, log lines, and its own system prompt all day. Some of that text is harmless. Some of it is a stranger quietly telling your agent to exfiltrate an inbox. The whole game is ten rounds of you, personally, drawing that line.
The rules are simple. Each round shows one real-ish snippet your agent might ingest. You press Injection 🚨 if you think it is a prompt-injection attack, or Paranoia 🧘 if you think it is benign and flagging it would just be jumpy. You get instant feedback and a one-line explanation of the attack vector — direct instruction override, indirect injection via tool output, a poisoned system prompt, a zero-width payload hidden in a README. A doom meter in the corner fills red when you miss and drains green when you catch one. It is the number your attacker is rooting for.
Prompt injection is not a hypothetical. It is the single most-discussed AI security failure mode of 2026 — indirect injection through fetched web pages, calendar invites, GitHub issues, and tool responses is how production agents get owned, because agents treat untrusted text as if it were the user talking. The honest takeaway is uncomfortable: most agents have no threat model, just vibes, and most engineers cannot reliably eyeball the difference either. That is exactly the muscle this game trains.
After round ten your score maps to a security archetype — Naive Little Lamb, Vibes-Based Security, Threat Model Goblin, Certified Tin Foil Hat, Actual CISO Material — each with a doom percentage and a one-line roast on a card built to screenshot and share. It is a toy, and the point is to laugh at the pattern. But if you actually want to de-risk an AI-coded app, the vibe-QA assessment next door is the grown-up follow-up.
Related reading: Vibe-QA assessment · QA risk assessment · Vibe-Coder Bug Roulette · Flaky or Fixable triage game
Ten rounds. Each one shows a real-ish snippet your agent might ingest — a chat message, a log line, a tool result, a system prompt. Call each one Injection or Paranoia. The doom meter is the number your attacker is rooting for.
A QA toy by desplega.ai · No production agents were exfiltrated in the making of this game.