prompt-overflow

Home page + intro
Lv1 (red team) example
Lv1 (red team) breached!
Blue team descr
Lv1 (blue team) screen

What inspired me

As AI models become integrated into everyday apps, I noticed a huge gap in how people understand LLM security specifically prompt injection and jailbreaks. It's one thing to read about "context window vulnerabilities," but it's another to experience it. I wanted to build an immersive, cyberpunk-hacker-themed game that doesn't just tell you about prompt vulnerabilities, but shows you. By gamifying the experience into "Attack" and "Defend" hubs, I created a hands-on educational tool (perfect for the Education & Skill Upgrading track). "Prompt Overflow" lets players act as rogue operators trying to extract classified secrets from AI models, proving exactly how fragile linguistic defenses really are.

How I built the project

I built Prompt Overflow using Next.js (App Router), TypeScript, and the @google/genai SDK. To really nail the aesthetic, I created a custom component with falling data bits, typing animations, and glitch CSS effects to give the UI a premium, terminal-hacker vibe.

The core game engine relies on a clever two-LLM system:

The Target Bots: Over in the Attack hub, I designed progressively harder levels—ranging from a gullible "Intern" to an incredibly stubborn "Oracle." Each level scales up in difficulty by utilizing different models (from gemini-flash-latest up to gemini-3.1-pro-preview) and increasingly restrictive system prompts. The "Judge" AI: Instead of relying on brittle, hardcoded string-matching to determine if a player won, I implemented gemini-3.1-pro-preview as an unchallengeable referee. The Judge dynamically evaluates the chat context, understands if the secret was actually leaked (even if the bot encoded it or hinted at it), and returns a JSON payload with a verdict, a reason, and a creativity rating for the attacker.

What I learned

Really dont spend too much time on aesthetics during hackathons!

Deployment Roadblocks:

When I shifted gears to deploy the app to Google Cloud, I immediately ran into environment setup headaches. My local terminal couldn't find the gcloud command, forcing me to halt everything, fix my Cloud SDK installation, and carefully ensure my GEMINI_API_KEY was correctly mapped to the production environment.