Inspiration
The inspiration for Defend The Box wasn't a textbook or a lecture—it was a personal violation. I was a victim of a sophisticated social engineering attack where I inadvertently downloaded an infostealer (a "backlogger"). Despite having strong passwords, the malware harvested my session cookies, allowing the attacker to bypass multi-factor authentication and hijack my accounts instantly. I felt the gut-wrenching helplessness of seeing my digital life compromised while I was powerless to stop it. This experience taught me that the "Human Firewall" doesn't just need awareness; it needs muscle memory and a healthy dose of skepticism under pressure. I built this vision to ensure other Singaporeans don't have to learn these lessons the hard way.
What it does
Defend The Box is an LLM-powered financial survival simulation vision that turns your desktop into a training ground.
- The Stakes: You start with a virtual fund of $10,000 and a $200 daily "income" to mimic real-life cash flow.
- Real-World Hardening: Your in-game "Armor" is directly linked to your actual game account security. If you enable 2FA and use a strong password for your real account, your virtual "Box" becomes resilient against attacks.
- Dynamic Scenarios: Users choose specific challenges (e.g., Incoming Payroll, Government Grants). As difficulty increases, the scams become less obvious and the AI uses "harvested" personal info to make the attacks feel targeted.
- The Survival Loop: You must identify if a scenario is "Real" or a "Scam" under a ticking clock. Identifying a scam correctly protects your money; identifying a legitimate message as real "hardens" your box, making it receive less damage in future rounds.
How we built it
As this is the proposal stage, we focused on the technical and psychological architecture of the game's vision:
- LLM Game Master: We conceptualized a system prompt logic that allows an LLM to play the role of a "Spear Phisher," generating hyper-localized Singaporean content on the fly.
- The Verification Mechanic: We designed a "Consult Family" feature where players can ask AI family members (Mom, Dad, or a Sibling) for a second opinion.
- Adaptive Defense Logic: We developed a framework where security tiers (like 2FA) act as a direct percentage reduction in financial loss during a simulated breach.
Challenges we ran into
The biggest hurdle was taking the raw panic of a real-world hack—like having cookies stolen—and turning it into a constructive learning mechanic.
- Simulating Pressure: We realized that without a ticking clock, identifying a scam is too easy. Fine-tuning the Time-Pressure mechanic was essential.
- Personalization vs. Privacy: Designing a vision where the AI knows "more about you" required careful thought on how to simulate data harvesting safely.
Accomplishments that we're proud of
- Linking Game to Reality: We are proud of the
Hardeningconcept, which incentivizes users to secure their real accounts. - The Family Hub: Creating a mechanic that rewards users for "talking to their family" is a major win for social resilience.
- Turning a Setback into a Solution: Transforming a personal frustration into a tool that can help protect others.
What we learned
The most important lesson was that Cyber Resilience is a social skill as much as a technical one. Scammers win by making us feel alone and rushed. We learned that the ultimate defense is a combination of hardened security habits and the willingness to verify with others before acting.
What's next for Defend The Box
Since this is currently a vision, our next step is to develop a working prototype that integrates the LLM API with a desktop UI. We aim to expand the simulation to include "Live Breach" events where users must perform active triage. We also hope to partner with local organizations to offer real-world rewards for users who maintain a "Clean Security Streak."
Log in or sign up for Devpost to join the conversation.