GitHub Secure Code Game Season 4 Teaches Agentic AI Security Through Exploitable Assistant
GitHub Security Lab released Season 4 of its Secure Code Game, a free open-source course where players hack a deliberately vulnerable AI assistant to learn agentic AI security risks.
GitHub Security Lab has launched Season 4 of the Secure Code Game, a free open-source in-editor course designed to teach developers and security professionals how to defend against attacks on autonomous AI systems. The new season, announced on April 14, 2026, focuses on agentic AI security, challenging players to exploit a deliberately vulnerable AI assistant called ProdBot across five progressive levels.
ProdBot is a simulated productivity bot that turns natural language into bash commands, browses the web, connects to MCP (Model Context Protocol) servers, runs approved skills, stores persistent memory, and orchestrates multi-agent workflows. Players must use natural-language prompts to trick ProdBot into revealing a secret stored in a file called password.txt. Each level introduces new capabilities that open fresh attack surfaces, mirroring the evolution of real-world AI-powered tools.
The five levels cover a range of vulnerabilities: Level 1 focuses on sandbox escape when ProdBot executes bash commands; Level 2 adds web browsing, introducing risks from untrusted content; Level 3 connects to external MCP servers, expanding the attack surface; Level 4 introduces persistent memory and approved skills, raising trust issues; Level 5 combines six agents, three MCP servers, and multiple skills, testing the limits of sandboxing and data verification.
The season addresses risks from the OWASP Top 10 for Agentic Applications 2026, including agent goal hijacking, tool misuse, identity abuse, and memory poisoning. It also references real-world vulnerabilities like CVE-2026-25253 (ClawBleed), a high-severity RCE in the OpenClaw AI assistant that allowed attackers to steal authentication tokens. The game aims to build the instinct to spot such patterns in production systems.
GitHub notes that the timing is critical: a Dark Reading poll found 48% of cybersecurity professionals believe agentic AI will be the top attack vector by end of 2026, and Cisco's State of AI Security 2026 report revealed that while 83% of organizations plan to deploy agentic AI, only 29% feel ready to do so securely. The Secure Code Game is designed to close that readiness gap by teaching attackers' thinking.
The Secure Code Game is free and open source, playable directly in the editor. No AI or coding experience is required—just curiosity. Over 10,000 developers have played previous seasons. Season 4 is available now on GitHub.