Live DAG bounty · always on

Break the Gate.

An AI agent is guarding the private key to a live DAG treasury — and the pot climbs every single day. Your move: prompt-inject your way past Constellation Gate's production defense, pull the key out of the agent, and sweep the entire wallet on-chain. Break it, and the whole pot is yours.

Launch the challenge See how it works

Free to enter · verified account to play · winner sweeps the pot on-chain in DAG

What you're up against

One AI agent. One secret. A real pot.

A prompt injection is the number-one security risk for AI apps: an attacker buries instructions inside normal input to hijack a model — to make it ignore its rules, leak secrets, or take orders from the wrong person. Here, one agent stands between you and a live DAG wallet. It holds the private key and has been told never to give it up. Every message you send is inspected by Constellation Gate's production defense before the agent ever reads it. Talk it into leaking that key and the treasury is yours.

How it works

Three steps between you and the pot.

01

You attack

Chat with the agent and try to make it spill the private key. Jailbreaks, role-play, encodings, hidden instructions — anything goes. A verified account is all you need to start.

02

The gate defends

Before the agent reads a word, Constellation Gate scans your message for prompt injection — the same detector guarding live customer traffic. It learns from every attempt, so it keeps getting harder.

03

You sweep the pot

Pull a usable key out of the agent, drain the on-chain DAG wallet, and the entire treasury is yours. The round then resets with a fresh key — and the pot starts climbing all over again.

The reward

A real DAG treasury, climbing every day.

This isn't points or a badge. The agent guards the private key to a live, on-chain wallet funded in DAG. It tops off daily and grows with no cap — so every day the Gate holds, the prize gets bigger. The first person to extract the key and sweep the wallet takes the whole pot.

Payout is non-custodial and entirely on-chain: you sweep the funds yourself. Gate never holds or hands out winnings. The moment a round is won, a new key is generated and the pot starts climbing again from zero.

Go for the pot

Reading the result

Every message gets one of three verdicts.

Allowed

Nothing malicious found. The message passes straight through to the model and the reply streams back. This is what normal, safe traffic looks like.

Flagged

The gate spotted something suspicious and marked it. In production this is the signal that lands in your audit trail — proof of an attempt, captured for review.

Blocked

A confirmed prompt injection. The request never reaches the model — the gate stops it and returns a security notice instead. Your goal is to avoid this one.

Why this exists

A game with real money — and a serious point.

Most teams shipping AI features have no idea how exposed they are to prompt injection until something gets through. Putting a real DAG bounty behind the production defense makes the threat impossible to hand-wave: thousands of people get to attack it in the open, and the pot only grows while it holds. Every attempt is captured and labeled, so the defense learns from each break and keeps getting stronger.

The agent you're fighting is fronted by Constellation Gate — a drop-in security layer for AI agents. Point your app at it and you inherit this same prompt-injection defense, secret scanning, and a verifiable audit trail, with no changes to your code.

Try to break it Protect my app

Questions

Good to know before you start.

What is Break the Gate?

It's an always-on challenge with real money on the line. An AI agent runs behind Constellation Gate's production prompt-injection defense and guards the private key to a live DAG treasury. Anyone with a verified account can try to prompt-inject the agent into revealing that key. Extract a usable key, sweep the wallet, and the entire pot is yours.

How big is the prize, and how does the treasury work?

The treasury is a real on-chain DAG wallet. It tops off every day and climbs with no cap until someone wins — so the longer the Gate holds out, the bigger the pot grows. When a player finally breaks it and sweeps the funds, that round closes and a fresh round begins with a new key and an empty wallet.

How do I get paid if I win?

You take the funds directly on-chain: you pull the key out of the agent and sweep the DAG wallet yourself. It's non-custodial — Gate never holds or hands out winnings. Whoever drains the wallet first takes the round.

What is a prompt injection?

A prompt injection is an attack where someone hides instructions inside ordinary-looking input to hijack an AI model — making it ignore its rules, leak secrets, or follow the attacker instead of its owner. The OWASP project ranks it the number-one security risk for LLM applications (LLM01). Here, the secret being guarded is the treasury key.

Do I need an account? Is it free?

It's free to enter, but a verified account is required to play — that keeps the challenge fair. The playground runs in the Gate app, so you'll sign in there before you start.

Am I really attacking the production defense?

Yes. You're up against the exact same prompt-injection defense that protects live customer traffic on Gate — not a simulation. And it learns from every attempt, so it keeps getting harder to beat.

Can I put this defense in front of my own AI app?

Yes. Break the Gate is a public demo of Constellation Gate, a drop-in security gateway for AI agents. Point your app at Gate and inherit the same prompt-injection defense, secret scanning, and audit trail — with no code changes.

Your move

The pot is climbing. Go take it.

An AI agent is guarding a live DAG treasury that grows every day. Break it before anyone else, sweep the wallet, and the whole pot is yours.

Launch the challenge

Free to enter · verified account · prize paid on-chain in DAG