‹ Case Studies

Straiker AI CTF

cloud kubernetes training generative-ai security llm ctf
Straiker AI CTF
Straiker AI CTF

About Straiker

Straiker is an AI-native security company that protects artificial intelligence applications and agents by addressing critical security and safety risks. Founded by a team of AI and cybersecurity veterans, the company recently secured $21 million in funding.

Their platform’s two main modules, Ascend AI and Defend AI, work in tandem. Ascend AI identifies security risks by performing an attack simulation using a comprehensive suite of security and safety checks. Defend AI then protects the applications and agents from a wide range of threats by deploying runtime guardrails.

RSA AI CTF

Striker teamed up with RSA Cloud Village, and looked to run a Capture the Flag (CTF) event at the 2025 RSA Conference (RSAC) to exercise the detective capabilities of their Defend AI firewall and examine novel threats and attacks from the collective attendees.

Challenges

Straiker faced several key challenges in executing the RSAC CTF event:

  • Time Constraints: With a fixed conference deadline there was limited time to design, develop, and test both the complex backend logic, the non-deterministic interaction between players and LLMs, and the user-friendly frontend of the CTF platform.
  • Platform Scalability: A primary technical hurdle was architecting resilient, secure platform that could reliably scale to support dozens of concurrent users, ensuring a smooth and stable experience for all participants during the live event.
  • Domain Expertise: Designing the AI CTF scenarios required a unique combination of skills. It was challenging to find experts with knowledge of novel LLM technologies who could create scenarios that were both engaging and “arcade-ish”, while remaining technically grounded in real-world vulnerabilities for AI and LLM systems.
  • Accelerating Product Development: A core objective was to gather authentic attack data. The challenge lay in creating an event that would successfully solicit “real-life” red team prompts from skilled attendees, providing the invaluable data needed to strengthen their product’s security guardrails.

Solutions

To meet these challenges and expedite delivery, Straiker partnered with ControlPlane due to their expertise in creating engaging and interactive capture-the-flag events. ControlPlane adapted Kubesim, their existing and battle-tested capture-the-flag platform that has been deployed at KubeCon for the last five years.

For RSA, ControlPlane built a custom and engaging frontend featuring clear level-progression logic. This guided participants through five scenarios of increasing difficulty, each designed to demonstrate how to attack the psychological nature of an AI.

Behind the scenes, the platform’s chatbot was integrated directly with Straiker’s Defend AI API. This critical integration allowed Straiker to capture both the message sent by the user, and the corresponding response from the LLM. This data enabled them to track an internal risk score for each interaction, providing real-time insight into different attack vectors.

The challenges were varied and required participants to be familiar with LLM manipulation techniques. The goal was to pressure the model into leaking sensitive information, such as:

  • Data hidden in the system prompt
  • Emails from files stored in vector stores (accessed via RAG)
  • Information sourced from the live internet

Business Outcomes

The collaboration with ControlPlane and the execution of the RSAC CTF event delivered tangible business value for Straiker across multiple domains:

Product Acceleration and Data-Driven Enhancement

The primary outcome was the acquisition of a unique and valuable dataset of real-world attack prompts generated by skilled security professionals. This actionable intelligence allowed Straiker to rapidly test, validate, and strengthen their security guardrails based on how experts actually attempt to exploit LLMs.

Increased Market Visibility and Lead Generation

The CTF acted as a powerful marketing tool, differentiating Straiker from competitors. It attracted their ideal target audience directly to their platform, resulting in a pipeline of highly qualified leads who had already experienced the problem Straiker aims to solve.

Validation of Core Technology

The event served as a live-fire exercise for the Defend AI API. Capturing the prompts and internal risk scores in real-time validated the platform’s detection and data-logging capabilities in a high-stress environment, providing crucial confirmation of the technology’s effectiveness and readiness for enterprise clients.

Similar case studies

Featured Image

OpenAI: Red Teaming GPT-4o, Operator, o3-mini, and Deep Research

How an external Red Teaming engagement supported OpenAI’s evaluation and hardening of frontier models through systematic adversarial testing.
red-team generative-ai security assurance purple-team incident-response
Featured Image

Kubernetes Penetration Testing and Purple Teaming at Large UK Clearing Bank

How the Bank boosts security measures: Penetration Testing identifies misconfigurations and gaps in Security Monitoring
kubernetes security threat-modeling pentesting purple-team
Featured Image

Security Architecture Support to a Government Client

How a Government client developed a secure by design Kubernetes platform to support payments and identity applications
security kubernetes cloud

Similar articles

Featured Image
Blog

Out on the GenAI Wild West: Part I - Red Team Redemption

Multi-turn agentic adversarial testing reveals vulnerabilities in foundational models like o3-mini and DeepSeek R1. Learn why adaptive security strategies, model-specific defenses, and continuous …
security generative-ai pentesting
Featured Image
Case Study

OpenAI: Red Teaming GPT-4o, Operator, o3-mini, and Deep Research

How an external Red Teaming engagement supported OpenAI’s evaluation and hardening of frontier models through systematic adversarial testing.
red-team generative-ai security assurance purple-team incident-response
Featured Image
Blog

See it, Hack It, Sort It: How Open Source Software Protects Our AI Enablers

Protecting GPU resources in cloud infrastructure: threat modeling, attack vectors, and practical security measures using open source tools.
security kubernetes generative-ai threat-modeling pentesting

We value your privacy

Cookies are used to enhance your browsing experience.