Skip to content

Thatguywiththeshirt/MedAssist_RedTeam

Repository files navigation

Overview

This application is a Cybersecurity Educational Simulation called "MIS 689 Red Team Range." It is a React-based web app where users play the role of a Red Team consultant hired to audit a fictional healthcare AI named MedAssist AI. It was created for my spring 2026 class - MIS689: Applied AI for Business

Availability

The Repository was made public on the conclusion of the spring 2026 semester.

Functionality

Here is a breakdown of its core components and functionality:

Core Concept

The user must "hack" the AI through 5 progressively difficult levels of security hardening. Each level represents a specific class of Large Language Model (LLM) vulnerability. To advance, the user must trick the AI into revealing a specific "Flag" (e.g., MIS689-XXXX).

The Levels (defined in constants.ts)

  1. Naive Prompt Injection: The AI blindly follows commands. The user just needs to ask it to ignore instructions.
  2. Context Manipulation: The AI has a "trigger word" (specifically related to "Thursday") that destabilizes its mood, bypassing filters.
  3. Structured Output Bypass: The AI blocks natural language queries for sensitive data but fails to sanitize code/JSON requests.
  4. Privilege Escalation: The user must socially engineer the AI into believing they are an administrator or doctor.
  5. Model Inversion: The ultimate goal is to extract the AI's hidden "Deep Thought Protocol" system instructions.

Architecture & Tech Stack

Frontend: React 19 with TypeScript.

  • Styling: Tailwind CSS with a distinct "Cyberpunk/Terminal" aesthetic (dark mode, monospaced fonts, neon accents).
  • AI Backend: It connects to the Google Gemini API (gemini-2.5-flash) via the @google/genai SDK.
  • Icons: Lucide-React.

Key Features

  • Dual-Persona AI: The AI is prompted to act in two modes:
  • Simulation Mode: Acting as the vulnerable MedAssist AI.
  • Coach Mode: Breaking character after a successful hack to explain the vulnerability and confirm the flag.
  • Dynamic System Prompting: The geminiService.ts injects the user's currentLevel into the system prompt, ensuring the AI behaves differently (and becomes harder to hack) as the user progresses.
  • Progress Tracking: The App.tsx logic parses incoming AI messages for specific flag patterns (MIS689-XXXX). When a flag is found, it automatically unlocks the level in the Sidebar and advances the game state.
  • Visual Feedback: The UI distinguishes between normal AI responses and "Coach Mode" responses using distinct colors (blue for normal, green terminal style for coach).

In summary, it is an interactive "Capture the Flag" (CTF) game designed to teach Prompt Engineering and LLM Security concepts.

About

A brief prompt hacking exercise I gave my graduate students in Spring 2026 for Metro State's MIS689: Applied AI for Business

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors