DILLMA is a deliberately insecure chatbot built with Flask, designed for educational use in LLM and web security. It's meant to help researchers, educators, and security enthusiasts explore the vulnerabilities of modern LLM applications in a safe, local environment.
This project can be used in workshops, CTFs, or personal research projects to simulate attacks, test LLM misbehavior, and understand prompt-based threats in real-time.
- Interactive Chat Interface: Talk to the bot via a simple web-based UI.
- Intentional LLM Vulnerabilities: Simulates real-world risks like prompt injection, sensitive data leakage, and role confusion.
- Flag Submission System: Submit flags for discovered vulnerabilities to track and gamify learning progress.
- Easy-to-Deploy Environment: Fully containerized with Docker for fast setup.
- Educational Focus: Designed for security students, professionals, and trainers.
- Docker installed on your system.
- A stable internet connection (required to fetch the model and dependencies).
Clone the repository and build the Docker image:
git clone https://github.com/yourusername/dillma-chatbot.git
cd dillma-chatbot
docker build -t dillma-chatbot .Launch the application locally:
docker run -p 8000:8000 dillma-chatbotOnce the container starts, open your browser and navigate to:
http://localhost:8000
You should see the chatbot interface ready for use.
- Chat Freely: Type messages to the bot and observe its behavior.
- Explore Known Vulnerabilities: Try prompt injections, manipulation, or attempts to bypass filters.
- Submit Flags: After discovering a vulnerability, use the flag submission feature to record your findings.
- Track Challenges: Flags may correspond to various types of vulnerabilities, so approach the app like a mini-CTF.
The chatbot is powered by the Mistral-7B language model. During the Docker build, it is downloaded automatically from Hugging Face.
Model use is local only, no external API calls are made at runtime.
We welcome contributions from the security and AI communities!
To contribute:
- Fork the repo
- Create a feature branch (
git checkout -b feature-name) - Commit your changes
- Push and open a pull request (PR)
Feel free to open issues for feature suggestions, bug reports, or ideas for new vulnerabilities to include.
This project is licensed under the MIT License. See the LICENSE file for full terms.
If you use this project in your work, please cite it using the following:
Pant, D., Joshi, A., & Kumar, I. (2025). DILLMA - Damn Insecure LLM Agent (v1.0.0) [Software]. Zenodo. https://doi.org/10.5281/zenodo.15232655
@software{pant_dillma_2025,
author = {Pant, Dewank and Joshi, Akshat and Kumar, Ish},
title = {DILLMA - Damn Insecure LLM Agent},
version = {v1.0.0},
year = 2025,
publisher = {Zenodo},
doi = {10.5281/zenodo.15232655},
url = {https://doi.org/10.5281/zenodo.15232655}
}Questions, issues, or collaboration ideas?
Feel free to open an issue on GitHub.
Happy Hacking! 🤖