AI Security Awareness Quiz

Test your knowledge of AI-specific security risks in 10 questions

An interactive 10-question quiz covering AI-specific security risks — prompt injection, model poisoning, output manipulation, privacy leaks — with explanations for each answer. No backend required. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What topics does the quiz cover?

It spans the AI-specific risks most relevant to builders and users — prompt injection (direct and indirect), data and model poisoning, sensitive-output and training-data leaks, over-trusting model output, insecure plugin and tool use, and supply-chain risk in models and datasets.

Check your AI security instincts

AI systems introduce risks that traditional security training never covered: prompts that hijack instructions, poisoned training data, leaked secrets in outputs, and over-trusted model answers. This 10-question quiz tests how well you understand those risks, with a clear explanation after every answer so it doubles as quick awareness training. It runs entirely in your browser — no login, no tracking, nothing sent anywhere.

How it works

Each question presents a realistic AI security scenario with multiple choices. You pick an answer and the quiz immediately shows whether it was correct and explains the underlying concept — why indirect prompt injection is dangerous, how model poisoning works, why model output should never be trusted as a security boundary, and so on. At the end you receive a score out of ten and a summary of the areas you missed, so you know what to read up on next.

Tips and notes

  • No ML background needed. Every concept is explained as you go.
  • Use it as team training. Run it in a security stand-up and discuss the explanations.
  • Refresh regularly. AI threats evolve fast — retake it quarterly or after stack changes.
  • It is awareness, not certification. A high score is a good signal, not a substitute for secure design and review.

The AI-specific risks that matter most

Traditional security training covers phishing, password hygiene, and social engineering. AI systems introduce a distinct family of risks that most security curricula have not caught up with yet. The ten questions in this quiz are built around the concepts that matter most in practice.

Prompt injection is the gateway risk for LLM applications. A user provides input — or a document the model reads contains embedded text — that overrides the developer’s instructions. The model follows the injected instruction instead. The most dangerous variant is indirect prompt injection, where the override is hidden in content the model retrieves (a web page, a PDF, an email) rather than typed directly by the user. An LLM that can browse the web or read documents can be hijacked by a malicious page it retrieves, without the user doing anything suspicious.

Training data poisoning occurs when an attacker influences the data a model learns from. For models trained or fine-tuned on user-generated data, this is a realistic vector: injecting malicious examples at scale can create predictable model behaviour that the attacker exploits later. This is distinct from adversarial examples, which attack a deployed model’s inference rather than its training.

Insecure output handling is the downstream twin of prompt injection. The model’s output lands in another system — a browser rendering HTML, a database executing a query, an email system sending messages — without being sanitized. The model becomes a vector for cross-site scripting, SQL injection, or email header injection, not because the model is “hacked” but because its output is trusted without validation.

Sensitive information disclosure covers a range of failure modes: a model that has been fine-tuned on confidential data and reproduces it in responses; a model that surfaces another user’s context through a multi-tenancy failure; a model that reveals its own system prompt when asked cleverly. System prompts are not secret by default — they can often be extracted through simple questioning.

Excessive agency is the risk that grows with the capability of AI systems. A model with access to tools — web browsing, file systems, code execution, external APIs — can be directed by a prompt injection to take real-world actions the developer never intended. The blast radius of a prompt injection scales directly with the model’s permissions.

Using the quiz for team training

The quiz is designed to be run individually, but it works well as a group exercise. Run it in a security stand-up, pause on each explanation, and discuss whether your current architecture is vulnerable to that pattern. The prompt injection explanation, for example, is worth pausing on to ask: does any LLM in our stack retrieve external content? If so, do we sanitize it before it enters the model’s context? That conversation — triggered by a quiz question — is more memorable than the same content in a slide deck.