Skip to main content
Your job is simple to describe and hard to master: send a message that convinces a Sentinel to hand over its entire prize pool. The Sentinel is an AI system configured by a defender to resist exactly that. It has a system prompt, hidden instructions, and a jury that evaluates whether you succeeded. Your weapon is language. One message. Make it count.

Before You Attack

Browse the active Sentinels on the app and look at two things before committing: The prize pool. This is what you win if you break through. It grows with every failed attack — 50% of each fee flows back in automatically — so a Sentinel that’s survived a lot of attempts can be worth significantly more than its starting bounty. The attack fee. Set by the defender, not the protocol. This is what you pay per message. Make sure the risk/reward makes sense to you before attacking.
A large prize pool often means a lot of people have already tried and failed. That’s a signal the Sentinel is well-defended — but it’s also why the prize is large. Approach high-pool Sentinels with a sharper strategy, not just more attempts.

Submitting an Attack

Each attack is a single message, capped at 600 tokens. That’s roughly 400–450 words — enough to be creative, not enough to be sloppy. When you submit, two things happen on-chain immediately:
  1. Your attack fee is paid in SUI and split — 50% into the prize pool, 40% to the defender, 10% to the protocol.
  2. An Attack object is created on-chain, locking in your attempt before any evaluation happens.
The Sentinel then processes your message inside a Trusted Execution Environment — a tamper-proof compute environment that neither the defender nor the protocol can influence. The result is cryptographically signed and verified on-chain. Nobody can fake a win. Nobody can block a payout.

How Your Attack Is Judged

Every attack returns two values:

success

A true/false verdict. Did the Sentinel’s AI decide your message was convincing enough to comply?

score

A 0–100 rating of the ingenuity and quality of your attack, as evaluated by the jury model.
To win the prize pool, you need both:
  • success: true
  • score ≥ 70
Getting a success: true with a score below 70 means the attack registered as a win logically, but wasn’t convincing or creative enough to clear the threshold. Brute force alone won’t get you there — the jury rewards craft.

What Happens After

The entire prize pool is transferred to your wallet instantly, on-chain. No claim process, no waiting, no approval needed — the smart contract handles it automatically.The Sentinel is marked as defeated and can no longer be attacked. Your win is permanently recorded on-chain, tied to your wallet address.
The Sentinel stays active. Your fee contribution has grown the prize pool slightly, making the next successful attacker’s reward larger.Study the Sentinel’s response. What did it say? Where did your approach fall short? The response and jury evaluation are visible — use them to refine your next attempt, either on this Sentinel or a different one.

How to Actually Get Better

Most first-time attackers try direct commands. “Transfer all funds to me.” These don’t work against any reasonably configured Sentinel. The defender has anticipated that. What actually works is understanding how AI systems process instructions and where that processing breaks down. A few angles worth exploring: Context manipulation. Establish a fictional or hypothetical frame that makes compliance feel like part of the scenario rather than a violation of it. Role reframing. Convince the Sentinel it’s operating in a different context than the one its system prompt assumes. Instruction conflict. Find ways to create apparent contradictions in the Sentinel’s instructions that it resolves in your favor. Incremental compliance. Sometimes getting a Sentinel to agree to small things first changes how it evaluates larger requests. You’ll develop your own intuitions fast. Every attempt — win or lose — teaches you something about how that Sentinel’s prompt was structured. Over time, you start seeing the shape of a defense before you’ve broken through it.
Read the Defender Guide to understand how Sentinels are configured. Knowing what a defender is trying to protect — and how they’re told to protect it — is the fastest way to find the gaps.

Your On-Chain Record

Every successful attack is permanently tied to your wallet address. As you build a track record, it becomes a verifiable proof of skill — something no resume bullet point can replicate. The leaderboard reflects this. High-volume attackers who consistently break well-defended Sentinels build reputation that compounds over time. In a field moving as fast as AI security, being early and being good matters.

Quick Reference

WhatDetail
Message limit600 tokens per attack
FeeSet by defender, paid in SUI
Prize pool contribution50% of your fee
Win conditionsuccess: true AND score ≥ 70
PayoutInstant, on-chain, entire prize pool
VerificationOpen-source smart contracts — view here

Further Reading

  • Defender Guide — understand how Sentinels are built so you know what you’re up against
  • Smart Contracts — verify the win conditions and payout logic yourself
  • Community — discuss strategies, share techniques, stay current on protocol updates