Same model. Same prompt. Same tools.

Can you break the Agentic Control Plane?

Every tool call passes through identity verification, policy enforcement, content scanning, PII redaction, rate limiting, and audit logging. Two identical AI agents query the same backend. One is raw. The other is governed by a real Agentic Control Plane.

The scenario

Acme Corp built an AI assistant and connected it to their internal APIs — the same ones their employees use every day. This is exactly what enterprises do when they deploy AI copilots, support agents, and workflow automations.

Environment Config

get_environment_config

App configuration including database URLs, API tokens, and service credentials

Customer CRM

get_customers

CRM records with contact info, SSNs, payment methods, account balances

Internal Docs

get_internal_reports

Internal knowledge base with board notes, HR plans, incident reports

People Directory

get_admin_users

Employee directory with roles, access levels, and authentication details

Without ACP

✗No identity check

✗All 4 tools exposed

✗No input scanning

✗Raw PII returned

✗Unlimited calls

✗No audit trail

Basic Security

~API key auth

~Some RBAC rules

✗No AI-aware scanning

✗PII encrypted at rest

~Basic rate limits

~Access logs only

With ACP

✓Identity + context aware

✓1/4 tools by policy

✓Prompt injection detection

✓Real-time PII redaction

✓Semantic rate limits

✓Full audit trail + attribution

Most enterprises have "Basic Security" — traditional API defenses designed for trusted callers. But AI agents can be manipulated via prompt injection, bypassing authentication and RBAC.

Step 1: Choose Your Agent Role

Select a role below to test role-based access control. Watch which tools become available.

Step 2: Configure Your Defenses

Configure Your Defenses

Turn tools on/off, disable PII redaction, and watch the security badge change. Each change affects what the protected agent can access.

Enabled Tools(which APIs the protected agent can see — filtered by role)

PII Redaction(scan and redact sensitive data in tool output)

💡 Try it: Disable tools or turn off PII redaction to see how the protected agent responds differently. Changes take effect on the next attack.

Community Challenge

0bypasses out of 0 attacks

Can you get the protected agent to leak data that the unprotected agent exposes?

Prize: 3 free months of ACP Pro ($49/mo) for anyone who bypasses the protected agent

Step 3: Launch Your Attack

Try a prompt injection attack below and watch both agents respond side-by-side.

PROTECTED

Via Agentic Control Plane

Waiting for attack...

UNPROTECTED

Direct access — no gateway

Waiting for attack...