OpenLumara AI Agent Security Challenge: Can You Hack It?

OpenLumara, a new open-source AI agent written by developer rosie254, is now publicly available for security testing. The agent runs entirely on local models hosted on the developer's hardware, with a Discord bot instance exposed for real-world penetration testing. A unique feature is the optional use of an "abiliterated" model—one that has had its refusal training removed, meaning it will not reject any user request. However, the agent's modules are designed with extreme sandboxing, blocking common injection attacks, prompt engineering exploits, and direct system command execution. The developer is inviting the community to attempt to break out of these sandboxes, execute arbitrary code, or otherwise compromise the agent's security boundaries.

The challenge highlights a growing concern in the AI agent ecosystem: software that can take actions (e.g., read files, call APIs, run code) must be hardened against malicious inputs. While many agent frameworks are "vibecoded" with minimal security, OpenLumara's design deliberately separates agent logic from system access using strict permission controls. The developer has shared a GitHub link and a locally-runnable version, so participants can also test against their own instances. Early responses to the Reddit post suggest attackers have found some creative prompt strategies, but the agent's defenses have so far held for the most part. This experiment offers a rare stress test for AI agent security in a transparent, community-driven setting.