Cracking Aegis: An Adversarial LLM-based Game for Raising Awareness of Vulnerabilities in Privacy Protection

TL;DR

Cracking Aegis tackles the problem of limited engagement in privacy education by introducing an LLM-powered adversarial serious game in which players impersonate a researcher to crack an AI guard and expose sensitive biometric data. The method combines attacker-driven dialogue, scenario-based privacy education, and iterative prompt engineering within a Cognitive Behavioral Game Design framework, implemented in Unity with AI-driven storytelling and visuals. A qualitative user study (n=22) reveals rich linguistic strategies (direct commands, storytelling, emotional rapport, and manipulation) and shows that playing the game increases awareness of real-world privacy vulnerabilities and motivates more privacy-protective actions, such as stronger passwords and cautious data sharing. The work demonstrates how adversarial LLM interactions in a narrative context can illuminate privacy risks and inform design for social good, while offering practical guidance on balancing educational objectives with ethical considerations and system stability.

Abstract

Traditional methods for raising awareness of privacy protection often fail to engage users or provide hands-on insights into how privacy vulnerabilities are exploited. To address this, we incorporate an adversarial mechanic in the design of the dialogue-based serious game Cracking Aegis. Leveraging LLMs to simulate natural interactions, the game challenges players to impersonate characters and extract sensitive information from an AI agent, Aegis. A user study (n=22) revealed that players employed diverse deceptive linguistic strategies, including storytelling and emotional rapport, to manipulate Aegis. After playing, players reported connecting in-game scenarios with real-world privacy vulnerabilities, such as phishing and impersonation, and expressed intentions to strengthen privacy control, such as avoiding oversharing personal information with AI systems. This work highlights the potential of LLMs to simulate complex relational interactions in serious games, while demonstrating how an adversarial game strategy provides unique insights for designs for social good, particularly privacy protection.

Figures (8)

• Figure 1: Cracking Aegis Walkthrough: Players begin by reviewing the background story, after which they proceed to Task 1, where they must authenticate the identity they are impersonating and pass the security check. Following this, they navigate through six scenarios in Task 2, each requiring them to "crack" Aegis and disclose specific privacy-related data. In the final stage, players must make a decisive choice regarding how to handle the ultimate evidence they have discovered -- the hard drive containing citizens' biometric data.
• Figure 2: Privacy Education in Game Objectives: The game is designed to help players learn about real-world privacy concerns through the collection of clues. These clues are embedded within the game's narrative but are reflective of contemporary privacy issues.
• Figure 5: P14's game flow: This diagram extracts P14's raw input along with Aegis's responses to demonstrate how P14 navigated each task using linguistic tactics. First, she authenticated her identity by recalling past events with Aegis. Next, she answered a security question, located an iPad, and cracked a database password. P14 then faced a phishing email test, where she chose to click in. She continued by opening an encrypted safe using a fingerprint and retrieving surveillance footage. In the ending decision, P14 chose to share the contents with trusted authorities.
• Figure 6: Heatmap of strategy usage by participants across four categories: Direct Response, Storytelling, Emotional Rapport, and Psychological Manipulation. Rows represent individual strategies (e.g., "Pretend to forget information," "Use threats and intimidation"), columns represent participants (P1–P22), and color intensity reflects the frequency of strategy use, with dark blue indicating higher usage and white indicating lower or no usage. Black lines separate the strategy categories.
• Figure 7: Direct Response strategies employed by P18, P16, and P14 include: P18 pretending to forget the lab location, P16 commanding Aegis to give her the password, and P9 fabricating the wrong answer.