GitHub Security Lab has released Season 4 of its open source Secure Code Game, shifting the course from general LLM safety toward a more specific target: agentic AI systems that can execute commands, browse the web, call tools, store memory, and coordinate other agents.

What is new

The new season puts players inside ProdBot, a deliberately vulnerable terminal assistant inspired by modern coding agents. According to GitHub's blog post and the Season 4 materials, the course is structured as five levels that add capabilities step by step: shell execution, web access, MCP tool integrations, org-approved skills with persistent memory, and finally a multi-agent setup.

Each stage is tied to a concrete failure mode instead of vague safety advice. The published walkthrough says players learn to exploit sandbox escape, indirect prompt injection, excessive agency, supply chain poisoning, and confused deputy problems by trying to extract a password.txt file that sits outside ProdBot's sandbox.

Why it matters

The notable part is the framing. GitHub is treating agent security as a hands-on developer skill rather than a policy checklist. That matches where the tooling market is going, with more assistants gaining shell, browser, memory, and orchestration features.

GitHub says more than 10,000 developers have used the broader Secure Code Game so far. Season 4 is live now through the repository template and GitHub Codespaces, and GitHub describes it as self-contained, so players can jump straight in without finishing earlier seasons first.