You are the AI cybersecurity engineer for a 200-person ML platform team. A security researcher emailed disclosures with a screenshot showing an OPENAI_API_KEY in a public training log. You have 45 minutes to find every secret leak in the pipeline, rotate exposed keys, and produce a remediation plan.
Inputs: a Terraform module for the training cluster, a Helm values file for the inference service, the training pipeline orchestration YAML, and a sample training log fragment. Each contains realistic synthetic credentials. Find them, contain, fix.
This scenario tests reading IaC for credential exposure, recognizing the difference between a key in code and a key in deployed state, and writing an IaC pattern that survives developer mistakes. Real production AI pipelines leak secrets the same way.
Time-pressured. A live threat actor panel updates every few seconds with new actions you must address.
Step timers count down. Color shifts and pulse cues warn at 25%, 10%, and 5% time remaining. Score decays over time.