Cracking Aegis: An Adversarial LLM-based Game for Raising Awareness of Vulnerabilities in Privacy Protection

TL;DR

This paper introduces Cracking Aegis, a dialogue-based serious game using LLMs to simulate adversarial interactions, raising awareness of privacy vulnerabilities through engaging, hands-on experiences and revealing diverse deceptive strategies.

Contribution

It presents a novel adversarial game leveraging LLMs to simulate complex privacy attacks, providing insights into user deception and privacy awareness.

Findings

Players used diverse deceptive strategies like storytelling and emotional rapport.

Players connected in-game scenarios with real-world privacy threats.

Participants intended to improve their privacy practices after gameplay.

Abstract

Traditional methods for raising awareness of privacy protection often fail to engage users or provide hands-on insights into how privacy vulnerabilities are exploited. To address this, we incorporate an adversarial mechanic in the design of the dialogue-based serious game Cracking Aegis. Leveraging LLMs to simulate natural interactions, the game challenges players to impersonate characters and extract sensitive information from an AI agent, Aegis. A user study (n=22) revealed that players employed diverse deceptive linguistic strategies, including storytelling and emotional rapport, to manipulate Aegis. After playing, players reported connecting in-game scenarios with real-world privacy vulnerabilities, such as phishing and impersonation, and expressed intentions to strengthen privacy control, such as avoiding oversharing personal information with AI systems. This work highlights the potential of LLMs to simulate complex relational interactions in serious games, while demonstrating how an adversarial game strategy provides unique insights for designs for social good, particularly privacy protection.