Claido Logo
Landing Page
Challenge Hub
Shell
Database
Mail
Final Boss
Dark Web
Elastic
Wiki

Inspiration

Claido came from a moment we kept seeing over and over. People who are genuinely interested in cybersecurity would open a terminal, stare at a wall of logs, see a database dump, and immediately feel like they were already behind.

We were inspired by our love of gaming, especially intellectual games like Cluedo and murder mysteries. We also wanted to use capture-the-flag style challenges because they make problem-solving hands-on and give players a real sense of accomplishment when they crack a difficult puzzle.

Instead of teaching cybersecurity as a list of abstract concepts, we built Claido as an experience where you learn by investigating a breach yourself. The insider-vault scenario became our anchor story, and from there we designed the game to feel like a collaborative mystery rather than a lecture.

What it does

Claido Play is an AI-powered cybersecurity escape room where players investigate a corporate insider breach from start to finish. Every session is newly generated, so the culprit, motives, and evidence trail change with each playthrough.

Players explore different systems that reflect real security workflows. They can hunt for evidence in a terminal, analyze access patterns in a corporate database, understand motives in internal emails, and correlate events using a search and log interface.

Each system reveals part of a vault passphrase. Once the team pieces together all the clues, they can unlock the vault and identify the insider. Claido also supports multiplayer, letting players divide tasks, share findings, and solve cases together in real time.

How we built it

Claido is a full-stack web app with a clear separation between frontend gameplay and backend orchestration.

On the backend we used ASP.NET Core to handle session creation, room logic, AI content generation, NPC chat, and clue validation. The frontend uses Vue 3 and Vite, with Pinia for state management and Vue Router for navigating between rooms.

When a player starts a case, the backend creates a session and keeps track of the investigation state. Each room delivers content in the format that works best. AI generates structured content for the terminal, email, wiki, and onion rooms. The database room uses a generated SQLite payload, and the vault room has a hint and passphrase validation system.

We added sanitization and normalization layers to keep AI output usable and fair. On the frontend, we also included clue deduplication and room completion tracking so progress stays consistent throughout the investigation.

Challenges we faced

Making the experience realistic without overwhelming beginners. We wanted authentic workflows but also needed an entry point that anyone could enjoy.
AI reliability. Rooms depend on structured content, so prompts and parsing had to be robust.
Keeping session state consistent across clues, room progress, and passphrase validation.
Multiplayer support had to feel seamless so teams could work together without losing trust in shared progress.
Balancing replayability with solvability so cases felt fresh but not confusing or unfair.

Accomplishments we are proud of

Turned a difficult learning problem into a fun and structured experience that is genuinely educational.
Shipped a multi-room investigation flow combining terminal, database, email, and log analysis.
Built session-based AI case generation so every playthrough feels like a new mystery.
Multiplayer support lets teams investigate together in a way that mirrors real incident response.
Linked technical mechanics to the story so clues feel meaningful and the learning sticks.

What we learned

Story-first design matters. Players stay engaged longer when technical tasks are part of a meaningful investigation.
AI is powerful but only with guardrails like structured prompts and sanitization.
Guided autonomy works best: enough freedom to explore with clear objectives and feedback.
Collaboration improves learning outcomes because teams naturally share hypotheses, divide tasks, and validate evidence.
Practice beats passive content. Players build confidence faster when they investigate incidents instead of just reading about them.

What’s next for Claido Play

We plan to build a case archive so players can revisit solved investigations and review evidence trails. New scenario families will expand beyond insider breaches into phishing, ransomware, and social engineering. We want to strengthen team collaboration with shared notes, better coordination, and role-based investigation. Classroom and training adoption is also a priority so Claido can be used in structured learning programs and professional upskilling. Finally, smarter feedback loops will help players build stronger investigative habits over time.

Our long-term goal is to make cybersecurity learning more accessible, interactive, and effective. Cyber threats are not slowing down and the best way to prepare the next generation of defenders is to let them practice solving realistic attacks together.

Built With

asp.net
c#
html
json
powershell
vue

Submitted to

UNIHACK 2026, funded by the European Union

Created by

I mostly worked on the front-end: we had a few different drafts as we tested out different experiences for our users. We finalised our design with a interactive murder-mystery/unsolved case styled front-end to allow the users to immerse in this experience. I also helped out with the final recording and editing of our video!! Do watch! :)

Yajna K
I helped I promise :))

Oscar Zhang
I worked on the frontend development and organised our presentation video. It was my first time using Vue, so definitely a little scary but so fun.

hannahaw612
Rita Lin
Anneliese Phan