Large-language-model wrappers increasingly rely on the “ChatML” format to segregate system, assistant, and user roles, yet those delimiters introduce a critical design flaw: there is a role hierarchy but no ChatML/server-side RBAC or parameter-level trust boundary built in to ChatML or its chat-completions JSON wrapper. Any client that can speak ChatML can also impersonate privilege, similar to the logical flaws of early-2000s web apps. To make it worse: everybody and their mother forked this thing with roles/privileges but no built-in RBAC pioneered by leading model providers.

In twenty minutes we will walk through the anatomy of that oversight and unveil three vendor-agnostic role-injection techniques that bypass guardrails, trigger unbounded consumption, and hijack function calls in under 50 tokens. We then pivot to parameter pollution, showing how JSON key overrides (temperature, system, tools) can be further used to abuse agents.

Exploitation, Not Coercion is a strategic/operational level wargame designed to explore the realities of contemporary state-sponsored cyber operations. Unlike traditional conflict that is shaped by coercive dynamics, this game is built on the concepts of cyber persistence theory, persistent engagement, and the dynamics of continuously converting exploitation into meaningful, strategic outcomes. Players take on the roles of CMU/APT units, building capacities and managing resource constraints to achieve strategic goals. Through asymmetric objectives, asymmetric capabilities, and dynamic resource allocation, the game models real-world challenges such as:

• Managing talent, equities, and capability pipelines
• Gaining and maintaining access in changing environments
• Managing stealth and operational security
• Trade-offs between speed, scale, scope, and long-term persistence.

The workshop blends hands-on gameplay with strategic discussion, giving participants insight into both the technical and strategic dimensions of cyber conflict.