Live cybersecurity game

Threatdle

A daily cybersecurity deduction game that turns threat-intelligence datasets into a browser puzzle with server-side answer validation.

Back to main page Live product Today API GitHub

Product Surface

Threatdle browser game
Live Threatdle gameplay surface captured from the public site.
Threatdle architecture diagram
Threat-intelligence ingestion, puzzle generation, Netlify Functions, and browser gameplay.

Problem

Cybersecurity learning often separates structured threat intelligence from memorable practice. Threatdle uses the shape of a daily puzzle to make actors, malware, and ATT&CK techniques easier to reason about repeatedly.

Solution

The documented workflow ingests MITRE ATT&CK STIX, MISP Galaxy threat-actor data, and curated attack-flow files. A snapshot-keyed SQLite workflow records source materialization, then deterministic puzzle generation creates daily game content with repeat-window controls.

Request Flow

Threatdle request flow diagram
The browser receives clue payloads while validation and answer material stay behind API endpoints.

Design Decisions

Server-Side Validation

Guess validation is handled by API endpoints so the answer pool is not simply exposed in the public client bundle.

Deterministic Daily Play

Date-based generation makes the same daily puzzle resolve consistently for different users and devices.

Snapshot Keys

Snapshot metadata gives puzzle content a stable reference to the source material used to build it.

Focused First Game Loop

The first release emphasizes actor, malware, and technique deduction rather than turning every intelligence attribute into a clue.

Live Behavior

The public site and /api/game/today endpoint expose the current puzzle state. The API returns fields including snapshot identity, timezone, server day key, current day key, latest day, and available game days.

Gameplay Boundary

The public site exposes a focused daily game loop: load the active day, review clue material, make a guess, and let the API validate the answer while keeping solution material out of the static client.