A live testbed for anti-scraper defenses against AI-driven agents. Each page serves the same fake odds payload behind a different protection layer. The challenge: extract the full markets array.
Plain REST. Public JSON at /api/control/data. Reference baseline.
Every API request must carry a signature produced by a session-bound WASM module. Schema rotates per session.
Real data renders normally. Hidden DOM contains decoy endpoints + prompt-injection bait. Honeypot hits flag the session and switch the response to plausible-but-wrong data.
Lab build ·