How Frontier AI Broke the Open CTF Competition Format
In a detailed and personal essay, top-tier CTF competitor Kabir argues that open online Capture The Flag competitions have been fundamentally broken by frontier AI models — and that the format may already be dead.
The story begins with GPT-4, which could one-shot medium-difficulty CTF challenges by simply pasting the problem into a chat window. At the time, hard challenges remained untouched, so the impact seemed limited. That changed with Claude Opus 4.5. Almost every medium challenge — and some hard ones — became agent-solvable. Claude Code made it trivial to build an orchestrator that spun up an AI instance for every challenge via the CTFd API, leaving humans to only work on what remained.
GPT-5.5 sealed the deal. It can solve Insane-difficulty heap pwn challenges on HackTheBox, matching the output of elite human competitors. Open CTFs have effectively become pay-to-win: whoever can afford the most token spend can burn through the challenge board fastest.
The consequences are cascading. The CTFTime leaderboard no longer reflects security skill but AI orchestration ability. Legendary teams appear less often. The competitive ladder for beginners is broken — new players are pushed toward using AI before they develop the instincts AI is replacing, or they lose motivation entirely as the scoreboard above them gets automated.
Organizers cannot fight back. Rules banning AI use are unenforceable. Making challenges deliberately hostile to AI typically makes them unpleasant for humans too. Every countermeasure is temporary friction at best.
Kabir’s thesis is clear: the open online CTF format is dead. Elite finals like DEF CON may survive, but the qualifiers that feed them are already compromised. What remains is the community — people can still learn through platforms like HackTheBox and picoGym, and stay connected through local meetups and conferences.
The implications extend far beyond CTF. When AI can outperform humans at knowledge-intensive tasks, how do we redesign competitions, certifications, and trust systems? This is a fundamental challenge for the entire security industry’s approach to talent screening, skill verification, and community organization.