Frontier AI Has Broken Open CTF Competitions — GPT-5.5 One-Shots Insane Pwn Challenges
Capture The Flag (CTF) competitions have historically been a proving ground for security talent, but according to former top player kabir.au, the open CTF format is now effectively dead. The reason: frontier AI models that can solve challenges faster than humans, with minimal human involvement.
What Changed: From Assistance to Automation
When GPT-4 first launched, it could one-shot medium difficulty CTF challenges — a cryptography challenge could be pasted into ChatGPT and return a flag in 10 minutes. The impact was limited because hard challenges remained untouched. Claude Opus 4.5 shifted the balance: “Almost every medium difficulty challenge, and some hard challenges, became agent-solvable.” With Claude Code packaging the model into a CLI, it became trivial to build an orchestrator that used the CTFd API to spin up a Claude instance per challenge and let it run unattended for the first hour.
GPT-5.5 Seals the Deal
The author, who has worked extensively with GPT-5.5 and GPT-5.5 Pro, reports: “These models can one-shot Insane difficulty active leakless heap pwn challenges on HackTheBox.” Pro “likely surpasses” Claude Mythos in capability. The implication: in a 48-hour CTF, an orchestrated Pro agent can solve the majority of challenges produced by smaller organisers, making open CTFs pay-to-win — the more tokens you can afford, the faster you burn down the board.
Scoreboards No Longer Measure Skill
The CTFTime leaderboard now reflects orchestration ability and budget, not security expertise. Legendary teams appear less often; challenge developers lose motivation. The author argues that even the “beginners can still learn” take misses the point: the visible scoreboard is dominated by AI-using teams, pressuring beginners to rely on AI before building foundational instincts — an anti-pattern that prevents active learning.
Recruiting Implications
Recruiting via CTF performance is becoming less meaningful. AI orchestration for CTFs is already open source or “vibe codeable,” so the signal-to-noise ratio is collapsing. The author, a former member of top team TheHackersCrew, concludes that the competition is now a cheesable mess: “Your performance in a CTF no longer defines your skill the way it used to.”
📖 Read the full source: HN AI Agents
👀 See Also
OpenClaw API Key Security: What You Need to Know About Managed Hosting and TEE
A Reddit post breaks down the risks of handing your Anthropic API key to a managed OpenClaw host and explains how TEE (Intel TDX) can isolate keys at the hardware level.
McpVanguard: Open-source security proxy for MCP-based AI agents
McpVanguard is a 3-layer security proxy and firewall that sits between AI agents and MCP tools, adding protection against prompt injection, path traversal, and other attacks with about 16ms latency.
Claude Code Security Advisory: CVE-2026-33068 Workspace Trust Bypass
Claude Code versions prior to 2.1.53 contain a vulnerability (CVE-2026-33068, CVSS 7.7 HIGH) where malicious repositories can bypass workspace trust confirmation via .claude/settings.json. The bug allowed repository settings to load before user trust decisions.
Sieve: Local Secret Scanner for AI Coding Tool Chat Histories
Sieve scans Cursor, Claude Code, Copilot, and other AI coding assistant chat histories for leaked API keys and tokens. All scanning is local, with redaction and macOS Keychain vault.