CTF ecosystem collapses as AI automation renders competitive scoreboards obsolete

A cybersecurity practitioner writing under the pseudonym Kabir has published a stark assessment of the competitive Capture The Flag (CTF) landscape, arguing that the format is effectively dead due to the dominance of frontier artificial intelligence models. In a detailed opinion piece published on kabir.au, the author contends that open online CTFs have shifted from testing human security expertise to measuring AI orchestration capabilities and financial resources, undermining the community’s foundational learning ladder.

The author, who competed with top-tier teams including TheHackersCrew and Australia’s Blitzkrieg, notes that the integration of models such as GPT-4, Opus 4.5, and Claude Code has automated the solving of medium and hard challenges. What began as a convenience for medium-difficulty tasks escalated when Opus 4.5 and Claude Code made it trivial to build orchestrators that could spin up instances for every challenge via the CTFd API. This shift meant that teams refusing to use AI were playing a slower version of the competition, while those with greater financial resources could burn down scoreboards by consuming more tokens.

The impact on the competitive hierarchy has been severe. The author observes that the 2026 CTFTime scoreboard is now unrecognisable compared to previous years, with legendary teams such as TheHackersCrew and Emu Exploit either withdrawing, reducing their rosters, or struggling to place in the top 10. Major events have also felt the strain, with prestigious competitions like Plaid CTF ceasing operations. The author asserts that specialised cybersecurity models, such as alias1 by Alias Robotics, are becoming less relevant than general frontier LLMs, which can now one-shot Insane difficulty active leakless heap pwn challenges on platforms like HackTheBox.

Beyond the scoreboard, the author argues that the competitive format has failed to preserve the educational value that once attracted new talent. The traditional CTF ladder allowed beginners to see tangible progress and climb toward elite competition, but this feedback loop is now broken. With visible scoreboards dominated by AI, beginners are incentivised to rely on automation before developing the necessary instincts, creating an anti-pattern that prevents active learning. The author suggests that challenge authors have less reason to invest in craft when their work is solved by agents in minutes, leading to a decline in the quality of challenge design.

In response to the collapse of the competitive format, the author recommends that the cybersecurity community pivot its focus towards educational platforms and local social events. Platforms such as picoGym and HackTheBox are highlighted as better environments for learning, where the expectation is education rather than competitive ranking. Additionally, the author points to security-adjacent social gatherings like SecTalks and local meetups as vital spaces for maintaining community spirit and passion for the field, preserving the human connection that the automated competitive landscape has eroded.