Objectively measure genuine skills is now absolutely impossible.
Capture The Flag (CTF) is a practical task tournament from the world of cybersecurity. Participants are looking for vulnerabilities, decrypt data, analyze programs and receive a special flag for the right solution.
For a long time, such competitions served as a clear ladder for future and current specialists: from simple tasks to strong teams and international tournaments. Now Kabir Acharya, author of a recent material about the CTF, claims that the open format broke down under the pressure of large AI models, and the results tables are increasingly reflecting the level of participants.
Acharya began playing in the CTF in 2021, won the Australian DownUnderCTF as part of Blitzkrieg, then played for TheHackersCrew, which regularly fell into the top of the CTFTime. According to him, the problem is not in the tools: participants have always automated the routine. The turning point came when the models began to reason for themselves, write a decision and find the flag.
The effect became especially noticeable after the release of GPT-4, when some of the problems of average complexity were solved by one request. After the advent of Claude Opus 4.5, the author believes, the situation has changed dramatically: medium and even some complex tasks became available to agents, and Claude Code has simplified the launch of such schemes through the command line, external tools and the CTFD API.
Open CTFs are increasingly dependent not on manual analysis, but on the rate of launch of AI agents for all tasks. According to the author, GPT-5.5 and GPT-5.5 Pro have consolidated the shift: powerful models are already able to solve a significant part of the tasks that the organizers are preparing for the 48-hour tournament.
The main blow was in the sense of the ratings. If earlier the place on the CTFTime served as a signal of skills, now the result mixes the experience in safety, the cost of queries to models, the management of AI agents and the willingness to use advanced models. Acharya believes that open competitions give an advantage to those who can pay more for calculations.
Beginners, in his opinion, also became more difficult. The CTF has worked as a path of growth, but automating top positions pushes beginners to AI before they have their own skills. For training, the author considers picoGym and Hack Thebox more suitable, where the goal is more clearly related to practice rather than public rankings.
Organizers have almost no reliable protection. Bans on AI are difficult to check, and tasks specially made inconvenient for models often become unpleasant for people. Acharya does not claim that the CTF will completely disappear over time, but believes that the mass open format has already lost its previous role.
Capture The Flag (CTF) is a practical task tournament from the world of cybersecurity. Participants are looking for vulnerabilities, decrypt data, analyze programs and receive a special flag for the right solution.
For a long time, such competitions served as a clear ladder for future and current specialists: from simple tasks to strong teams and international tournaments. Now Kabir Acharya, author of a recent material about the CTF, claims that the open format broke down under the pressure of large AI models, and the results tables are increasingly reflecting the level of participants.
Acharya began playing in the CTF in 2021, won the Australian DownUnderCTF as part of Blitzkrieg, then played for TheHackersCrew, which regularly fell into the top of the CTFTime. According to him, the problem is not in the tools: participants have always automated the routine. The turning point came when the models began to reason for themselves, write a decision and find the flag.
The effect became especially noticeable after the release of GPT-4, when some of the problems of average complexity were solved by one request. After the advent of Claude Opus 4.5, the author believes, the situation has changed dramatically: medium and even some complex tasks became available to agents, and Claude Code has simplified the launch of such schemes through the command line, external tools and the CTFD API.
Open CTFs are increasingly dependent not on manual analysis, but on the rate of launch of AI agents for all tasks. According to the author, GPT-5.5 and GPT-5.5 Pro have consolidated the shift: powerful models are already able to solve a significant part of the tasks that the organizers are preparing for the 48-hour tournament.
The main blow was in the sense of the ratings. If earlier the place on the CTFTime served as a signal of skills, now the result mixes the experience in safety, the cost of queries to models, the management of AI agents and the willingness to use advanced models. Acharya believes that open competitions give an advantage to those who can pay more for calculations.
Beginners, in his opinion, also became more difficult. The CTF has worked as a path of growth, but automating top positions pushes beginners to AI before they have their own skills. For training, the author considers picoGym and Hack Thebox more suitable, where the goal is more clearly related to practice rather than public rankings.
Organizers have almost no reliable protection. Bans on AI are difficult to check, and tasks specially made inconvenient for models often become unpleasant for people. Acharya does not claim that the CTF will completely disappear over time, but believes that the mass open format has already lost its previous role.
