If you've ever competed in a CTF (Capture The Flag) cybersecurity competition, this one might sting. Kabir — a champion who won DownUnderCTF and competed with TheHackersCrew in the global top 10 — has declared "The CTF scene is dead," sparking 308 comments on HN.

How AI Dismantled CTFs, Step by Step

GPT-4 era (2023): Medium-difficulty challenges became one-shottable — a single prompt could produce the full solution and flag. "Hard challenges mostly untouched," the community shrugged.

Claude Opus 4.5 era (2025): The game changed. Nearly all medium challenges and some hard ones became agent-solvable. Teams built orchestrators that spawn AI instances for every challenge via the CTFd API. The first hour of competition became a race to automate, not to think. Scoreboards started measuring orchestration speed alongside security skill.

GPT-5.5 Pro (May 2026): Kabir's hands-on testing shows these models can one-shot Insane-difficulty active heap exploitation challenges. Open CTFs are now pay-to-win — whoever can afford to burn more tokens wins.

The Scoreboard No Longer Measures Skill

CTFs were never just puzzles. They were a ladder. Beginners could see themselves improve, solve harder challenges, join stronger teams. That feedback loop is breaking. When the visible scoreboard is dominated by AI-armed teams, beginners face an impossible choice: use AI before building fundamentals, or grind honestly and never see progress. Both options destroy CTF's educational value.

Challenge authors — who spend weeks crafting beautiful, intricate problems — have less reason to create when their work gets shredded by an agent in minutes.

Community Response: It's Not Cheating, But It's Still a Problem

Security expert tptacek corrected a key misconception: automating CTF challenges isn't usually cheating — it's part of CTF culture. Top teams always had toolboxes to shred early challenges. The problem isn't AI usage; it's that AI has become too capable. When the model does the reasoning, writes the exploit, and leaves the human with nothing to do but copy the flag, competition loses meaning.

One challenge author found an unexpected silver lining: "I built an obfuscator, made the AI deobfuscate it, kept improving until the AI couldn't solve it. Now I have a production-grade deobfuscator that's better than most commercial tools." Perhaps CTF's future lies not in banning AI, but in designing challenges even frontier models can't crack.

📎 Original: kabir.au · HN Discussion: 308 comments