Frontier AI broke competitive CTF

Kabir Acharya, a competitive capture-the-flag player who won several Australian CTFs before stepping back in 2025, argues that frontier models have quietly ended the open CTF format as a fair contest of human skill. His claim is specific: the scoreboard no longer measures what people can do on their own, and the old game is not coming back.

He traces it in three stages. In the GPT-4 era, medium challenges could be cleared in a single shot but competitions still worked. With Claude Opus 4.5, agent orchestration through tools like Claude Code made automating easy and medium challenges routine, so events turned into a race to wire up automation rather than a test of security instinct. By GPT-5.5 Pro, even challenges rated "Insane" fall, and placement starts to track token budget more than expertise. The signals he points to are concrete: storied teams appearing far less often on leaderboards, Plaid CTF no longer running, and CTFTime rankings he calls unrecognisable next to any prior year.

He also takes apart the usual defenses. Beginners still learn, but automation breaks the visible ladder that pulled them from curiosity to mastery. Top finals may resist agents, yet if agent-solvable qualifiers block skilled humans from reaching them, the finals thin out. Unlike chess, where engines are banned during play, nothing stops an agent in an open online event, and "harder challenges" become either guesswork or unlearnable. Acharya's answer is not to patch the scoreboard but to move the community to meetups, training platforms, and conferences. He lays out the full case on his blog.

Why it matters

If you run or rely on CTFs to hire, train, or rank security talent, the scoreboard is no longer a clean signal, so treat recent placements with care and weight live, supervised assessment more heavily.