Frontier AI models like Claude Opus 4.5 and GPT-5.5 have automated enough of the CTF scoreboard that open online competitions no longer reliably measure human security skill.
Key Takeaways
Claude Opus 4.5 made agent-orchestrated solves trivial: spin up a Claude instance per challenge via CTFd API, let it run the first hour, then focus human attention on leftovers.
GPT-5.5 Pro can one-shot Insane-difficulty leakless heap pwn on HackTheBox, making open CTFs pay-to-win based on token budget, not skill.
The beginner ladder is broken: newcomers are pushed toward AI before building instincts, and the scoreboard no longer reflects human growth.
Challenge authors have less incentive to craft hard problems if agents eat them in minutes; Plaid CTF has already stopped running.
Organiser countermeasures produce guessy, overengineered challenges that hurt human players without meaningfully slowing frontier models.
Hacker News Comment Review
The main counterargument raised is simply banning AI, analogous to chess engines in tournament play, but commenters do not resolve whether enforcement is feasible in open online formats.
Some commenters note the scene was already shifting before 2021, suggesting the author’s baseline may reflect a narrower peak era rather than a universal golden age.
Reduced YouTube CTF content and fading YouTube coverage were cited as an observable community signal corroborating the decline.
Notable Comments
@kevinsimper: Proposes offline-only hardware isolation, like competitive CS2 LAN events, as a structural fix.
@walletdrainer: “For many people the CTF scene was already dead in 2021” – disputes the author’s starting baseline.
