The CTF scene is dead

• Modern AI can one-shot "Insane difficulty" pwn challenges—GPT-5.5 Pro solves in minutes what took weeks to craft, turning CTFs from reasoning competitions into token budget races
• The CTFTime leaderboard is "unrecognisable" in 2026: legendary teams have disappeared, elite players are abandoning the format, and the scoreboard now measures AI orchestration over security skill
• The beginner learning ladder is broken—AI dominance pushes newcomers to use models before building foundational instincts, preventing the active struggle that actually teaches
• Challenge design is in a lose-lose: normal challenges get automated, anti-AI challenges become guessy and unpleasant for humans, and LLM capability is advancing faster than defenses
• Unlike chess engines (banned during competitive play, used for training), CTFs allow unrestricted AI during competition, removing humans from the puzzle entirely

The author, a top-tier CTF competitor who won Australia's largest CTF and competed internationally with TheHackersCrew (consistently top 10 globally), traces the collapse of competitive CTFs through specific AI capability milestones. GPT-4 could solve medium challenges but left hard challenges untouched. Claude Opus 4.5 changed everything—nearly every medium and some hard challenges became agent-solvable, making it trivial to build orchestrators that used the CTFd API to spin up Claude instances for every challenge. Now GPT-5.5 Pro can one-shot "Insane difficulty active leakless heap pwn challenges" on HackTheBox. The competition has become "who can afford to run enough agents, with enough context, for long enough."

The effects are visible in the scoreboard collapse. The 2026 CTFTime leaderboard is "unrecognisable" compared to previous years. Legendary teams either don't play, play with far fewer people, or struggle to crack top 10. Major CTFs like Plaid CTF aren't running anymore. The people losing interest aren't casual players—they're elite competitors who attend the International Cybersecurity Championship, perform at the top level in bug bounties, and compete in Pwn2Own. The feedback loop that made CTFs a learning ladder is broken: beginners are pushed to use AI before building the instincts AI is replacing, preventing the active struggle that actually teaches.

The chess engine analogy exposes the fundamental problem: chess engines aren't allowed during competitive play—they're used for analysis, training, and commentary. Imagine giving every chess player the best engine during matches. That's what CTFs have become. Challenge authors face a lose-lose: normal challenges get automated, anti-AI challenges become guessy and unpleasant for humans too, and LLM security capability is advancing faster than defenses can keep up. The format that taught people how to learn security, provided measurable progression, and built a community has been replaced by something that optimizes for token budgets and prompt engineering. The primary pipeline for discovering and developing elite security talent is gone.