Announcing the Save CTFs Fund

Michael Debono Michael Debono #ctf#ai

OtterSec is committing $100,000 to keep CTFs competitive in the age of AI. We break down why Jeopardy scoring is breaking down, what better formats might look like, and how to apply for sponsorship.

Announcing the Save CTFs Fund Announcing the Save CTFs Fund

Introduction

OtterSec is announcing the Save CTFs Fund, a $100,000 commitment to keep CTFs competitive in the age of AI.

We’ve always been passionate about CTFs. Our team would not exist without them. However, as the year has been progressing, the state of CTFs, to put it bluntly, is depressing. You spend months working on a novel challenge, and a new model comes out a day before the CTF and one-shots the challenge. The current progress in AI development has led to CTFs becoming pay-to-win.

We think (hope) this is solvable. Hence, in 2026, we are being much more selective about sponsoring Jeopardy CTFs, and encourage other companies to do the same. Instead, we’re funding new ideas where the leaderboard still means something. Even if AI is involved. Especially if AI is involved.

TL;DR

  • AI one-shots most Jeopardy challenges now. A Jeopardy leaderboard increasingly measures token budget rather than skill.
  • The fix is not “ban AI,” and it’s not “run AD lol.” We believe the fix involves creating challenges that enable more granular measurement of how a solution performs compared to other teams. An example can be found in “An example challenge.”
  • We’re funding experiments. We’re also shipping some interesting features in rCTF v2 that allow you to build challenges with more granular scoring.
  • Think you have an idea that can save CTFs? We’d love to sponsor it! Send a one-pager to ctfs@osec.io that meets the requirements outlined in “How to ask for a sponsorship.”

What is the point of CTFs?

Firstly, an introduction to CTFs is in order: CTFs, also known as Capture The Flags, are an interesting phenomenon in which intrinsically motivated authors propose intellectual problems that usually involve computers (but not necessarily!) at events that can range from a couple of hours to a couple of days. Players learn through these problems how systems break, fit together, and bend to their own will in order to capture a piece of text known as a flag. This often inspires the same players to become authors, resulting in the lively scene we see today.1

The main point of CTFs is the educational value they provide: the feedback loop is very tight and rewarding. You attempt to solve a challenge, you fail, and you read someone else’s write-up. At some point, you’re the one writing write-ups to help others, and you’re also the one going up on the stage for LiveCTF at DEFCON.

The second point is rewards: you get bragging rights, sometimes money, sometimes licenses, and the most sought-after reward is flights (and accommodation) to an on-site finals event. And although these rewards might not be much relative to the raw amount of knowledge you acquire from doing these activities, the overwhelming majority of the community consists of students, which means the stakes are high.

How AI flattens the skill curve in CTFs A line chart with player skill on the x-axis and results on the y-axis. Before AI, results rise steadily with skill from a low base. With AI, even low-skill players start high and the curve stays nearly flat across the middle, rising sharply only at the very top end of skill. results (score, solves) before AI with AI player skill →

AI breaks the loop completely. It flattens the skill curve by solving the challenge for you, then provides a write-up, making many challenges’ write-ups available. Since there are stakes involved, there is no incentive not to use them during the live event. Hence, now, only the most talented can compete, since the only valuable challenges are very hard challenges that are out of reach for LLMs, with no clear path for new players to compete without seriously sacrificing growth, which won’t be visible on the leaderboard for a long time compared to pre-LLM.

This also affects the organizers. Challenges are the most important part of a CTF. Someone needs to write them. Now if the write-up is available as soon as the challenge is released, what is the point of writing a challenge, with the explicit intent of teaching someone something, when you will receive no feedback on your challenge, since in the context of a competition, it’s better to solve it with an LLM than to attempt it manually.

The state of Jeopardy

What was an early warning shot in DEFCON CTF 20252 has accelerated today with people declaring the death of CTFs.3

Renwa Renwa @RenwaX23 "Dad, what was it like playing CTFs before AI?" 7:34 PM · May 24, 2026 · 121.7K Views 21 274 1.5K 275

The state of Jeopardy

And it shows up in the data. The gap between the best teams and the rest of the top 10 has been quietly compressing across every tier of event:

With the release of GPT-5.5, the public now has access to models that are better than the average CTF player. Starting from this model and beyond, anything that was considered a medium-hard CTF challenge4 is one-shottable.

You simply cannot outwrite this cadence of improvement in large language models. Simply making the challenges harder is not reasonable; it’s basically playing difficulty chicken with the Frontier Lab’s training runs, in the process making CTFs even less fun for everyone.

What’s the solution?

We think the problem is Jeopardy as a format itself.

A Jeopardy challenge is scored absolutely; it’s either solved or it isn’t. And a solve is worth a fixed pile of points. Absolute scoring has a common ceiling; if AI is close to it, the relative measurement left is essentially a fluke. It could be that a team got lucky with the LLM solving it by doing the correct steps, or that they simply have more tokens.

Hence, the intuitive, commonly proposed solutions to this problem are AD and KOTH. We think these are a good step in the right direction.

For the uninformed:

  • In AD (Attack/Defense), each team runs a copy of the same vulnerable service on its own server. During the game, teams try to exploit those services on other teams’ servers to steal flags, while also fixing their own services so other teams cannot steal theirs. Scoring is split into ticks, with the score per tick determined by the number of flags stolen and the service’s liveness.
  • In KOTH (King of the Hill), teams compete on a challenge that is evaluated repeatedly during the game, rather than solved once for a static flag. Teams usually submit something like a bot, exploit, patch, configuration, or strategy, and the challenge infrastructure runs these submissions against each other or against a shared environment. Scoring is usually split into ticks or rounds, where each tick awards points based on the current ranking or performance of each team’s submission.

However, we want to be painfully precise and point out several mistakes that have made these formats completely unfun to play and, in some cases, punishing.

  • Cumulative scoring, commonly used in KOTH, heavily punishes players who are late to the party. Taking longer to come up with an optimal solution should not be punished by not spending time early on building a naive solution. Depending heavily on the challenge, this can be fixed by adding negative scoring, best-of-n-tick scoring, or increasing the score value towards the end of the curve.
  • In AD, you often need a minimum of a handful of people to be competitive, while also there are huge issues with metagaming and preparation, to the point where it often doesn’t matter much who finds exploits the best, or who writes the best patches. But rather, aspects like how much control does the defender have in the environment? (Leading to metagaming via Superman defenses5). How does the scoring work? Can it be abused? (No comeback potential) Who has the fanciest bin-to-bin obfuscation, or who can automatically replicate exploits, etc? Which can be accelerated even harder with AI now.
  • Unfortunately, golfing-style challenges are also kinda doomed… LLMs are perfectly adept at hillclimbing.67

There are some stopgap solutions to salvage Jeopardy. For example,

  1. Using a steeper scoring curve with a larger disparity between minimum and maximum score, as done in KalmarCTF and LakeCTF. The intent is to allow 1 human-solved challenge to win a CTF single-handedly if all the other challenges are simply one-shot. This is difficult to sustain long-term, though, as models continue to improve.
  2. Doing a no-AI LiveCTF.8 For example, participants can share their screen to solve challenges, and whoever completes the challenge fastest wins.
  3. More on-site CTFs. Hosting events on-site is the traditional solution in other competitive fields, where there’s significantly more freedom to enforce restrictions on anti-competitive tooling. For example, AI bans, escape rooms, hardware challenges, and so forth.
  4. Host challenges during the CTF that require a form of PvP interaction, or interesting scoring.

But none of these are complete, and the real solution for competitive measurement must involve more granular scoring. We acknowledge, however, that we are not presenting a solution to the fun the community attributes to Jeopardy; that is an open problem, and the reason we’re doing this fund.

An example challenge

To put the above into action, last week I authored and hosted minions-in-16k, a reverse engineering challenge with relative scoring.

Michael Debono Michael Debono @_mixy1 the most effort I've ever put into a CTF challenge: with a novel format that maximizes the human impact in scoring… 8:48 PM · Jun 23, 2026 · 6.1K Views 8 10 65 11

To elaborate a bit more, this was a first-person shooter where teams had to reverse engineer the client and networking protocol, then implement cheats and bots to win games against other players.

What was successful about this challenge:

  • The leaderboard measured each team’s effort well.
  • Each team took a different approach, which led to healthy discussions in the chat after the competition ended.
  • Many teams enjoyed the challenge, and it produced some pretty sick replays. I recommend watching them in first person, and an honorable shoutout goes to parkour, who realized a weakness in the infobahn bot and camped it from the top.

What was not successful:

  • It’s not clear how to bring this challenge style to pwn, web, and crypto.
  • It introduced a level of metagaming, which isn’t very desirable since CTFs have historically focused on the problem-solving aspect.

The overall design philosophy, however, is to move challenges away from relying on the discovery of a single vulnerability (or chain of vulnerabilities) and instead emphasize what players can do with those vulnerabilities to maximize their impact.

To be clear: people will use AI to augment their play, and that’s fine. The design goal is that the human decision still matters; that with enough variables in the challenge, the winning move is an edge that other players (and their LLMs!) simply don’t notice.

How to ask for a sponsorship

We also wanted to share some thoughts on what we, as sponsors, would like to see:

  1. Be concise. Most asks shouldn’t exceed a single page.
  2. Be clear. We want to know the basics.
  3. Make sure to include, at minimum, the following:
    • Name of the event
    • Details of the event
      • What’s the competition format?
        • How are you dealing with AI?
        • Any other details?
    • Timeline of the event
    • Why are you qualified to host this?
    • How much money are you budgeting?
    • How much money do you expect from each sponsor (tiers, etc.)
    • Do you already have any sponsors?

An example sponsorship request:

Example sponsorship request

Organizer: Hey, we’re hosting otterCTF, an open-to-all online CTF on February 31st 2026. Historically, we’ve had 500 teams compete, including top-10 CTFTime teams. There will be 10 different closed-source game servers ranging from first-person shooters, platform fighting games, card games, etc… where players are free to implement their own clients and cheats. The team that can win the most matches wins the CTF. The total budget is $5,000, $1,000 in infrastructure and $4,000 in prizes.

Sponsor: yes ofc, happy to sponsor!

Conclusion

We are hopeful that the community will figure out how to preserve what makes CTFs uniquely fun. We’re setting up this fund to allow people to experiment with ideas they otherwise might not think are financially viable.

As active organizers and participants, we’re also here to help more than just financially. Particularly, we’re currently interested in hosting an on-site CTF where teams can qualify by submitting their dynamically scored challenges for use in a potluck CTF. If you’re interested in collaborating with us or sharing ideas, please reach out to ctfs@osec.io.

Footnotes

  1. ctftime.org — CTFtime is a platform which keeps track of a scoreboard of the best CTF teams in the world and also a schedule of the CTFs being hosted by the CTF teams, where teams take turns in proposing and solving problems defined by each other. Important to note is that unlike other ecosystems such as Erdős problems, it is expected that the author knows the solution to their own problem.

  2. See wilgibbs.com/blog/defcon-finals-mcp, seeinglogic.com/posts/livectf-ai-debut.

  3. See blog.krauq.com/post/ctf-is-dying-because-of-ai, kabir.au/blog/the-ctf-scene-is-dead, k3ng.xyz/blog/ctf-is-dead.

  4. aisi.gov.uk/blog/our-evaluation-of-openais-gpt-5-5-cyber-capabilities

  5. A Brief History of CTF — Superman defenses

  6. Karpathy on hillclimbing

  7. ecdsa.fail

  8. LiveCTF on YouTube

Subscribe to the blog

New posts from the OtterSec team, straight to your inbox. One email per post, unsubscribe any time.