RSS

We Had to Ban 65 CTF Teams to Get a Top 10 Leaderboard

joshmoody241 pts0 comments

We Had to Ban 65 Teams to Get a Top 10 Leaderboard — camel4.dev

official BYUCTF 2026 participation certificate (self-issued)

Every year we hand out the same participation cert. Made it in MS Paint in 2024. Just felt like a waste to not reuse it.

This year marks the third year I’ve been helping run BYUCTF and the BYU Cyberia CTF team. Over the last few years, I’ve built dozens of challenges, hosted 10+ CTFs, and competed in dozens more both alone and as part of BYU Cyberia. I’ve written most of the OSINT challenges for BYUCTF during that time, which means I get to enjoy watching people crash out over things I built. It’s great.

Unfortunately, hosting large international CTFs can occasionally come with issues. Sometimes your challenges suck, or your platform is buggy, but this year our main problem was with the people participating.

The CTF cheating epidemic

That title might be a little doomer and definitely clickbait, but I am nothing if not willing to exaggerate for dramatic effect.

In BYUCTF25, the number of teams we disqualified for cheating was very small. Maybe we just weren’t looking, who knows. In BYUCTF26, the number of teams we disqualified for cheating was enough that we had to delay releasing a scoreboard for days after the competition had ended.

Before the CTF started, I assumed we would ban maybe 5-7 teams from the top 25 for cheating. I secretly hoped we would get 10-15 of the top 25, as that would make for a way better blog post.

Unfortunately, we were not able to get a real top 25 at all. We stopped at the top 10, because we had to ban 65 teams for cheating before we had a top 10 leaderboard of clean teams. 65 teams. We banned the first 21 teams for cheating, then another 7 after that before we had made it to two good teams.

A short disclaimer before we get into it

All of the organizers of BYUCTF collectively decided not to publicize the list of teams we banned. While there were definitely teams that were just straight up cheating, the vast majority of teams we banned were banned for the actions of a single member. In most cases, the rest of the team was competing honorably, so we didn’t feel it was fair to publicly shame the entire team for that.

That being said, if you are an organizer for a large, public CTF, you are welcome to reach out to me by email and get some more information about some of the teams we banned for actual cheating (flag sharing, multiple accounts, etc.) You can reach me at

The problem with AI in the world of CTFs

Over the course of the last year, many popular AI companies have made aggressive pushes into the CTF space. At first, I think many of us assumed that there would be nothing of substance, and it would die out. Unfortunately, I was wrong. AI has gotten very good at solving a lot of CTF challenges.

Now, you might think this is because AI is just smarter than everyone, and that’s that, but I actually believe that it is because the vast majority of CTF challenges involve looking at code. AI is great at looking at a lot of code very quickly. A website that might take a human 20 minutes to parse through can be done in seconds by a sufficiently powerful AI agent. A binary that might take a human hours to decompile, learn, discover the vulnerability, and trial-and-error their way to a payload can be done by an AI agent in just a few minutes. In my opinion, it has nothing to do with the intelligence of the AI itself, but rather than CTF challenges have largely been written the same way for basically forever.

Web challenges are still just a website or web system. Reverse Engineering challenges are still just parsing through code (either statically or dynamically). Binary Exploitation challenges are still just rev challenges but you have to be single.

Even less popular topics like Cryptography or Digital Forensics are able to be solved in minutes by a good AI agent. Popular “find the paper” type challenges are rendered completely useless against AI agents, as they can just find the right paper immediately.

There is one (kinda) exception to this trend (kinda), and that is OSINT (kinda).

Now, I’m not gonna spend a lot of time talking about the teams we banned for using AI. We at BYUCTF decided long ago that we wanted to host a 100% AI-free CTF. No AI usage to solve challenge. If you pointed any kind of agent at the platform, gave a challenge file to ChatGPT, or anything that solved a challenge for you, that was not allowed. In many cases, it was pretty hard to prove AI usage. That was generally left to smarter people than me who knew their challenges and what was or wasn’t possible.

What I will spend time talking about are the teams that were banned for non-AI related reasons. By far the most common form of cheating we detected was using a second team on our CTFd platform to get around submission limits in OSINT challenges.

A quick side note

Because of the nature of OSINT challenges,...

teams challenges rsquo cheating banned byuctf

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.