Summary

This project delivers an autonomous CTF solver that enhances performance by racing multiple AI models in parallel against challenges. It targets CTF players and security researchers seeking automated solutions, offering a significant competitive advantage, as evidenced by its 1st place finish at BSidesSF 2026 where it solved all 52 challenges.

How It Works

A central coordinator LLM manages swarms of AI solvers, each dedicated to specific CTF challenges. These solvers operate within isolated Docker containers, pre-equipped with a comprehensive suite of CTF tools. The system concurrently deploys various AI models (e.g., Claude Opus, GPT-5.4 variants) for each challenge, enabling rapid iteration and parallel exploration of different solution paths. The first model to successfully extract the flag wins, optimizing for speed and success rate.

Quick Start & Requirements

• Install/Run: Clone the repository, build the sandbox Docker image (docker build -f sandbox/Dockerfile.sandbox -t ctf-sandbox .), configure API credentials by copying .env.example to .env and editing it, then execute the solver using uv run ctf-solve.
• Prerequisites: Python 3.14+, Docker, API keys for at least one provider (Anthropic, OpenAI, Google), codex CLI, and claude-agent-sdk (which includes the claude CLI).
• Links: No direct documentation or demo links are provided in the README excerpt.

Highlighted Details

• Achieved 1st place at BSidesSF 2026, solving 100% (52/52) of challenges across pwn, rev, crypto, forensics, web, and misc categories.
• Features highly specialized Docker sandboxes pre-loaded with extensive tools for each category (e.g., radare2, GDB, pwntools, SageMath, volatility3, curl, ffmpeg).
• Includes advanced capabilities such as multi-model racing, automatic challenge detection and spawning, and coordinator LLM-driven guidance.

Maintenance & Community

The project is developed by Veria Labs, founded by members of highly-ranked CTF teams. The provided text does not mention specific community channels (like Discord or Slack), roadmaps, or notable sponsorships.

Licensing & Compatibility

The license under which this project is distributed is not specified in the provided README excerpt, posing a significant unknown for potential adopters regarding usage rights and compatibility.

Limitations & Caveats

Developed rapidly ("built in a weekend"), the agent may represent an early-stage project with potential for instability or missing features. The operational cost associated with running multiple advanced AI models concurrently could be substantial. The absence of explicit licensing information is a critical barrier to adoption and commercial use.