You may not use Generative Artificial Inteligence (GenAI) or Large Language Model (LLM) technology of any form. This means no agentic workflows, no ChatGPT browser window, no Copilot autocomplete [1].
Essentially, LLMs are too good at solving CTF challenges. Currently the most competitive strategy to play a CTF is not to learn and grind a category, but rather to optimize your agentic workflow. This is insane.
There is an inherent beauty in the simple rules of CTFs. We empathize with the "get the flag with every tool disposable to you" mindset, but unfortunately it is not sustainable. Beginners are not motivated to learn when their peers are using ChatGPT to oneshot the challenge. Challenge authors are not motivated to make challenges in fear that they will be sloppable and that all their effort will go to waste.
When we make challenges, we make them for humans. The little sparks of flavour, the subtle hints, the cute flag message - today, they all get absorbed by the unfeeling machine.
Many teams have realized this, and started actively pulling back on their LLM usage in order to make playing fun again. Every LakeCTF finalist team has expressed that they wish something to be done. Nigh everyone agrees there is a problem, but noone really knows how to solve it.
This is our attempt at a solution.
Many solutions have been proposed to mitigate this issue, here are our comments on them, in order to hopefully motivate why we decided to go the direction we did:
Solutions such as Allow only free models and Allow AI but not agentic have been proposed. We think these are sensible suggestions, but we have two main issues with them.
Firstly, we it is important to settle on a clear-cut rule. No LLMs. Done. Everyone understands what the rule is and why it's there. This allows the CTF to be competitive and prevents any bad feelings about who used what in which capacity.
Secondly, we don't know if these solutions are sustainable. Free models might simply get better. Deepseek in the browser might be able to oneshot your rev challenge just from the exported decompilation. Crypto handouts are especially simple to drop into a chat window.
We won't.
Multiple teams have raised concerns over the issue of
Regarding the second point: We fully agree that a big draw to CTFs is the competitive aspect of them. This is why we believe we cannot indefinitely rely on teams imposing vague self-restrictions.
Let us agree on a set of rules, as a community, and let us play by them. There may be teams who do not see the value in such rules - that is fine - they can play and organize CTFs which do not impose them. If a bifurcation in the community happens, then so be it.
Regarding the first point: There is no way to enforce this absolutely. If players are allowed to play on their machines - which we think is immensly valuable - in the worst case, they may run a local model.
But the situation is not so grim. The same is true for the other CTF rules - no flag sharing, no outside help. If a player or a team is determined, they can find a way to cheat. This has always been the case.
Our community has always been built on trust. So we will trust you. We will trust that you won't cheat. Trust that you are here to have fun. Trust that you believe in the future of CTFs. And trust that you love the CTF community.
We understand that some teams will be surprised by the harshness of this ruling. Nevertheless, we think it's necessary. The issue will not solve itself no matter how much we wish it did, we need to work towards a concrete solution rather than vague ideas.
Let us work together to build a future for CTFs <3
[1]: Machine translation software, such as Google Translate, Translate Web Pages, etc. is allowed.