English

Hacking CTFs with Plain Agents

Cryptography and Security 2024-12-05 v1 Artificial Intelligence

Abstract

We saturate a high-school-level hacking benchmark with plain LLM agent design. Concretely, we obtain 95% performance on InterCode-CTF, a popular offensive security benchmark, using prompting, tool use, and multiple attempts. This beats prior work by Phuong et al. 2024 (29%) and Abramovich et al. 2024 (72%). Our results suggest that current LLMs have surpassed the high school level in offensive cybersecurity. Their hacking capabilities remain underelicited: our ReAct&Plan prompting strategy solves many challenges in 1-2 turns without complex engineering or advanced harnessing.

Cite

@article{arxiv.2412.02776,
  title  = {Hacking CTFs with Plain Agents},
  author = {Rustem Turtayev and Artem Petrov and Dmitrii Volkov and Denis Volk},
  journal= {arXiv preprint arXiv:2412.02776},
  year   = {2024}
}
R2 v1 2026-06-28T20:21:59.769Z