m0z

@rez0__ @thedawgyg @PortSwigger Have they added running requests in parallel yet?

@thedawgyg @PortSwigger Duuuuude. Just use caido

@PortSwigger is dead wrong for this one. Making a claim that allowing people to BYOK for AI does not do shit for your own AI policies, if anything it would make it easier for you to abide by them since you offload the responsibility to the user and not yourself. It may be time to start thinking of using something other than Burp if they are going to force you to use their shitty AI instead of something that works well.

@ClovisMint I am going to put some disclaimers re malicious prompting. I won't intentionally brick things but even without prompt injection, if someone runs their tooling in unsafe mode across my challenge, there's every likelihood it installs a malicious pip module or something. 🤷‍♂️

@LooseSecurity Make sure it doesn't do anything actually fully malicious (i.e. damage computer) since it probably becomes some legal gray area, no different than putting actual malware. But doing things like getting an AI agent to patch the challenge and delete injection, that's fun shit

Writing challenges to prompt inject AI users is actually some of the most fun I've had writing CTF challenges in a long time.

@davi1337_ Yea but without similar strings for other models it can be harmful. It makes the other models aware that you're trying to prompt inject and they become less susceptible to other techniques.

@LooseSecurity Are you using Anthropic’s magic string?

XSS on an out of scope subdomain which leads to full ATO on in-scope core domain. WDYT, would this be valid?

Just thinking about this more. We really should do this. If every CTF on CTFTime for the next year resulted in ~10 joke writeups it'd destroy AI for ctf. 😂

@terjanq @arturjanc Yep let's begin to reward the greatest anti-AI writeup. Whoever can make the funniest incorrect writeup for a challenge gets a prize.

@arturjanc I guess the way to stop the AI from solving all CTF challenges is to stop publishing th writeups 🤔

If you're wondering, why models got quite decent at niche web security bugs recently. Apparently, the AI knows quite a bit about my writeups, while mixing up a bit of my research with other researchers work. If you think about it, it's like living inside the AI brain a little.

@shhnjk This is so good! Please make more posts like this, it's really interesting to read from your perspective and understand how these mitigations are being built.

Finally wrote a post about how we mitigate URL-based exfiltration in Gemini (which has been in Gemini since 2024). These deterministic mitigations are more difficult and interesting to bypass than classifiers 😊 Looking forward to vuln reports!

If the program is happy with that then fine, it just puts researchers in a very weird situation when a H1 triager is telling me to record a video DoSing the target application when I'm not sure if the program actually consents.

hi @Hacker0x01 one of your triagers is asking me to actually DoS the target website to prove the cache poisoning vulnerability is valid. It might be worth adding to your training that this is totally inappropriate. I have already shown it's possible using an obscure cache key...

@dreyand_ Yeah I was thinking more 1v1 live events. Sure, you can use AI but then you'll just be embarrassing yourself 😂

@LooseSecurity the main issue is that competition does not promote growth / learning anymore. My proposal is we should all go back to flashcarding com days and bullying people that do not understand what their LLM solution does 😂

the competition isn't dead, there will always be a winner and a loser. the question is whether it will still be fun to play in its current format.

@syskage @sifu0nulls @HackingLZ Chess is completely different. If you turn up to a chess game with notes/a book about opening moves that is also against the rules (not just AI)

@LooseSecurity @sifu0nulls @HackingLZ What are you talking about? Chess translates to real world too. It's just not hands on keyboard stuff.

Infosec is about to start arguing that watching Jeopardy played by LLMs would be fun. It’s great LLMs can do CTFs and all, there is still a place for human only ones as well as LLM only ones.

@sifu0nulls @HackingLZ CTF shouldn't be compared to chess or cs:go. What I love about CTF is that the skills you learn translate into the real world. If AI is the end of CTF then ok. I wouldn't have fun if the competition became as unproductive as chess or video games.

@HackingLZ Bots could outperform any cs:go player, yet I don't see the point of playing against one...

@S1r1u5_ On the other side CTF has always been real world, and banning their use changes that

NOO! pro CTFers don't play for economic incentives, they want to top the leaderboard at any cost, but through skill learned hard way, the point is always been the competitive demonstration of human skill, individually and collectively as a team. to be clear, just because a chess engine give you the solution doesn't mean you use it in competiton. players use chess engine to plan their game, but they don't bring them to the tournament. if chess touranments allow chess engine, whats the whole point of competition? is the player even know shit about chess? the mistaken assumption is comparing LLMs to tools like google or ghidra. tools help with part of the solution, you still need to understand the problem to connect everything. LLMs are not like that. they can one-shot entire challenges. they're not tools, they're chess engines but applies to most cs. just ban llms in competitions and host in offsites

@xdeludnard @ippsec @LiveOverflow Mostly on the easier end. It's not solving insane web the same way it's solving insane rev/crypto.

@LooseSecurity @ippsec @LiveOverflow solve counts for web challs in recent CTFs draws another picture :shrug:

What I’ve always found amazing about CTFs is that "flag is flag". Whether you found an unintentional solve or pwned the browser with n-day for a XSS challenge, it didn't matter. I totally get the frustration of AI, but there is no solution other than accepting the change.

@xdeludnard @ippsec @LiveOverflow I don't agree. In CTFs web seems less affected than the likes of Crypto/Reversing. At least as far as oneshotting goes, it needs more direction in my experience.

@ippsec @LiveOverflow from late 2025 with claude opus and chatgpt 5.3 + coding agents (default claude code/codex) most CTF web challs (especially server-side) really could be one-shotted. It's very close to "magically does everything" in my opinion. So this hate has a point.

@SuperFashi1 @siunam321 Yeah I agree but finding that balance is very hard. In the months while you prepare for a CTF new models will be released that can make that challenge solvable fully by AI. I recall testing chalks for our ECSC quals to ensure AI couldn't solve, then GPT-5 was released day before

@siunam321 I believe in making challenges that are hard (but not tedious or humongous so it exhaust context, or any other anti-AI measures), where you need to "collaborate" with AI to solve the challenges, instead of just hand it over. would use my "GMOPass" chall as an example of that.

I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing 🥲

@suslu7616 you just guessed the email endpoint

@LooseSecurity So what is this?

I captured this request with Burp, replaced the password with email, added an email address to the password data field, and sent it successfully. Does this pose a security risk? example; PATCH /api/auth/v1/user-info/user_id/password HTTP/2 Host: target-site.com Content-Type: application/json { "oldPassword": "oldpassword", "newPassword": "newpassword", "confirmPassword": "newpassword" } PATCH /api/auth/v1/user-info/user_id/email HTTP/2 Host: target-site.com Content-Type: application/json { "email": "attacker@controlled.com" } #bugbounty #xss #cybersecurity #websecurity #infosec #redteam #AppSec #hacking #cybersecuritytips #bugbountytips