An AI pipeline that designs challenges, hacks them, calibrates their difficulty, and evolves them overnight. A training ground that gets smarter every time someone plays.
Not hand-crafted. Not static. Not the same for everyone.
This isn't a linear process. It's a continuous cycle where every player interaction feeds back into the system. The more people play, the better the platform becomes. Every solve, every hint, every failure is signal.
AI designs the challenge
LLM agents craft a realistic scenario — vulnerable web app, flawed smart contract, exploitable binary — complete with narrative, Docker sandbox, and working exploit. Every challenge passes an 8-stage pipeline: design, static analysis, automated validation, exploit verification, difficulty calibration, quality scoring, hardening, and deployment. Nothing reaches you that the AI hasn't already hacked itself.
You attack a live sandbox
No multiple choice. No simulated terminals. You get a real Docker container running a real vulnerable application — plus a fully loaded attackbox with nmap, sqlmap, Burp-style tools, pwntools, gdb, and more. Find the vulnerability, craft your exploit, capture the flag. Exactly like a real engagement.
AI measures your performance
Your solve time is benchmarked against the AI's own par time — like golf. Performance feeds into your multi-axis skill vector across 11 challenge types. Difficulty is recalibrated using community solve data, hint usage, attempt variance, and time distributions. The platform knows exactly where you stand.
The platform rewrites itself
Every night, four autonomous loops run: challenges with extreme solve rates mutate into harder or easier variants. Difficulty ratings recalibrate from real data. Underperforming LLM prompt templates get rewritten by AI. Gaps in the difficulty curve are filled with new auto-generated challenges. You wake up to a smarter platform.
Traditional CTF platforms are built by humans, for humans, and they stay exactly the same until a human changes them. We built something fundamentally different.
Every challenge has a par time — the time it took our AI exploit agent to solve it blind, with no prior knowledge. Your performance is benchmarked against the machine. Like golf, lower is better.
Eagles are rare. The AI is fast, methodical, and doesn't get distracted. Beating it means you saw something the machine missed, or you just know the technique that well. Eagle solves earn 2x coins and bonus XP.
Not a single ELO number. A multi-dimensional skill profile that knows exactly where you're strong, where you're weak, and what to throw at you next.
Your abilities are tracked independently across all 11 challenge types. Great at web exploitation but weak on crypto? The AI knows and targets those gaps. Strong categories get stretched with harder challenges. Weak categories get reinforced.
Start at 1000 ELO. K-factor 32 means your rating converges fast. Fast solves earn time bonuses. The system tracks your last 5 attempts per category — 80%+ success rate means you get stretched harder. Below 20% and the AI eases up. No plateaus.
Three progressive hint levels, each generated by AI with your specific skill profile in mind. A beginner gets different guidance than an expert stuck on the same challenge. Hints cost ELO (5%/15%/30%) — use them wisely, or challenge yourself to go hint-free.
When you ask for the next challenge, the AI computes a target difficulty using your per-category skill vector, recent performance trends, and stretch factors. It selects the challenge closest to that target. Never too easy. Never impossible. Always in the growth zone.
This is not a wrapper around ChatGPT. It's a purpose-built AI pipeline with specialized agents, Docker orchestration, and self-improving feedback loops.
Design, Static Analysis, Validation, Calibration, Exploit Verification, Quality Scoring, Hardening, Deploy
Isolated dual-container architecture: vulnerable target + fully loaded attackbox per session
Anthropic Claude, Google Gemini, OpenAI GPT — hot-swappable via config
Challenge mutation, difficulty recalibration, prompt evolution, adaptive gap-filling
Every challenge is attacked by AI before you see it — 4 strategies, 5-attempt iterative refinement
Weighted multi-factor formula: code quality, exploit reliability, narrative coherence, difficulty accuracy
From classic web exploitation to cutting-edge AI/LLM security. Every category runs in its own specialized sandbox with the right tools, frameworks, and runtime.
SQLi, XSS, SSRF, Path Traversal, Auth Bypass, Command Injection
RSA, AES, Hash Attacks
Buffer Overflow, Format String, Heap
Reentrancy, Overflow, Access Control
Static Analysis, Dynamic Analysis, Obfuscation
Memory Forensics, Disk Forensics, Network Forensics
Social Media, Geolocation, Data Mining
Prompt Injection, Jailbreak, RAG Poisoning
Broken Auth, Injection, Rate Limiting
Static, Dynamic, Network
Steganography, Encoding, Logic Puzzles
Web: Flask/Python · Crypto: PyCryptodome · Pwn: C/socat/Ubuntu · Smart Contracts: Solidity/Hardhat · AI: Mock LLM chatbots · And more
Skill development requires consistency. Every system here is designed to keep you training, not just playing.
Recruit to Mythic. XP scales with difficulty and par performance. Each rank unlocks at a defined threshold.
5 rarity tiers from Common to Legendary. First Blood, Speed Demon, No Hints, category mastery, and more.
Solve daily for XP multipliers. Purchase streak freezes with coins when life gets in the way. Comeback bonuses up to 5x.
Every solve earns coins (10 to 100 by difficulty). Eagle bonus doubles it. Spend on streak freezes, hint tokens, and more.
Targeted challenges that adapt to your weak areas. Complete them for coin and XP rewards. Missions refresh regularly to keep training diverse.
Streak risks, rank changes, mission deadlines, badge unlocks — all pushed to your notification bell so you never miss a milestone.
The platform is live. The AI is running. New challenges are being generated, calibrated, and evolved right now. The only question is whether you're training on a static platform — or one that grows with you.
Free to play. No credit card. Start hacking in 60 seconds.