Overview

Our team won the general category at the Ministry of Defense Cyber Contest 2026.

Scoreboard up to solving all challenges
Scoreboard up to solving all challenges

This contest is an online CTF (Capture The Flag) cybersecurity competition hosted by the Japanese Ministry of Defense, featuring both individual and team (2-3 members) categories. Our team adopted a strategy of deploying a custom-built AI agent system as a core capability during the competition.

AI Agent Design and Operation

The system our team built fully automates the entire process from problem retrieval to analysis and flag submission. The only human inputs were login credentials and the parallelization count; every subsequent step was executed entirely by AI.

Specifically, multiple LLMs were assigned roles such as speed-focused, accuracy-focused, and verification, running 120 instances in parallel (30 instances x 4 models) to simultaneously approach challenges. The design absorbs the probabilistic variance of LLM outputs through parallelism.

As a result, all challenges were solved within one hour of the start.

Operational Challenges and Solutions

Stable AI operation in a live competition environment requires more than simply running LLMs. The system addressed the following operational challenges:

These represent design decisions in the "safely operating AI" phase rather than the "having AI solve challenges" phase, reflecting operational expertise cultivated through security practice.

AI x Security: The Current Landscape

These results demonstrate that AI can breach security challenges at speeds equal to or exceeding humans. Conversely, this means that attackers leveraging AI could explore vulnerabilities and execute attacks at comparable speeds.

We apply this AI expertise to security assessments and consulting from an attacker's perspective. If you are interested in security measures for the AI era, please feel free to contact us.