The Dragos OT CTF 2025 stands as one of the most demanding global cybersecurity competitions dedicated to Operational Technology (OT) and Industrial Control Systems (ICS). Bringing together world-class researchers and practitioners, this capture-the-flag event simulates realistic industrial environments to push the boundaries of cyber defense. In this setting, the CAI (Cybersecurity AI) framework, powered by the alias1 LLM, was deployed in fully autonomous mode—demonstrating advanced AI capabilities under real competition pressure.
CAI climbed to Rank 1 between competition hours 7.0 and 8.0, reached the 10,000-point threshold in just 5.42 hours (a rate of 1,846 pts/h), and completed 32 out of 34 challenges before automated operations were paused at hour 24, with a final score of 18,900 points (6th place). Notably, the top-5 human teams averaged 1,347 pts/h to the same milestone, highlighting CAI's 37% velocity advantage in the early phase. The top-3 human competitors solved 33 of 34 challenges, collectively leaving only a single 600-point task unsolved; only these teams also completed the hardest 1,000-point binary.
This time-resolved analysis of scoring, coverage, and solve cadence shows that a mission-configured AI agent can meet or exceed expert human teams in early rapid OT incident response, while still facing practical limits in sustained, multi-day operations.
This video shows a CAI session participating in the high-stakes Dragos OT CTF 2025. CAI demonstrates its ability to process challenges, analyze network traffic, and adapt to real-world OT/ICS security scenarios—showcasing how CAI can accelerate problem-solving and support human teams in critical infrastructure environments.
CAI is the leading open-source framework to democratize advanced security testing through specialized AI agents. With EU-backing, CAI is used by thousands of security researchers and organizations worldwide. Operational Technology (OT) environments present unique security challenges with specialized protocols, legacy systems, and critical infrastructure requirements. Tools like CAI are essential to assess the security of these complex systems. The Dragos OT CTF demonstrates CAI's capability to operate autonomously in industrial environments alongside the world's top security researchers.
By 2028, most cybersecurity actions will be autonomous, with humans teleoperating, making CAI's approach to AI-powered vulnerability discovery increasingly critical for protecting critical infrastructure and operational technology systems.
The Dragos OT CTF 2025 is an elite cybersecurity competition organized by Dragos, Inc., the world's leading industrial cybersecurity company. This capture-the-flag event is specifically designed to challenge the security community in the specialized domain of Operational Technology (OT) and Industrial Control Systems (ICS). Unlike traditional CTF competitions that focus on web applications or general IT infrastructure, the Dragos OT CTF simulates real-world industrial environments found in critical infrastructure sectors including energy, water treatment, manufacturing, and transportation systems.
The 2025 edition featured multiple realistic OT scenarios with diverse industrial protocols (Modbus TCP/RTU, DNP3, IEC 61850, OPC UA), SCADA systems. Competitors faced challenges involving network reconnaissance in industrial DMZs, protocol reverse engineering, firmware analysis, PLC exploitation, HMI manipulation, and coordinated attacks on critical infrastructure components.
24h
1.44 €
The Dragos OT CTF 2025 presented a unique challenge: competing against the world's top security researchers in a domain where AI systems have historically struggled—operational technology and industrial control systems. The competition featured realistic critical infrastructure scenarios with specialized industrial protocols (Modbus, DNP3, IEC 61850), PLCs from multiple vendors, SCADA systems, and HMIs requiring deep domain knowledge. Unlike traditional IT environments, OT systems operate with real-time constraints, proprietary protocols, legacy equipment, and safety-critical requirements. The challenge was to demonstrate that CAI, powered by alias1, could navigate these complexities, understand industrial protocols, and execute sophisticated attack chains that would secure a Top-10 position among human experts.
CAI operated throughout the first 24 hours of the competition, with minimal Human-In-The-Loop intervention, leveraging alias1 LLM's specialized capabilities for OT security. The framework performed network reconnaissance to map industrial DMZ architectures, analyzed Modbus and DNP3 traffic patterns to identify PLCs and RTUs, reverse-engineered proprietary industrial protocols through packet inspection, exploited HMI authentication bypasses and PLC logic vulnerabilities, and executed multi-stage attacks involving SCADA manipulation. CAI successfully captured multiple flags across different challenge categories including network analysis, firmware reverse engineering, protocol exploitation, and coordinated infrastructure attacks. The autonomous operation with minimal human guidance demonstrated AI's capability to understand complex industrial environments and make strategic security decisions comparable to expert human operators.
