🤖 AI-Enabled Software Breach Concerns

🛑 Problem

AI products from companies like OpenAI, Cursor, Claude, Google, Microsoft, and Meta are rapidly transforming how developers — both new and experienced — write software.

However, many of these AI-generated code snippets contain serious security vulnerabilities. The convenience and speed these tools provide often come at the expense of proper security practices, leading to a new wave of insecure applications being developed and deployed at scale.

🧠 Plan

Since 2019, we have been experimenting with ML and AI models. During that time, we've seen:

Countless open-source projects,
Blog posts on platforms like Medium,
Influencers promoting AI-generated code,
And public demonstrations that, unknowingly, spread vulnerable proofs of concept.

The resurgence of weak security controls in AI-created software has introduced vulnerabilities that we believe the community needs to be aware of and better prepared to address.

⚠️ Worst Case Scenario

Remember when students were taught insecure C code examples and reproduced them in real-world projects?

Now imagine that every bad coding practice publicly shared over the last 30 years was fed into a machine trained to prioritize speed over security. That machine now writes your infrastructure code, APIs, or authentication logic — and it's happening today.

This is not science fiction. It’s reality.

🎯 Our Goal

We aim to educate and raise awareness around AI-generated software that lacks secure design principles. This includes:

Identifying insecure AI-generated patterns,
Evaluating the risks of using AI in sensitive environments,
And equipping developers with the tools to build secure by design systems — even with AI in the loop.

Let’s stop the next wave of breaches before they begin.

Scenario:

The "Chief Product Officer" created a solid backend codebase to secure a fly-away kit from tampering.

"We developed an inexpensive way to ensure our kits are not tampered with, but then the CTO wanted a front-end. They gave it to a new development team that vibe codes without understanding what the code does."

Note: When assessing software code, experience and familiarity significantly reduce the risk of overlooking simple vulnerabilities.

During this CTF, the case is monitored in real-time. The flag is given to the individual who physically breaches the case. Participants can also request harder lock configurations to boost their final score.