STRIATUM-CTF: A Protocol-Driven Agentic Framework for General-Purpose CTF Solving

TL;DR

This paper introduces STRIATUM-CTF, a modular agentic framework utilizing a standardized protocol for real-time, multi-step cybersecurity problem solving, demonstrated by winning a Capture-the-Flag competition.

Contribution

The paper presents a novel, protocol-driven agentic framework that enhances LLM-based cybersecurity reasoning by standardizing tool interfaces and maintaining context across complex exploit trajectories.

Findings

Outperformed 21 human teams in a live CTF competition.

Reduced hallucination through MCP-based tool abstraction.

Demonstrated robustness in dynamic, real-world cybersecurity scenarios.

Abstract

Large Language Models (LLMs) have demonstrated potential in code generation, yet they struggle with the multi-step, stateful reasoning required for offensive cybersecurity operations. Existing research often relies on static benchmarks that fail to capture the dynamic nature of real-world vulnerabilities. In this work, we introduce STRIATUM-CTF (A Search-based Test-time Reasoning Inference Agent for Tactical Utility Maximization in Cybersecurity), a modular agentic framework built upon the Model Context Protocol (MCP). By standardizing tool interfaces for system introspection, decompilation, and runtime debugging, STRIATUM-CTF enables the agent to maintain a coherent context window across extended exploit trajectories. We validate this approach not merely on synthetic datasets, but in a live competitive environment. Our system participated in a university-hosted Capture-the-Flag (CTF) competition in late 2025, where it operated autonomously to identify and exploit vulnerabilities in real-time. STRIATUM-CTF secured First Place, outperforming 21 human teams and demonstrating strong adaptability in a dynamic problem-solving setting. We analyze the agent's decision-making logs to show how MCP-based tool abstraction significantly reduces hallucination compared to naive prompting strategies. These results suggest that standardized context protocols are a critical path toward robust autonomous cyber-reasoning systems.