CTFusion: A CTF-based Benchmark for LLM Agent Evaluation

TL;DR

CTFusion introduces a streaming, independent evaluation framework for LLM agents in cybersecurity, addressing data contamination issues in existing CTF benchmarks by leveraging live challenges and a Model Context Protocol server.

Contribution

It presents CTFusion, a novel, open-source streaming evaluation system built on Live CTFs that improves robustness and fairness in assessing LLM-based cybersecurity agents.

Findings

Existing CTF benchmarks are unreliable for LLM evaluation.

CTFusion effectively preserves agent independence and reduces competition bias.

Experiments show CTFusion provides more reliable assessments than traditional benchmarks.

Abstract

Recent advances in Large Language Models (LLMs) have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag (CTF) benchmarks. However, current CTF benchmarks reuse existing challenges, which exposes them to data contamination and potential cheating. Notably, we confirmed these issues in practice by integrating web search tools into an existing agent. To address these limitations, we present CTFusion, a streaming evaluation framework built on Live CTFs. To achieve this, CTFusion preserves per-agent independence under a single team account and reduces competition impact by forwarding only the first correct flag per challenge. Moreover, we implement CTFusion as a Model Context Protocol (MCP) server on the widely used CTFd platform, which offers broad applicability to diverse CTF events and agent types. Through experiments with three LLMs, two agents, and five Live CTFs, we demonstrate that existing CTF benchmarks can be unreliable in assessing LLM-based agents, while CTFusion can serve as a robust solution for evaluating cybersecurity agents. We release CTFusion as open source to foster future research in this area.