What a day! Last week, on May 4th, over 1,300 cybersecurity enthusiasts joined us in celebrating our 4th year of business by participating in the third annual Punk Security CTF. As with last year, we developed a collection of challenges ranging from easy to obscure. We try to design our challenges around realistic scenarios to highlight how seemingly small misconfigurations or oversights can have catastrophic consequences.

This year we saw more than 2,500 challenge solutions submitted and a massive jump in both participation and performance compared to last year. Our annual CTF brings together a growing global community of ethical hackers, engineers, students, and professionals, all competing to solve a host of DevSecOps themed challenges from privilege escalation to pipeline exploits. This year however, there was a twist – AI…

The Challenges of AI

AI is finding its way into everything, often with very little consideration or understanding of the risks and vulnerabilities doing so introduces. That’s why our team introduced a new category of CTF challenge this year, designed to get players thinking about security surrounding AI. Challenges included AI prompt injection to bypassing security guardrails and the solutions we saw submitted by teams were brilliantly creative, like this one for example! -

This year, the AI challenges proved some of the hardest to solve, with only one team successfully completing every single one of the 29 challenges in the CTF during the 12 hours.

Scores on The Door

So, here’s what stood out from 2025’s CTF: • Over 800 more players joined this year than last year • Only one team managed to solve every single challenge - an incredible achievement • 5,500+ challenge solutions submitted during the 12 hours • Just over 2,500 of those were correct solutions

This kind of engagement is exactly why we run the CTF (that, and it’s about the geekiest way we could think of celebrating our birthday) – getting people thinking about real-world security challenges in software development and CI/CD pipelines, breaking things safely, and working together to build more securely.

A huge thank-you to everyone who took part, gave feedback, and gave it their best shot. Whether you were a first-timer or a seasoned player returning for more, you made this year the best yet. A huge congratulations go to this year’s winners!

We’re already planning what comes next, so save the date. On the 4th May 2026, we will be back for our 5th birthday with new challenges for you to try your hand at – bring your friends!

Immersive training

Our CTF is developed each year to celebrate our birthday. The challenges are unique and cover a range of different technologies and vulnerabilities.

For just 12 hours a year our platform is made available, for free, for players to take on these birthday challenges. For the rest of the year, we combine the expertise of our consultants with specific challenges built to focus on various real-world scenarios to deliver immersive and engaging security awareness training for development teams.

For more information, email us at [email protected] or call us on 01609 635 932