Designing artificial intelligence security Capture the Flag challenges is harder than it looks. When the ACDC competition launched in Korea in 2025, organizers quickly discovered that rapidly evolving AI models were solving intended challenges in unintended ways, rendering hours of difficulty turning meaningless within weeks of model releases. From prompt injection and binary analysis to attack-and-defense formats, every category surfaced unexpected design problems.

This session, led by SoYeon Kim, Hea-Eun Moon and Sang-tae Woo of NSHC, will cover:

• How ACDC structured its three challenge categories - Security for AI, AI for Security and AI Platform - and the key design decisions that shaped the qualifier and finals formats;
• Why AI-powered solvers bypassed intended difficulty in ways traditional CTF tools never could, and how non-deterministic model behavior complicates scoring fairness;
• Practical lessons for building robust AI CTF challenges, including token budget controls, model pinning, prompt isolation, and attack-and-defense format design.