CTF Harness Engineering
Speed, domain routing, and benchmark-validated performance.
A CTF is not a smaller pentest. It optimizes for speed to flag, not coverage. The harness that takes 40 minutes on a challenge a human solves in 10 is not competitive.
A single undifferentiated harness fails across all six domains for three compounding reasons: context pollution, reasoning drift, and token waste. The cure is the meta-agent-plus-specialists pattern.
HITL removal is safe when target is owned, isolated, and worst-case-bounded. The credential-reuse gate stays even when every other gate is removed — it is the one unbounded-risk action in a CTF context.
Flag detection is middleware on every tool output, not a step the agent remembers to call. The verifier rejects decoys before submission; the CTFd client rate-limits itself.