LevelUp: Dhillon Andrew Kannabiran Unveils Self-Evolving CTF Platform to Revolutionize Cybersecurity Training with 300 Active Challenges
During the recent Lunar New Year holidays, Dhillon Andrew Kannabiran, founder of Hack In The Box and a prominent figure in the global security community, introduced an innovative project poised to transform the landscape of cybersecurity education. This initiative, named LevelUp, is a self-evolving Capture The Flag (CTF) platform that leverages agentic AI to enhance the way cybersecurity skills are taught and assessed.
A New Approach to Cybersecurity Challenges
LevelUp distinguishes itself by eliminating the reliance on human organizers for the design, validation, and periodic updates of challenge libraries. Instead, it employs a series of AI agents that manage the entire lifecycle of each challenge—from initial design through testing, deployment, calibration, scoring, and continuous refinement. At the time of Dhillon’s announcement, the platform featured nearly 300 active challenges spanning over 30 categories, including web security, cryptography, binary exploitation, smart contracts, reversing, forensics, OSINT, API security, and AI security. Each challenge operates within its own isolated Docker container, providing participants with a more authentic experience compared to traditional simulated exercises.
This realism is crucial. In both offensive and defensive security, the distinction between theoretical knowledge and practical competence often hinges on the authenticity of the training environment.
From Static Repositories to Adaptive Ecosystems
Historically, most CTF platforms have adhered to a conventional model where challenges are manually crafted by experts, validated by organizers, and released in cycles. Difficulty levels are determined through human judgment, and content libraries are updated only as quickly as authors can create new material. While this system has effectively nurtured problem-solving skills and technical depth within the cybersecurity community, it has also encountered limitations. The rapidly evolving threat landscape and increasing demand for skilled practitioners have made it challenging to maintain fresh, high-quality training environments at scale.
The adaptive nature of LevelUp redefines training as a responsive ecosystem rather than a static archive. Difficulty can adjust based on real-world solve times, challenge distribution can evolve according to user behavior, and environments can be continuously generated and tested rather than released in batches.
A notable feature of LevelUp is its category-specific ELO rating system, which tracks a player’s progress within individual domains instead of compressing all performance into a single global score. An in-browser terminal connects directly to containerized environments, facilitating hands-on interaction without the need to exit the platform. This design mirrors real-world security workflows, where specialists are evaluated based on their domain-specific capabilities.
Inside the Agentic Pipeline
The orchestration model of LevelUp sets it apart from traditional platforms. Multiple AI agents collaborate in a sequential manner. A designer agent creates the challenge and its supporting infrastructure. A validator agent constructs and tests the container environment. A calibrator agent assesses difficulty using a combination of rule-based reasoning and large language model analysis. A smoke-test agent ensures that the challenge compiles correctly and that the flag can be extracted. A quality-scoring agent evaluates the structural integrity of the challenge. Finally, an evolution agent reviews player-performance data nightly.
This data can prompt mutations, recalibrations, and adjustments in difficulty, allowing the challenge environment to evolve over time in response to actual user engagement. Theoretically, as more practitioners interact with the system, it becomes increasingly refined.
This development reflects a broader technological shift in which agentic AI is transitioning from assistive roles—such as drafting text and automating repetitive tasks—to orchestration, governing design, testing, analytics, and iteration across complex technical systems. This transition is already evident in software engineering, cloud operations, and cybersecurity automation, with training environments likely being the next frontier.
The Questions That Still Matter
Despite its potential, the LevelUp model raises significant questions. Cybersecurity education transcends the mere creation of solvable puzzles; it aims to cultivate structured thinking, investigative discipline, and decision-making under uncertainty. Whether AI-generated challenge systems can effectively incorporate these deeper pedagogical principles remains an open question.
Quality assurance is another critical concern. Autonomous systems require rigorous validation to prevent unintended shortcuts, avoid fragile or accidental artifacts, and ensure that vulnerabilities serve as deliberate teaching mechanisms rather than unintended consequences of automated generation. While a dynamic platform may offer powerful capabilities, it also risks drifting away from educational objectives in favor of technical novelty.
Nonetheless, the LevelUp initiative addresses a longstanding challenge: delivering scalable, high-quality, continuously updated practical training without overburdening human challenge authors. If developed responsibly, a self-evolving system could provide a viable solution.
Projects like LevelUp are garnering attention for their potential to redefine cybersecurity training environments. They suggest a future where such platforms are not merely built and deployed but are continuously observed and reshaped in real time.
For further inquiries regarding LevelUp or related training and security solutions, interested parties may connect with Algoritha Security at triveni@algoritha.in.
As reported by the420.in.
