Accurately assessing the offensive capability ceiling and task performance limits of AI systems in cybersecurity remains challenging due to the lack of realistic, large-scale, human-grounded evaluation frameworks. Method: We pioneer a paradigm shift in AI capability elicitation—from closed internal testing to open crowdsourcing—by integrating an AI-vs-human adversarial track into large-scale Capture-the-Flag (CTF) competitions, introducing an “elicitation bounty” mechanism and concurrently establishing a large-scale human-AI performance benchmark. Our methodology combines CTF-based operational realism, METR-style human baseline assessment, open-source AI agent deployment, and real-time task evaluation. Contribution/Results: Across two consecutive CTF events, AI teams ranked within the top 5% and top 10%, respectively, earning $7,500 in bounties. Critically, they consistently solved network security challenges solvable by median human participants within ≤1 hour—providing, for the first time, a systematic, empirically grounded characterization of current AI offensive and defensive capabilities in authentic red-teaming/blue-teaming environments.

As AI systems become increasingly capable, understanding their offensive cyber potential is critical for informed governance and responsible deployment. However, it's hard to accurately bound their capabilities, and some prior evaluations dramatically underestimated them. The art of extracting maximum task-specific performance from AIs is called"AI elicitation", and today's safety organizations typically conduct it in-house. In this paper, we explore crowdsourcing elicitation efforts as an alternative to in-house elicitation work. We host open-access AI tracks at two Capture The Flag (CTF) competitions: AI vs. Humans (400 teams) and Cyber Apocalypse (8000 teams). The AI teams achieve outstanding performance at both events, ranking top-5% and top-10% respectively for a total of $7500 in bounties. This impressive performance suggests that open-market elicitation may offer an effective complement to in-house elicitation. We propose elicitation bounties as a practical mechanism for maintaining timely, cost-effective situational awareness of emerging AI capabilities. Another advantage of open elicitations is the option to collect human performance data at scale. Applying METR's methodology, we found that AI agents can reliably solve cyber challenges requiring one hour or less of effort from a median human CTF participant.