Get Ready to Get MCPwned — Cymulate’s Elite CTF on Securing the Model Context Protocol

When AI agents meet the real world, every protocol becomes a potential attack vector.

That’s the big idea behind MCPwned, the brand new multi-stage Capture the Flag competition launching this summer from Cymulate. As artificial intelligence rapidly gains real-world privileges — reading files, querying databases, chaining external tools — a new frontier of security risks is emerging. The Model Context Protocol (MCP) is at the heart of this shift, enabling AI systems to seamlessly interact with external resources.

But what happens when that power is abused?

Introducing MCPwned: The Model Context Protocol Security Challenge

MCPwned is more than your standard CTF. It’s a hands-on opportunity to explore, exploit and secure the next big attack surface: the Model Context Protocol. Participants will tackle real-world vulnerabilities discovered by security researchers, dive into advanced exploitation techniques and learn firsthand how AI-driven systems can dramatically reshape threat landscapes.

We’ve designed MCPwned to challenge both offensive security pros and defenders. Think like a malicious actor. Think like a researcher. Either way, you’ll deepen your understanding of what happens when the AI you trust gets connected to the systems you protect.

And yes — winners take home $600 each in cash and serious bragging rights.

How the Competition Works

Stages 1-4

Opens July 9, 2025

Winner Criteria:

• Fastest Overall Time
• Best Technical Write-Up

Stage 5

Opens August 3, 2025, at Black Hat USA

Winner Criteria

• Fastest Overall Time for only Stage 5
• Participants must come to the Cymulate at Black Hat #1640 and have their conference badge scanned to be eligible to win.

The Cash Prizes

$400 for the fastest competitor across the first four online stages.

$1,000 for the best technical write-up published on your personal blog or LinkedIn detailing your approach to the challenges.

• Judging will be performed by the Cymulate security research team, at its sole discretion, based on clarity, creativity, depth of analysis and educational value. All judging decisions are final and not subject to appeal or dispute.

$600 for the fastest competitor to complete Stage 5 live at Black Hat.

• Winners will be announced the week after Black Hat USA, no later than August 15, 2025.
• MCPwned is open to individual participants worldwide, except where prohibited by local laws or regulations.  It is the sole responsibility of each participant to ensure that their participation and potential receipt of prizes is not prohibited under the laws of their country or jurisdiction.
• Participants must be 18 years or older at the time of entry.
• Employees of Cymulate, its affiliates and immediate family members are not eligible to win cash prizes but are welcome to participate for fun.

Prize Payment

Cash prizes will be awarded within 30 days of winner announcement, subject to completion of all required documentation, including verification of eligibility and submission of a valid payment method. Payment will be made via bank transfer, PayPal, or another method at Cymulate’s sole discretion, and may be subject to applicable taxes and reporting requirements in the winner’s jurisdiction.

Prize awards are subject to identity verification, compliance with all official rules, and submission of a completed prize acceptance form. Cymulate reserves the right to withhold or revoke a prize in cases of suspected fraud, rule violations, or any misconduct that may compromise the integrity of the competition.

Why Focus on MCP?

The Model Context Protocol represents a fundamental shift. It’s how modern AI agents gain the power to:

• Read and write files through filesystem servers.
• Execute privileged database queries.
• Access APIs and external services dynamically.
• Chain multiple tools together for complex workflows.

This power introduces entirely new security challenges:

• Elevated privileges and broad scopes become commonplace.
• Complex tool chaining can slip past traditional security controls.
• AI’s dynamic, creative request patterns can find exploits humans miss.

Through MCPwned, we’re bringing these risks to life in a controlled environment so you can understand them — and be ready to secure them.

Join the Hunt

Think you can outpace the attackers? Or publish the sharpest write-up dissecting every vulnerability?
Starting July 9, you’ll have your chance.

Then, at Black Hat USA 2025 (August 2-7 at Booth #1640), watch the final Stage 5 unfold — or jump in yourself for the ultimate showdown.

Publicity & Name Use

By participating, winners agree that Cymulate may publish their name, country, picture, and submitted technical write-up (if applicable) for promotional and marketing purposes in any media, without further compensation.

Intellectual Property – Write-Up Content 

By submitting such content, participants grant Cymulate the fully ownership of any submitted technical write-up, inclusing a worldwide, royalty-free, non-exclusive license to use, reproduce, modify, publish, and distribute the write-up with appropriate attribution. By submitting any content as part of the MCPwned competition (including technical write-ups), each participant represents and warrants that the submission is their own original work, does not infringe upon the intellectual property rights, privacy rights, or any other rights of any third party, and has not been previously published or submitted to any other contest. Participants further agree to indemnify and hold harmless Cymulate from any claims, damages, or liabilities arising from any breach of this representation.

Limitation of Liability

Cymulate shall not be held liable for any direct, indirect, incidental, or consequential damages arising from or relating to participation in MCPwned, including but not limited to technical failures, data loss, or service interruptions. Participation is at each individual’s own risk.

Governing Law & Jurisdiction

This contest and any related disputes shall be governed by the laws of the State of Israel, without regard to its conflict of law principles. The competent courts of Tel Aviv, Israel, shall have exclusive jurisdiction over any such disputes.

Legal Compliance and Skill-Based Nature

This is a skill-based contest. Chance plays no role in determining the winners. No purchase or payment is required to enter or win. The contest is open to eligible individuals worldwide, except where prohibited or restricted by local laws.

Participation in the final on-site stage at Black Hat USA 2025 is subject to conference rules and badge scanning requirements as set by Black Hat. Cymulate has coordinated this activity in accordance with Black Hat exhibitor policies and guidelines.Let’s Validate Exposure Together

At Cymulate, our mission is simple: continuously validate your exposure, so you can close security gaps before attackers find them. MCPwned is our way of pushing that mission even further — into the emerging AI-driven ecosystem where tomorrow’s attacks are already taking shape.

We can’t wait to see how you tackle it.
Get ready. Get MCPwned.

Get started here