Capture-the-Flag (CTF) competitions play a central role in modern cybersecurity as a platform for training practitioners and evaluating offensive and defensive techniques derived from real-world vulnerabilities. Despite recent advances in large language models (LLMs), existing LLM-based agents remain ineffective on high-difficulty cryptographic CTF challenges, which require precise cryptanalytic knowledge, stable long-horizon reasoning, and disciplined interaction with specialized toolchains. Through a systematic exploratory study, we show that insufficient knowledge granularity, rather than model reasoning capacity, is a primary factor limiting successful cryptographic exploitation: coarse or abstracted external knowledge often fails to support correct attack modeling and implementation. Motivated by this observation, we propose KryptoPilot, an open-world knowledge-augmented LLM agent for automated cryptographic exploitation. KryptoPilot integrates dynamic open-world knowledge acquisition via a Deep Research pipeline, a persistent workspace for structured knowledge reuse, and a governance subsystem that stabilizes reasoning through behavioral constraints and cost-aware model routing. This design enables precise knowledge alignment while maintaining efficient reasoning across heterogeneous subtasks. We evaluate KryptoPilot on two established CTF benchmarks and in six real-world CTF competitions. KryptoPilot achieves a complete solve rate on InterCode-CTF, solves between 56 and 60 percent of cryptographic challenges on the NYU-CTF benchmark, and successfully solves 26 out of 33 cryptographic challenges in live competitions, including multiple earliest-solved and uniquely-solved instances. These results demonstrate the necessity of open-world, fine-grained knowledge augmentation and governed reasoning for scaling LLM-based agents to real-world cryptographic exploitation.

翻译：夺旗竞赛作为现代网络安全领域的核心平台，在培训从业者及评估源自现实漏洞的攻防技术方面发挥着关键作用。尽管大语言模型近期取得了显著进展，但现有基于LLM的智能体在面对高难度密码学CTF挑战时仍显不足，这类挑战需要精确的密码分析知识、稳定的长程推理能力以及与专用工具链的规范交互。通过系统性探索研究，我们发现知识粒度不足（而非模型推理能力）是限制成功实施密码学攻击的主要因素：粗糙或抽象的外部知识往往无法支持正确的攻击建模与实施。基于此观察，我们提出KryptoPilot——一种面向自动化密码学攻击的开放世界知识增强型LLM智能体。KryptoPilot通过深度研究管道集成动态开放世界知识获取，建立支持结构化知识复用的持久工作空间，并配备通过行为约束与成本感知模型路由来稳定推理的治理子系统。该设计在保持跨异构子任务高效推理的同时，实现了精确的知识对齐。我们在两个成熟的CTF基准测试和六场真实CTF竞赛中对KryptoPilot进行评估。该系统在InterCode-CTF上实现完全解题率，在NYU-CTF基准测试中解决了56%至60%的密码学挑战，并在现场竞赛中成功破解33道密码学挑战中的26道，包含多个最早解出及唯一解出的实例。这些结果证明了开放世界细粒度知识增强与受治理推理对于将基于LLM的智能体扩展至现实世界密码学攻击场景的必要性。