Carnegie Mellon extends historic run with its fifth straight MITRE eCTF title

For the fifth consecutive year, Carnegie Mellon University students have claimed first place in the MITRE Embedded Capture the Flag (eCTF) cybersecurity competition, further cementing the university’s status as the top program in one of the nation’s most demanding collegiate security contests.

The 2026 victory extends Carnegie Mellon’s record-setting streak in the competition and underscores the university’s continued leadership in embedded systems security, where students must defend both software and the increasingly complex hardware ecosystems that power modern technology.

This year’s challenge was widely regarded by advisors and competitors as the toughest in the competition’s history.

Unlike the 2025 contest, which centered on securing a satellite television receiver, the 2026 eCTF required teams to protect a far more interactive manufacturing pipeline involving multiple devices, users, and security checkpoints. Competitors were tasked with designing and defending a secure system that could safely transfer design files between engineers, technicians, and manufacturing systems, even when some devices or users might be compromised by attackers.

“The competition itself was substantially harder this year,” said Patrick Tague, associate teaching professor in Carnegie Mellon’s Information Networking Institute (INI) and one of the team’s faculty advisors. “The scenario they gave was more complex, the constraints were much tighter, and there was a lot more surface to protect.”

That increased complexity made this year’s title run especially hard-fought. Carnegie Mellon entered the attack phase slightly behind after a more compressed design process than in previous years, and for the first time in the university’s winning streak, advisors said there was real uncertainty about whether the team would ultimately finish on top.

“This was really the first year that we had a lot of concern about our position in the standings,” said Tague. “We weren’t as certain as we had been in past years.”

For Hanan Hibshi, assistant teaching professor in the INI and a first-time hands-on faculty advisor for the team, the win demonstrated not just technical excellence, but also the resilience of Carnegie Mellon’s culture.

“The teams are getting better every year, so one of my biggest questions was whether we were improving fast enough too,” said Hibshi. “What stood out to me was how organized our students were, how they held each other accountable, and how willing they were to teach one another.

“We bring together students from different disciplines, and that diversity of expertise really matters.”

Carnegie Mellon’s team included students from multiple programs and departments across the university, including Information Security, Electrical and Computer Engineering, and Computer Science. Advisors said that interdisciplinary structure paired with strong student leadership continues to distinguish Carnegie Mellon from MITRE eCTF competitors.

“I think the biggest thing we have going for us is CMU’s culture,” said Tague. “We’re incredibly collaborative and cross-disciplinary. We can pull in students and expertise from across departments in ways that many schools simply can’t.”

That collaborative model also reflects the growing demands of the cybersecurity industry, where securing modern systems increasingly requires expertise that spans software, hardware, protocol analysis, and real-world operational constraints.

Hibshi noted that eCTF offers students a rare opportunity to test widely discussed technologies and assumptions, such as AI-assisted development or memory-safe programming languages like Rust, against real adversarial conditions.

“Our students are learning firsthand that no single tool solves security,” said Hibshi. “AI and newer programming approaches are powerful, but this competition teaches that human expertise, critical thinking, and secure design still matter.”

The continued success of Carnegie Mellon’s MITRE eCTF team has become a major recruiting tool for the university, drawing students who specifically seek opportunities to compete at the highest levels of cybersecurity.

“eCTF has taught me so much about security,” said Ryan Kim, a recent M.S. in Information Security (MSIS) graduate and member of this year’s team. “I really enjoyed it, and it was fun hanging out with everyone and working every week in order to hack other teams across the world.

“AI was good, but people are better.”

Beyond the trophies, advisors say the university’s sustained dominance is also helping elevate the broader field, strengthening the university’s standing among industry partners and the broader cybersecurity community in the process.

“This is a free advertisement for why our students are different,” said Hibshi. “This is student-driven, hands-on, real-world security work. It shows what Carnegie Mellon students can do.”

Funding for the team was made possible by CyLab partners through the IoT Security and Privacy Initiative.

Members of CMU’s winning team are listed below:

• Daniel Ha, ECE BS
• Max Yin, INI MSIS
• Jacob Lawrence, INI MSIS
• Om Arora-Jain, INI MSIT-IS
• Andy Li, ECE MS
• Gaurav C G, INI MSIS
• Ryan Kim, INI MSIS
• Sky Bailey, ECE MS
• Nishant Puri, INI MSIT-IS
• Mitchell Zhou, INI MSIS
• Keshav Ravichandra Raju, INI MSIS
• Reid Starzl, SCS BS - Sec/Priv Minor
• Pritha Tiwari, INI MSIS
• Adit Verma, INI MSIT-IS
• Keyur Aghao, INI MSIS
• Chloe Taylor, INI MSIT-IS

For media inquires, please contact Michael Cunningham at mocunnin@andrew.cmu.edu.