AutoAdvExBench: Benchmarking autonomous exploitation of adversarial example defenses
By: Nicholas Carlini , Javier Rando , Edoardo Debenedetti and more
Potential Business Impact:
Tests if AI can break computer security defenses.
We introduce AutoAdvExBench, a benchmark to evaluate if large language models (LLMs) can autonomously exploit defenses to adversarial examples. Unlike existing security benchmarks that often serve as proxies for real-world tasks, bench directly measures LLMs' success on tasks regularly performed by machine learning security experts. This approach offers a significant advantage: if a LLM could solve the challenges presented in bench, it would immediately present practical utility for adversarial machine learning researchers. We then design a strong agent that is capable of breaking 75% of CTF-like ("homework exercise") adversarial example defenses. However, we show that this agent is only able to succeed on 13% of the real-world defenses in our benchmark, indicating the large gap between difficulty in attacking "real" code, and CTF-like code. In contrast, a stronger LLM that can attack 21% of real defenses only succeeds on 54% of CTF-like defenses. We make this benchmark available at https://github.com/ethz-spylab/AutoAdvExBench.
Similar Papers
CVE-Bench: A Benchmark for AI Agents' Ability to Exploit Real-World Web Application Vulnerabilities
Cryptography and Security
Tests AI's ability to hack websites safely.
DefenderBench: A Toolkit for Evaluating Language Agents in Cybersecurity Environments
Computation and Language
Tests AI to find computer security problems.
AttackSeqBench: Benchmarking Large Language Models' Understanding of Sequential Patterns in Cyber Attacks
Cryptography and Security
Helps computers understand attack steps in security reports.