Saved in:
Bibliographic Details
Main Authors: Bhatt, Aryan, Rushing, Cody, Kaufman, Adam, Tracy, Tyler, Georgiev, Vasil, Matolcsi, David, Khan, Akbir, Shlegeris, Buck
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.10374
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912326679003136
author Bhatt, Aryan
Rushing, Cody
Kaufman, Adam
Tracy, Tyler
Georgiev, Vasil
Matolcsi, David
Khan, Akbir
Shlegeris, Buck
author_facet Bhatt, Aryan
Rushing, Cody
Kaufman, Adam
Tracy, Tyler
Georgiev, Vasil
Matolcsi, David
Khan, Akbir
Shlegeris, Buck
contents Control evaluations measure whether monitoring and security protocols for AI systems prevent intentionally subversive AI models from causing harm. Our work presents the first control evaluation performed in an agent environment. We construct BashBench, a dataset of 257 challenging multi-step system administration tasks, and evaluate whether various safety measures can prevent an adversarially constructed AI agent from covertly downloading and executing malicious code in this environment. This multi-step setting introduces new attack and defense dynamics, which we investigate in order to design novel control protocols that prevent safety failures without hindering the ability of non-malicious agents to perform useful work. We introduce a class of control protocols called resample protocols that dynamically take additional samples of certain actions. We find these protocols significantly improve on existing techniques by selectively blocking the AI agent from executing suspicious code and incriminating the agent by generating additional examples of dangerous behavior. We measure the tradeoff between attack prevention and usefulness; our best protocol combines resampling with analysis of previous steps, reducing the success rate of attacks from 58% to 7% at a 5% cost to the performance of a non-malicious agent.
format Preprint
id arxiv_https___arxiv_org_abs_2504_10374
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Ctrl-Z: Controlling AI Agents via Resampling
Bhatt, Aryan
Rushing, Cody
Kaufman, Adam
Tracy, Tyler
Georgiev, Vasil
Matolcsi, David
Khan, Akbir
Shlegeris, Buck
Machine Learning
Control evaluations measure whether monitoring and security protocols for AI systems prevent intentionally subversive AI models from causing harm. Our work presents the first control evaluation performed in an agent environment. We construct BashBench, a dataset of 257 challenging multi-step system administration tasks, and evaluate whether various safety measures can prevent an adversarially constructed AI agent from covertly downloading and executing malicious code in this environment. This multi-step setting introduces new attack and defense dynamics, which we investigate in order to design novel control protocols that prevent safety failures without hindering the ability of non-malicious agents to perform useful work. We introduce a class of control protocols called resample protocols that dynamically take additional samples of certain actions. We find these protocols significantly improve on existing techniques by selectively blocking the AI agent from executing suspicious code and incriminating the agent by generating additional examples of dangerous behavior. We measure the tradeoff between attack prevention and usefulness; our best protocol combines resampling with analysis of previous steps, reducing the success rate of attacks from 58% to 7% at a 5% cost to the performance of a non-malicious agent.
title Ctrl-Z: Controlling AI Agents via Resampling
topic Machine Learning
url https://arxiv.org/abs/2504.10374