Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2504.10374 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866912326679003136 |
|---|---|
| author | Bhatt, Aryan Rushing, Cody Kaufman, Adam Tracy, Tyler Georgiev, Vasil Matolcsi, David Khan, Akbir Shlegeris, Buck |
| author_facet | Bhatt, Aryan Rushing, Cody Kaufman, Adam Tracy, Tyler Georgiev, Vasil Matolcsi, David Khan, Akbir Shlegeris, Buck |
| contents | Control evaluations measure whether monitoring and security protocols for AI systems prevent intentionally subversive AI models from causing harm. Our work presents the first control evaluation performed in an agent environment. We construct BashBench, a dataset of 257 challenging multi-step system administration tasks, and evaluate whether various safety measures can prevent an adversarially constructed AI agent from covertly downloading and executing malicious code in this environment. This multi-step setting introduces new attack and defense dynamics, which we investigate in order to design novel control protocols that prevent safety failures without hindering the ability of non-malicious agents to perform useful work. We introduce a class of control protocols called resample protocols that dynamically take additional samples of certain actions. We find these protocols significantly improve on existing techniques by selectively blocking the AI agent from executing suspicious code and incriminating the agent by generating additional examples of dangerous behavior. We measure the tradeoff between attack prevention and usefulness; our best protocol combines resampling with analysis of previous steps, reducing the success rate of attacks from 58% to 7% at a 5% cost to the performance of a non-malicious agent. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2504_10374 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Ctrl-Z: Controlling AI Agents via Resampling Bhatt, Aryan Rushing, Cody Kaufman, Adam Tracy, Tyler Georgiev, Vasil Matolcsi, David Khan, Akbir Shlegeris, Buck Machine Learning Control evaluations measure whether monitoring and security protocols for AI systems prevent intentionally subversive AI models from causing harm. Our work presents the first control evaluation performed in an agent environment. We construct BashBench, a dataset of 257 challenging multi-step system administration tasks, and evaluate whether various safety measures can prevent an adversarially constructed AI agent from covertly downloading and executing malicious code in this environment. This multi-step setting introduces new attack and defense dynamics, which we investigate in order to design novel control protocols that prevent safety failures without hindering the ability of non-malicious agents to perform useful work. We introduce a class of control protocols called resample protocols that dynamically take additional samples of certain actions. We find these protocols significantly improve on existing techniques by selectively blocking the AI agent from executing suspicious code and incriminating the agent by generating additional examples of dangerous behavior. We measure the tradeoff between attack prevention and usefulness; our best protocol combines resampling with analysis of previous steps, reducing the success rate of attacks from 58% to 7% at a 5% cost to the performance of a non-malicious agent. |
| title | Ctrl-Z: Controlling AI Agents via Resampling |
| topic | Machine Learning |
| url | https://arxiv.org/abs/2504.10374 |