Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Kaufman, Adam, Lucassen, James, Tracy, Tyler, Rushing, Cody, Bhatt, Aryan
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2512.15688
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866912771315073024
author Kaufman, Adam
Lucassen, James
Tracy, Tyler
Rushing, Cody
Bhatt, Aryan
author_facet Kaufman, Adam
Lucassen, James
Tracy, Tyler
Rushing, Cody
Bhatt, Aryan
contents Future AI agents might run autonomously with elevated privileges. If these agents are misaligned, they might abuse these privileges to cause serious damage. The field of AI control develops techniques that make it harder for misaligned AIs to cause such damage, while preserving their usefulness. We introduce BashArena, a setting for studying AI control techniques in security-critical environments. BashArena contains 637 Linux system administration and infrastructure engineering tasks in complex, realistic environments, along with four sabotage objectives (execute malware, exfiltrate secrets, escalate privileges, and disable firewall) for a red team to target. We evaluate multiple frontier LLMs on their ability to complete tasks, perform sabotage undetected, and detect sabotage attempts. Claude Sonnet 4.5 successfully executes sabotage while evading monitoring by GPT-4.1 mini 26% of the time, at 4% trajectory-wise FPR. Our findings provide a baseline for designing more effective control protocols in BashArena. We release the dataset as a ControlArena setting and share our task generation pipeline.
format Preprint
id arxiv_https___arxiv_org_abs_2512_15688
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle BashArena: A Control Setting for Highly Privileged AI Agents
Kaufman, Adam
Lucassen, James
Tracy, Tyler
Rushing, Cody
Bhatt, Aryan
Cryptography and Security
Artificial Intelligence
Future AI agents might run autonomously with elevated privileges. If these agents are misaligned, they might abuse these privileges to cause serious damage. The field of AI control develops techniques that make it harder for misaligned AIs to cause such damage, while preserving their usefulness. We introduce BashArena, a setting for studying AI control techniques in security-critical environments. BashArena contains 637 Linux system administration and infrastructure engineering tasks in complex, realistic environments, along with four sabotage objectives (execute malware, exfiltrate secrets, escalate privileges, and disable firewall) for a red team to target. We evaluate multiple frontier LLMs on their ability to complete tasks, perform sabotage undetected, and detect sabotage attempts. Claude Sonnet 4.5 successfully executes sabotage while evading monitoring by GPT-4.1 mini 26% of the time, at 4% trajectory-wise FPR. Our findings provide a baseline for designing more effective control protocols in BashArena. We release the dataset as a ControlArena setting and share our task generation pipeline.
title BashArena: A Control Setting for Highly Privileged AI Agents
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2512.15688