Saved in:
Bibliographic Details
Main Authors: Bhatt, Manish, Wood, Adrian, Habler, Idan, Al-Kahfah, Ammar
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2601.00042
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918274054225920
author Bhatt, Manish
Wood, Adrian
Habler, Idan
Al-Kahfah, Ammar
author_facet Bhatt, Manish
Wood, Adrian
Habler, Idan
Al-Kahfah, Ammar
contents Production LLM agents with tool-using capabilities require security testing despite their safety training. We adapt Go-Explore to evaluate GPT-4o-mini across 28 experimental runs spanning six research questions. We find that random-seed variance dominates algorithmic parameters, yielding an 8x spread in outcomes; single-seed comparisons are unreliable, while multi-seed averaging materially reduces variance in our setup. Reward shaping consistently harms performance, causing exploration collapse in 94% of runs or producing 18 false positives with zero verified attacks. In our environment, simple state signatures outperform complex ones. For comprehensive security testing, ensembles provide attack-type diversity, whereas single agents optimize coverage within a given attack type. Overall, these results suggest that seed variance and targeted domain knowledge can outweigh algorithmic sophistication when testing safety-trained models.
format Preprint
id arxiv_https___arxiv_org_abs_2601_00042
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Large Empirical Case Study: Go-Explore adapted for AI Red Team Testing
Bhatt, Manish
Wood, Adrian
Habler, Idan
Al-Kahfah, Ammar
Cryptography and Security
Artificial Intelligence
Machine Learning
Production LLM agents with tool-using capabilities require security testing despite their safety training. We adapt Go-Explore to evaluate GPT-4o-mini across 28 experimental runs spanning six research questions. We find that random-seed variance dominates algorithmic parameters, yielding an 8x spread in outcomes; single-seed comparisons are unreliable, while multi-seed averaging materially reduces variance in our setup. Reward shaping consistently harms performance, causing exploration collapse in 94% of runs or producing 18 false positives with zero verified attacks. In our environment, simple state signatures outperform complex ones. For comprehensive security testing, ensembles provide attack-type diversity, whereas single agents optimize coverage within a given attack type. Overall, these results suggest that seed variance and targeted domain knowledge can outweigh algorithmic sophistication when testing safety-trained models.
title Large Empirical Case Study: Go-Explore adapted for AI Red Team Testing
topic Cryptography and Security
Artificial Intelligence
Machine Learning
url https://arxiv.org/abs/2601.00042