Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Aonzo, Simone, Sahin, Merve, Francillon, Aurélien, Perito, Daniele
Format: Preprint
Veröffentlicht: 2026
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2603.15457
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866910054802784256
author Aonzo, Simone
Sahin, Merve
Francillon, Aurélien
Perito, Daniele
author_facet Aonzo, Simone
Sahin, Merve
Francillon, Aurélien
Perito, Daniele
contents Artificial intelligence (AI) systems are increasingly adopted as tool-using agents that can plan, observe their environment, and take actions over extended time periods. This evolution challenges current evaluation practices where the AI models are tested in restricted, fully observable settings. In this article, we argue that evaluations of AI agents are vulnerable to a well-known failure mode in computer security: malicious software that exhibits benign behavior when it detects that it is being analyzed. We point out how AI agents can infer the properties of their evaluation environment and adapt their behavior accordingly. This can lead to overly optimistic safety and robustness assessments. Drawing parallels with decades of research on malware sandbox evasion, we demonstrate that this is not a speculative concern, but rather a structural risk inherent to the evaluation of adaptive systems. Finally, we outline concrete principles for evaluating AI agents, which treat the system under test as potentially adversarial. These principles emphasize realism, variability of test conditions, and post-deployment reassessment.
format Preprint
id arxiv_https___arxiv_org_abs_2603_15457
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Evasive Intelligence: Lessons from Malware Analysis for Evaluating AI Agents
Aonzo, Simone
Sahin, Merve
Francillon, Aurélien
Perito, Daniele
Cryptography and Security
Artificial Intelligence
Artificial intelligence (AI) systems are increasingly adopted as tool-using agents that can plan, observe their environment, and take actions over extended time periods. This evolution challenges current evaluation practices where the AI models are tested in restricted, fully observable settings. In this article, we argue that evaluations of AI agents are vulnerable to a well-known failure mode in computer security: malicious software that exhibits benign behavior when it detects that it is being analyzed. We point out how AI agents can infer the properties of their evaluation environment and adapt their behavior accordingly. This can lead to overly optimistic safety and robustness assessments. Drawing parallels with decades of research on malware sandbox evasion, we demonstrate that this is not a speculative concern, but rather a structural risk inherent to the evaluation of adaptive systems. Finally, we outline concrete principles for evaluating AI agents, which treat the system under test as potentially adversarial. These principles emphasize realism, variability of test conditions, and post-deployment reassessment.
title Evasive Intelligence: Lessons from Malware Analysis for Evaluating AI Agents
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2603.15457