@cwolferesearch: This cybersecurity eval writeup is great for understanding how complex / realistic evals are built. Some key takeaways …
Summary
This tweet summarizes key takeaways from a detailed writeup on building complex cybersecurity evaluations for AI agents, covering long-horizon tasks, sourced benchmarks, varying difficulty levels, outcome verification challenges, and QA-based progress testing.
View Cached Full Text
Cached at: 06/28/26, 04:11 PM
This cybersecurity eval writeup is great for understanding how complex / realistic evals are built. Some key takeaways after reading it:
-
Recent evals are shockingly long horizon. The cyber evals outlined in this post can take 24+ hours for a human to solve. Running the evaluation suite for the CyberGym benchmark cost $40K in API credits. We can even use time to derive a human solution (i.e., first solve time) to categorize the difficulty level of each evaluation task.
-
Tasks tend to be sampled from reliable / vetted sources to ensure quality. For example, CVE-Bench samples tasks from the National Vulnerability Database, while CyBench samples tasks from professional-level capture-the-flag competition questions.
-
For each individual task, we might execute the task with varying levels of difficulty depending on the input. The hardest setup is a zero-day simulation, where the agent is given only the vulnerable code with no other info. However, we can also test one-day scenarios where the agent is given a vulnerability description / patch and expected to reverse engineer and exploit. There are many different setups that can be created with various types of hints, allowing agents to be tested under different difficulty levels of cyberattacks.
-
There are many ways an exploit can be executed, so most cyber evals focus on verifying outcomes. However, this is often not comprehensive enough - the agent may accomplish 90% of an exploit, but outcome verification would provide no credit. To solve this, many evals collect a set of deterministic verifications that test for different levels of exploits that are achieved while finding a final attack; e.g., find vulnerability -> reproduce vulnerability -> exploit vulnerability with unauthorized code execution -> achieve final attack.
-
Several evals use a QA approach to test the agent’s progress toward an exploit as well. For example, you could directly ask the agent to tell us where the vulnerable code is and verify the output against ground truth. Similarly, you could just ask the agent to provide the capture-the-flag string. This is a really flexible approach compared to running transcript audits.
Really great post, couldn’t recommend it enough!
Similar Articles
From Controlled to the Wild: Evaluation of Pentesting Agents for the Real-World
This paper presents a practical evaluation protocol for assessing AI pentesting agents in realistic, complex targets rather than simplified benchmarks. It uses LLM-based semantic matching, bipartite resolution, and continuous ground-truth to score vulnerabilities discovered, and releases expert-annotated ground truth and code.
@cwolferesearch: I just published a detailed guide on evaluating agents. It covers: 1. Agent fundamentals (everything from basic concept…
A detailed guide on evaluating AI agents, covering fundamentals, common evaluation patterns, and case studies of popular benchmarks like Tau-Bench and Terminal-Bench.
@BraceSproul: I've been thinking a lot about the two different groups of evals you need in general agents/agents which handle broad t…
A Twitter thread discussing two distinct evaluation suites needed for general AI agents: a lightweight benchmark eval for quick iteration and a comprehensive test coverage eval for thorough validation across diverse user paths.
Demystifying evals for AI agents
Anthropic provides a guide on designing rigorous automated evaluations for AI agents, addressing the complexities of multi-turn interactions and state modifications.
@levie: Almost all AI model and agent progress is downstream from evals. Open weights post training for specific domains comes …
Almost all AI model and agent progress depends on evaluations (evals). Understanding workflows and agent performance through evals will become a core enterprise competency for driving automation.