From Controlled to the Wild: Evaluation of Pentesting Agents for the Real-World
Summary
This paper presents a practical evaluation protocol for assessing AI pentesting agents in realistic, complex targets rather than simplified benchmarks. It uses LLM-based semantic matching, bipartite resolution, and continuous ground-truth to score vulnerabilities discovered, and releases expert-annotated ground truth and code.
View Cached Full Text
Cached at: 07/16/26, 01:43 PM
Paper page - From Controlled to the Wild: Evaluation of Pentesting Agents for the Real-World
Source: https://huggingface.co/papers/2605.10834
Abstract
AIpentestingagentsareincreasinglycredibleasoffensivesecuritysystems,butcurrentbenchmarksstillprovidelimitedguidanceonwhichwillperformbestinreal-worldtargets.Existingevaluationprotocolsassessandoptimizeforpredefinedgoalssuchascapture-the-flag,remotecodeexecution,exploitreproduction,ortrajectorysimilarity,insimplifiedornarrowsettings.Thesetoolsarevaluableformeasuringboundedcapabilities,yettheydonotadequatelycapturethecomplexity,open-endedexploration,andstrategicdecision-makingrequiredinrealisticpentesting.Inthispaper,wepresentapracticalevaluationprotocolthatshiftsassessmentfromtaskcompletiontovalidatedvulnerabilitydiscovery,allowingevaluationinsufficientlycomplextargetsspanningmultipleattacksurfacesandvulnerabilityclasses.Theprotocolcombinesstructuredground-truthwithLLM-basedsemanticmatchingtoidentifyvulnerabilities,bipartiteresolutiontoscorefindingsunderrealisticambiguity,continuousground-truthmaintenance,repeatedandcumulativeevaluationofstochasticagents,efficiencymetrics,andreduced-suiteselectionforsustainableexperimentation.Thisprotocolextendsthestateoftheartbyenablingamorerealistic,operationallyinformativecomparisonofAIpentestingagents.Toenablereproducibility,wealsoreleaseexpert-annotatedgroundtruthandcodefortheproposedevaluationprotocol:https://github.com/ethiack/ethibench.
View arXiv pageView PDFGitHub64Add to collection
Get this paper in your agent:
hf papers read 2605\.10834
Don’t have the latest CLI?curl \-LsSf https://hf\.co/cli/install\.sh \| bash
Models citing this paper0
No model linking this paper
Cite arxiv.org/abs/2605.10834 in a model README.md to link it from this page.
Datasets citing this paper0
No dataset linking this paper
Cite arxiv.org/abs/2605.10834 in a dataset README.md to link it from this page.
Spaces citing this paper0
No Space linking this paper
Cite arxiv.org/abs/2605.10834 in a Space README.md to link it from this page.
Collections including this paper0
No Collection including this paper
Add this paper to acollectionto link it from this page.
Similar Articles
I tested AI agents on fixing real security bugs. Here's what I found.
Independent research benchmarked AI agents on fixing 20 real vulnerabilities from Python projects; best solve rate was 50%, expensive models not worth it, and dangerous false positives where agents produced convincing but incomplete fixes.
@cwolferesearch: This cybersecurity eval writeup is great for understanding how complex / realistic evals are built. Some key takeaways …
This tweet summarizes key takeaways from a detailed writeup on building complex cybersecurity evaluations for AI agents, covering long-horizon tasks, sourced benchmarks, varying difficulty levels, outcome verification challenges, and QA-based progress testing.
@hetmehtaa: Local AI for Penetration Testing & Research https://projectblack.io/blog/local-ai-for-cyber-security/…
A blog post benchmarks four approaches (Semgrep, GLM 5.1 with Strix, cloud SOTA with code review skill, and local AI with a custom harness) for finding a known LFI vulnerability in PHPIPAM, finding that the local AI harness with a tailored approach outperforms the others.
Free AI Agent Security Assessment
Antitech is offering free early-access security assessments for AI agents, testing against attack vectors like prompt injection, tool abuse, and data leakage, providing a vulnerability report and discounts for participants.
An Empirical Study of Automating Agent Evaluation
This paper introduces EvalAgent, a system that automates the evaluation of AI agents by encoding domain-specific expertise, addressing the limitations of standard coding assistants in this task. It also presents AgentEvalBench, a benchmark for testing evaluation pipelines, and demonstrates significant improvements in evaluation reliability.