NOW LET US – AI RAG SaaS Studio TP.HCM
NOW LET US
Digital Product Studio
Back to news
AGENTIC-SYSTEMS...1 min read

Attack Selection in Agentic AI Control Evaluations Meaningfully Decreases Safety

Share
NOW LET US Article – Attack Selection in Agentic AI Control Evaluations Meaningfully Decreases Safety

A new study reveals that current AI safety evaluation frameworks overestimate security by assuming non-strategic attackers. By strategically choosing when to start and abort attacks, rogue AI agents can easily evade monitoring systems, significantly reducing empirical safety.

Computer Science > Artificial Intelligence

Title: Attack Selection in Agentic AI Control Evaluations Meaningfully Decreases Safety

An attacker that strategically chooses when to attack is much harder to catch than one that attacks indiscriminately. AI control is a safety framework for deploying capable but untrusted AI agents under the oversight of a weaker, trusted monitor and a limited human audit budget. Control evaluations stress-test these protocols by pitting a red-team attack policy against the blue-team monitor, but current evaluations typically assume attackers that do not strategically select when to attack. We study this capability, attack selection, in agentic settings by decomposing attack decisions into a start policy, which decides when an attacker should attack, and a stop policy, which decides when an attacker should abort an ongoing attack. Across two agentic settings, BashArena and LinuxArena, both policies substantially lower measured empirical safety without changing the underlying attack capability. At a 1% audit budget, our start policy reduces safety by 20pp on both BashArena and LinuxArena, and our stop policy reduces safety by 20pp on BashArena and 28pp on LinuxArena. These reductions should be interpreted as upper bounds on the effect of attack selection. Existing control evaluations may therefore yield overly optimistic safety estimates against selective attackers. We recommend that future evaluations, system cards, and safety cases elicit attack selection to produce more realistic safety estimates.

© 2026 Now Let Us. All rights reserved.

Source: arXiv cs.AI Recent

Advertisement
Ad slot ready: 5887729102

More in this category

NOW LET US Related – Lean4Agent: Formal Modeling and Verification for Agent Workflow and Trajectory

agentic-systems

Lean4Agent: Formal Modeling and Verification for Agent Workflow and Trajectory

Researchers have introduced Lean4Agent, the first framework that leverages the Lean4 formal language to model and verify AI agent workflows. By addressing natural language ambiguity, it significantly enhances the reliability and execution performance of LLMs.

NOW LET US Related – Accelerated Fourier SAT (AFSAT): Fully Realising a GPU-based Symmetric Pseudo-Boolean SAT Solver

agentic-systems

Accelerated Fourier SAT (AFSAT): Fully Realising a GPU-based Symmetric Pseudo-Boolean SAT Solver

Researchers have introduced AFSAT, a GPU-accelerated pseudo-Boolean solver based on continuous local search. By leveraging the JAX compiler, AFSAT overcomes memory and floating-point limitations, delivering superior performance and near-linear scaling across multiple accelerators.

NOW LET US Related – CrowdMath: A Dataset of Crowdsourced Mathematical Research Discussions

agentic-systems

CrowdMath: A Dataset of Crowdsourced Mathematical Research Discussions

The newly introduced CrowdMath dataset evaluates AI's ability in collaborative mathematical problem-solving. While frontier LLMs excel at individual reasoning, they struggle to understand the functional roles of contributions in collaborative research discussions.

NOW LET US Related – Exploring Agentic Tool-Calling Decisions via Uncertainty-Aligned Reinforcement Learning

agentic-systems

Exploring Agentic Tool-Calling Decisions via Uncertainty-Aligned Reinforcement Learning

Researchers have proposed TRUST, a novel reinforcement learning framework that aligns uncertainty quantification with reward design to improve tool-calling decisions in LLM agents, preventing overconfident mistakes.

NOW LET US Related – Detecting and Mitigating Bias by Treating Fairness as a Symmetry Operation

agentic-systems

Detecting and Mitigating Bias by Treating Fairness as a Symmetry Operation

Researchers propose a novel framework that treats fairness in machine learning as a symmetry operation, mitigating bias by over 90% with minimal impact on accuracy.

NOW LET US Related – A Study of Parallel Continuous Local Search

agentic-systems

A Study of Parallel Continuous Local Search

A new study explores parallel Continuous Local Search (CLS) as an efficient approach for solving Boolean satisfiability (SAT) problems, offering key insights for implementation on modern accelerator hardware.

EXPLORE TOPICS

Discover All Categories

Deep dive into the specific technology sectors that matter most to you.

AI Frontier

AI Frontier

Foundation models, multimodal systems, and enterprise use cases.

Agentic Systems

Agentic Systems

Task-oriented automation workflows for real operations.

SaaS Growth

SaaS Growth

CAC, LTV, retention, and growth optimization.

Dev Tools

Dev Tools

Codegen tools, next-gen IDEs, and modern dev workflows.

Cybersecurity

Cybersecurity

AI security, Zero Trust, and proactive defense.

Cloud & Infra

Cloud & Infra

Cloud Native, Edge Computing, and GPU Clusters.

Robotics

Robotics

Humanoid robots, autonomous vehicles, and smart hardware.

Startups & VC

Startups & VC

Funding trends, M&A, and the startup ecosystem.