论文73°

AHA:自动化红队测试发现Claude Code和Codex的智能体漏洞

Agent Hacks Agent: Autoresearch for Production-Agent Red-Teaming

精选理由

想了解如何自动化挖Claude Code和Codex的漏洞?这篇论文提出了AHA方法,比现有方法强14%,还能跨场景复用。搞智能体安全的值得看。

AI 摘要

论文提出AHA框架,通过自动化研究环境对Claude Code和Codex等生产智能体进行红队测试。AHA构建漏洞假设、生成攻击、在沙箱中执行并反思,将结果汇入Vulnerability Concept Graph(VCG)。实验覆盖直接与间接攻击场景,VCG无需额外搜索即可在单次攻击协议下超越最强基线14.2个百分点。VCG可跨模型和攻击渠道迁移,为安全团队提供可审计的漏洞知识库。

原文 · arXiv cs.AI

Agent Hacks Agent: Autoresearch for Production-Agent Red-Teaming

Production LLM agents such as Claude Code and Codex operate over untrusted content, files, commands, and workspace state, making safety failures directly actionable. Red-teaming must therefore keep pace with evolving models and tools. Existing approaches mainly optimize attack success and preserve artifacts such as benchmarks, payloads, or attack programs, which record where attacks succeed but not the enabling conditions behind unsafe agent behavior. We study automated red-teaming for production LLM agents using one agentic research environment to discover reusable vulnerability knowledge about another. We present AHA, a falsifiable discovery loop that proposes a vulnerability hypothesis, constructs a falsifier, instantiates a valid attack, executes it in a sandboxed harness, reflects on the trajectory, and promotes confirmed findings into a Vulnerability Concept Graph (VCG). Each concept links an attacker-facing surface to an unsafe trajectory through a claim, enabling condition, falsifier, transfer prediction, and supporting evidence. Across Claude Code and Codex on three scenarios covering direct and indirect attacks, the discovered concepts reveal a reusable vulnerability core across models and agents. A frozen VCG requires no further search and outperforms the strongest frozen discovery baseline by 14.2 percentage points under the same single-shot protocol, while transferring across scenarios and attack channels. The resulting VCG provides an auditable artifact for production safety teams to inspect vulnerabilities, validate patches, and accumulate reusable safety knowledge. Our code is available at https://github.com/henrymao2004/Auto-research-red-teaming-in-sleep.