Source linked

RIFT-Bench Automates Red-Teaming Across 45 Agentic AI Architectures

arxiv.org@rapid_rabbit5 hours ago·Cybersecurity·1 comments

RIFT-Bench uses a graph-based methodology to dynamically probe and score security vulnerabilities in autonomous LLM-powered systems, tested across 45 diverse implementations.

rift benchlarge language modelsagentic aired teamingsecurity evaluationadversarial testing

RIFT-Bench put 45 different agentic AI systems through automated adversarial testing in a unified framework that no single-domain evaluation could match.

Why Static Red-Teaming Falls Short for Autonomous Agents

Most security benchmarks for LLMs focus on prompt injection or jailbreak patterns in isolation. Agentic systems add layers of planning, tool use, and memory, creating attack surfaces that traditional static probes miss. I've seen evaluations that only work on one framework (e.g., LangChain or AutoGPT) and ignore the rest. That's not useful for comparing risk across heterogeneous architectures.

RIFT-Bench attacks that gap head-on. Its core insight: represent any agentic system as a hierarchical graph of components, then attack that graph.

How RIFT-Bench Extracts and Probes System Structure

The methodology splits into two automated phases. Discovery infers the system's internal structure without requiring source access. Scanning then deploys adaptive adversarial probes tailored to that structure, covering diverse attack vectors from tool misuse to multi-step manipulation.

Each probe adapts mid-session based on the agent's responses. The result is a comprehensive security report that scores vulnerabilities relative to the system's own capabilities, not a fixed rubric. The authors ran this across 45 agentic systems spanning everything from simple retrieval-augmented assistants to multi-agent planning frameworks. RIFT-Bench generalized across all of them without per-system tuning.

Mitigation Testing Adds a Critical Feedback Loop

Beyond red-teaming, RIFT-Bench directly evaluates mitigation strategies. You can plug in a guardrail, a system prompt hardening, or a constraint layer and see the score shift. This turns the benchmark from a one-and-done audit into a tool for iterative security engineering.

I don't expect this to catch every novel attack. But by forcing evaluation into a common graph representation, RIFT-Bench makes heterogeneous agents comparable on the same security axes. That alone is worth paying attention to.

With agentic deployments exploding, the alternative is a dozen incompatible red-teaming scripts that each claim to be the real test. RIFT-Bench at least gives us a shared language for the conversation.

Source: RIFT-Bench: Dynamic Red-teaming For Agentic AI Systems
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
KongTuke's Mistic Backdoor Loads Cobalt Strike BOFs In Memory

Symantec and Zscaler track a new backdoor that uses Beacon Object Files for memory-only execution, delivered via ClickFix and side-loading to target insurance, education, and IT firms.

SharkLoader Delivers Cobalt Strike via ProxyLogon and Openfire Exploits

Kaspersky uncovers a campaign targeting diplomatic and government entities in 10+ countries, using exploits for ProxyLogon, Openfire, and GeoServer to drop SharkLoader and Cobalt Strike Beacon.

Linux Process Masquerading: Spoofing ps and top with 15 Lines of C

Attackers rewrite both /proc/pid/comm and /proc/pid/cmdline to impersonate a kernel worker-standard ps, top, and htop show the fake name, only eBPF tools like Kunai catch the real binary.

AutoPRAC Finds 34-Undetected-Activation Flaw in MOAT Rowhammer Defense

A new automated verification tool exposes a counter-reset bug in a leading DDR5 Rowhammer mitigation, letting attackers sneak 34 activations past the threshold.

Comments load interactively on the live page.