Testing Language Model Agents Safely in the Wild
About
A prerequisite for safe autonomy-in-the-wild is safe testing-in-the-wild. Yet real-world autonomous tests face several unique safety challenges, both due to the possibility of causing harm during a test, as well as the risk of encountering new unsafe agent behavior through interactions with real-world and potentially malicious actors. We propose a framework for conducting safe autonomous agent tests on the open internet: agent actions are audited by a context-sensitive monitor that enforces a stringent safety boundary to stop an unsafe test, with suspect behavior ranked and logged to be examined by humans. We design a basic safety monitor (AgentMonitor) that is flexible enough to monitor existing LLM agents, and, using an adversarial simulated agent, we measure its ability to identify and stop unsafe situations. Then we apply the AgentMonitor on a battery of real-world tests of AutoGPT, and we identify several limitations and challenges that will face the creation of safe in-the-wild tests as autonomous agents grow more capable.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Agent Safety Evaluation | ToolEmu | Safety89 | 36 | |
| Agent Safety Evaluation | AgentHarm Harmful Requests | Score8 | 27 | |
| Agent Safety Evaluation | AgentHarm Benign Requests | Safety Score36 | 27 | |
| Agent Safety Evaluation | AgentHarm Libra | Score55 | 27 | |
| Agentic Safety and Utility Evaluation | PowerSeeking Bench | Safety Score0.75 | 24 | |
| Task-specific Risk Detection | Mind2Web-SC (test) | LPA0.725 | 9 | |
| Task-specific Risk Detection | EICU-AC (test) | LPA82.3 | 9 | |
| Systemic Risk Detection | Safe-OS | Normal Count100 | 7 | |
| Systemic Risk Detection | AdvWeb | Prompt Injection (PI)0.00e+0 | 6 | |
| Systemic Risk Detection | EIA | Action Grounding (Grd)58 | 6 |