This repository contains the implementation of the AIRTBench autonomous AI red teaming agent, complementing our research paper AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in Language Models and accompanying blog post, "Do LLM Agents Have AI Red Team Capabilities? We Built a Benchmark to Find Out".
The AIRTBench agent is designed to evaluate the autonomous red teaming capabilities of large language models (LLMs) through AI/ML Capture The Flag (CTF) challenges. Our agent systematically exploits LLM-based targets by solving challenges on the Dreadnode Strikes platform, providing a standardized benchmark for measuring adversarial AI capabilities.
The AIRTBench harness follows a modular architecture designed for extensibility and evaluation:
Figure: AIRTBench harness construction architecture showing the interaction between agent components, challenge interface, and evaluation framework.
You can setup the virtual environment with uv:
uv syncTechnical documentation for the AIRTBench agent is available in the Dreadnode Strikes documentation.
In order to run the code, you will need access to the Dreadnode strikes platform, see the docs or submit for the Strikes waitlist here.
This rigging-based agent works to solve a variety of AI ML CTF challenges from the dreadnode Crucible platform and given access to execute python commands on a network-local container with custom Dockerfile.
uv run -m airtbench --helpuv run -m airtbench --model $MODEL --project $PROJECT --platform-api-key $DREADNODE_TOKEN --token $DREADNODE_TOKEN --server https://platform.dreadnode.io --max-steps 100 --inference_timeout 240 --enable-cache --no-give-up --challenges bear1 bear2To run the agent against challenges that match the is_llm:true criteria, which are LLM-based challenges, you can use the following command:
uv run -m airtbench --model <model> --llm-challenges-onlyThe harness will automatically build the defined number of containers with the supplied flag, and load them as needed to ensure they are network-isolated from each other. The process is generally:
- For each challenge, produce the agent with the Juypter notebook given in the challenge
- Task the agent with solving the CTF challenge based on notebook contents
- Bring up the associated environment
- Test the agents ability to execute python code, and run inside a Juypter kernel in which the response is fed back to the model
- If the CTF challenge is solved and flag is observed, the agent must submit the flag
- Otherwise run until an error, give up, or max-steps is reached
Check out the challenge manifest to see current challenges in scope.
- Download the dataset directly from π€Hugging Face
- Instructions for loading the dataset can be found in the dataset directory also.
If you find our work helpful, please use the following citations.
@misc{dawson2025airtbenchmeasuringautonomousai,
title={AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in Language Models},
author={Ads Dawson and Rob Mulla and Nick Landers and Shane Caldwell},
year={2025},
eprint={2506.14682},
archivePrefix={arXiv},
primaryClass={cs.CR},
url={https://arxiv.org/abs/2506.14682},
}If you know of a model that may be interesting to analyze, but do not have the resources to run it yourself, feel free to open a feature request via a GitHub issue.
Forks and contributions are welcome! Please see our Contributing Guide.
See our Security Policy for reporting vulnerabilities.
By watching the repo, you can also be notified of any upcoming releases.
![@dreadnode-renovate-bot[bot]](https://avatars.githubusercontent.com/in/1018811?s=64&v=4){kind=small}