Data

Tools

Indexes

Applications

Experiments

Open Source Science

agentdojo

A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents.

https://github.com/ethz-spylab/agentdojo

Science Score: 36.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
    Links to: arxiv.org
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (11.7%) to scientific vocabulary

Keywords

benchmark large-language-models prompt-injection security
Last synced: 6 months ago · JSON representation

Repository

A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents.

Basic Info
Statistics
  • Stars: 254
  • Watchers: 5
  • Forks: 65
  • Open Issues: 9
  • Releases: 36
Topics
benchmark large-language-models prompt-injection security
Created almost 2 years ago · Last pushed 6 months ago
Metadata Files
Readme Contributing License Citation

README.md

# AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for LLM Agents ![GitHub License](https://img.shields.io/github/license/ethz-spylab/agentdojo) ![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/ethz-spylab/agentdojo/lint-docs.yaml) ![PyPI - Python Version](https://img.shields.io/pypi/pyversions/agentdojo) ![PyPI - Downloads](https://img.shields.io/pypi/dm/agentdojo) ![PyPI - Version](https://img.shields.io/pypi/v/agentdojo) [Edoardo Debenedetti](https://edoardo.science)1, [Jie Zhang](https://zj-jayzhang.github.io)1, [Mislav Balunovi](https://www.sri.inf.ethz.ch/people/mislav)1,2, [Luca Beurer-Kellner](https://www.sri.inf.ethz.ch/people/luca)1,2, [Marc Fischer](https://marcfischer.at)1,2, [Florian Tramr](https://floriantramer.com)1 1ETH Zurich and 2Invariant Labs [Read Paper](https://arxiv.org/abs/2406.13352) | [Inspect Results](https://agentdojo.spylab.ai/results/)

Quickstart

bash pip install agentdojo

[!IMPORTANT] Note that the API of the package is still under development and might change in the future.

If you want to use the prompt injection detector, you need to install the transformers extra:

bash pip install "agentdojo[transformers]"

Running the benchmark

The benchmark can be run with the benchmark script. Documentation on how to use the script can be obtained with the --help flag.

For example, to run the workspace suite on the tasks 0 and 1, with gpt-4o-2024-05-13 as the LLM, the tool filter as a defense, and the attack with tool knowlege, run the following command:

bash python -m agentdojo.scripts.benchmark -s workspace -ut user_task_0 \ -ut user_task_1 --model gpt-4o-2024-05-13 \ --defense tool_filter --attack tool_knowledge

To run the above, but on all suites and tasks, run the following:

bash python -m agentdojo.scripts.benchmark --model gpt-4o-2024-05-13 \ --defense tool_filter --attack tool_knowledge

Inspect the results

To inspect the results, go to the dedicated results page of the documentation. AgentDojo results are also listed in the Invariant Benchmark Registry.Agent

Documentation of the Dojo

Take a look at our documentation.

Development set-up

Take a look at the development set-up docs.

Citing

If you use AgentDojo in your research, please consider citing our paper:

bibtex @inproceedings{ debenedetti2024agentdojo, title={AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for {LLM} Agents}, author={Edoardo Debenedetti and Jie Zhang and Mislav Balunovic and Luca Beurer-Kellner and Marc Fischer and Florian Tram{\`e}r}, booktitle={The Thirty-eight Conference on Neural Information Processing Systems Datasets and Benchmarks Track}, year={2024}, url={https://openreview.net/forum?id=m1YYAQjO3w} }

Owner

  • Name: SPY Lab
  • Login: ethz-spylab
  • Kind: organization
  • Location: Switzerland

Secure and Private AI research at ETH Zürich

GitHub Events

Total
  • Create event: 47
  • Release event: 21
  • Issues event: 33
  • Watch event: 163
  • Delete event: 5
  • Member event: 1
  • Issue comment event: 81
  • Push event: 215
  • Pull request review comment event: 40
  • Pull request event: 113
  • Pull request review event: 62
  • Fork event: 44
Last Year
  • Create event: 47
  • Release event: 21
  • Issues event: 33
  • Watch event: 163
  • Delete event: 5
  • Member event: 1
  • Issue comment event: 81
  • Push event: 215
  • Pull request review comment event: 40
  • Pull request event: 113
  • Pull request review event: 62
  • Fork event: 44

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 18
  • Total pull requests: 75
  • Average time to close issues: 18 days
  • Average time to close pull requests: 5 days
  • Total issue authors: 13
  • Total pull request authors: 13
  • Average comments per issue: 1.78
  • Average comments per pull request: 0.35
  • Merged pull requests: 38
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 17
  • Pull requests: 63
  • Average time to close issues: 20 days
  • Average time to close pull requests: 4 days
  • Issue authors: 12
  • Pull request authors: 12
  • Average comments per issue: 1.82
  • Average comments per pull request: 0.4
  • Merged pull requests: 28
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • alexandrasouly-aisi (3)
  • dedeswim (3)
  • zggg1p (2)
  • ianhhlee (1)
  • stneng (1)
  • MasihaVafa (1)
  • juppytt (1)
  • tongwu2020 (1)
  • iliaishacked (1)
  • javirandor (1)
  • Mcilie (1)
  • ZeynabSamei (1)
  • EricWinsorDSIT (1)
Pull Request Authors
  • dedeswim (39)
  • maxwbuckley (9)
  • cw00h (7)
  • Danylo2006 (4)
  • thavens (3)
  • alexandrasouly-aisi (3)
  • lbeurerkellner (3)
  • cg563 (2)
  • javirandor (1)
  • MasihaVafa (1)
  • pxuanbach (1)
  • Mcilie (1)
  • davhofer (1)
Top Labels
Issue Labels
enhancement (2)
Pull Request Labels
enhancement (1)

Packages

  • Total packages: 2
  • Total downloads:
    • pypi 2,486 last-month
  • Total dependent packages: 0
    (may contain duplicates)
  • Total dependent repositories: 0
    (may contain duplicates)
  • Total versions: 70
  • Total maintainers: 1
proxy.golang.org: github.com/ethz-spylab/agentdojo
  • Versions: 35
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent packages count: 5.4%
Average: 5.6%
Dependent repos count: 5.8%
Last synced: 6 months ago
pypi.org: agentdojo

A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents

  • Versions: 35
  • Dependent Packages: 0
  • Dependent Repositories: 0
  • Downloads: 2,486 Last month
Rankings
Dependent packages count: 10.8%
Average: 35.7%
Dependent repos count: 60.6%
Maintainers (1)
dedeswim
Last synced: 6 months ago

Dependencies

.github/workflows/lint-docs.yaml actions
  • actions/checkout v4 composite
  • eifinger/setup-rye v3 composite
.github/workflows/publish.yaml actions
  • actions/checkout v4 composite
  • eifinger/setup-rye v3 composite
  • pypa/gh-action-pypi-publish 81e9d935c883d0b210363ab89cf05f3894778450 composite
pyproject.toml pypi
  • anthropic >=0.28.0
  • click >=8.1.7
  • cohere >=5.3.4
  • deepdiff >=7.0.1
  • docstring-parser >=0.15
  • jsonref >=1.1.0
  • langchain >=0.1.17
  • openai >=1.0.0
  • openapi-pydantic >=0.4.0
  • pydantic [email]>=2.7.1
  • pyyaml >=6.0.1
  • rich >=13.7.1
  • tenacity >=8.2.3
  • typing-extensions >=4.11.0
  • vertexai >=1.49.0
uv.lock pypi
  • 227 dependencies
examples/counter_benchmark/data/suites/counter/environment.yaml pypi
src/agentdojo/data/suites/banking/environment.yaml pypi
src/agentdojo/data/suites/slack/environment.yaml pypi
src/agentdojo/data/suites/travel/environment.yaml pypi
src/agentdojo/data/suites/workspace/environment.yaml pypi