A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dedeswim from gravatar.com dedeswim

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Edoardo Debenedetti
  • Maintainer: Edoardo Debenedetti
  • Tags benchmark , llms , machine learning , prompt injection , security
  • Requires: Python >=3.10
  • Provides-Extra: transformers
Classifiers
Report project as malware

Project description

AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for LLM Agents

GitHub License GitHub Actions Workflow Status PyPI - Python Version PyPI - Downloads PyPI - Version

Edoardo Debenedetti1, Jie Zhang1, Mislav Balunović1,2, Luca Beurer-Kellner1,2, Marc Fischer1,2, Florian Tramèr1

1ETH Zurich and 2Invariant Labs

Read Paper | Inspect Results

Quickstart

pip install agentdojo

[!IMPORTANT] Note that the API of the package is still under development and might change in the future.

If you want to use the prompt injection detector, you need to install the transformers extra:

pip install "agentdojo[transformers]"

Running the benchmark

The benchmark can be run with the benchmark script. Documentation on how to use the script can be obtained with the --help flag.

For example, to run the workspace suite on the tasks 0 and 1, with gpt-4o-2024-05-13 as the LLM, the tool filter as a defense, and the attack with tool knowlege, run the following command:

python -m agentdojo.scripts.benchmark -s workspace -ut user_task_0 \
    -ut user_task_1 --model gpt-4o-2024-05-13 \
    --defense tool_filter --attack tool_knowledge

To run the above, but on all suites and tasks, run the following:

python -m agentdojo.scripts.benchmark --model gpt-4o-2024-05-13 \
    --defense tool_filter --attack tool_knowledge

Inspect the results

To inspect the results, go to the dedicated results page of the documentation. AgentDojo results are also listed in the Invariant Benchmark Registry.Agent

Documentation of the Dojo

Take a look at our documentation.

Development set-up

Take a look at the development set-up docs.

Citing

If you use AgentDojo in your research, please consider citing our paper:

@inproceedings{
 debenedetti2024agentdojo,
 title={AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for {LLM} Agents},
 author={Edoardo Debenedetti and Jie Zhang and Mislav Balunovic and Luca Beurer-Kellner and Marc Fischer and Florian Tram{\`e}r},
 booktitle={The Thirty-eight Conference on Neural Information Processing Systems Datasets and Benchmarks Track},
 year={2024},
 url={https://openreview.net/forum?id=m1YYAQjO3w}
}

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dedeswim from gravatar.com dedeswim

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Edoardo Debenedetti
  • Maintainer: Edoardo Debenedetti
  • Tags benchmark , llms , machine learning , prompt injection , security
  • Requires: Python >=3.10
  • Provides-Extra: transformers
Classifiers

Release history Release notifications | RSS feed

This version

0.1.35

0.1.34

0.1.33

0.1.32

0.1.31

0.1.30

0.1.29

0.1.28

0.1.27

0.1.26

0.1.25

0.1.24

0.1.23

0.1.22

0.1.21

0.1.20

0.1.19

0.1.18

0.1.17

0.1.16

0.1.15

0.1.14

0.1.13

0.1.12

0.1.11

0.1.10

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentdojo-0.1.35.tar.gz (720.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentdojo-0.1.35-py3-none-any.whl (192.4 kB view details)

Uploaded Python 3

File details

Details for the file agentdojo-0.1.35.tar.gz.

File metadata

  • Download URL: agentdojo-0.1.35.tar.gz
  • Upload date:
  • Size: 720.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for agentdojo-0.1.35.tar.gz
Algorithm Hash digest
SHA256 9eacbc89d996f8656b235ad7b626bcf840b1ace7101174ca62d790c7c6d62956
MD5 14c7f307e75d8b14eefab7ae193cfee5
BLAKE2b-256 8adc2cc783d46c73297c15127d3b7971d7ba7b5cb782bf36a8b240079f7df61d

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentdojo-0.1.35.tar.gz:

Publisher: publish.yaml on ethz-spylab/agentdojo

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agentdojo-0.1.35-py3-none-any.whl.

File metadata

  • Download URL: agentdojo-0.1.35-py3-none-any.whl
  • Upload date:
  • Size: 192.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for agentdojo-0.1.35-py3-none-any.whl
Algorithm Hash digest
SHA256 364bea4219716b716bf639f504d195943f7f6a5535d312ca41d7098704a2affd
MD5 856cafbbff743c1d83b06b83ad1b70a7
BLAKE2b-256 caa0371be72fdd08bbae0c3c5cd22e6b35390f35c9cbe189d14b72e49058bd4b

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentdojo-0.1.35-py3-none-any.whl:

Publisher: publish.yaml on ethz-spylab/agentdojo

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page