DefenderBench: A Toolkit for Evaluating Language Agents in Cybersecurity Environments
This provides a practical, open-source toolkit for researchers to evaluate language agents in cybersecurity, though it is incremental as it focuses on benchmarking existing models rather than proposing new methods.
The paper tackles the underexplored potential of large language model agents in cybersecurity by introducing DefenderBench, a toolkit for evaluating them across offense, defense, and knowledge-based tasks, with results showing Claude-3.7-sonnet achieving a DefenderBench score of 81.65 as the best performer.
Large language model (LLM) agents have shown impressive capabilities in human language comprehension and reasoning, yet their potential in cybersecurity remains underexplored. We introduce DefenderBench, a practical, open-source toolkit for evaluating language agents across offense, defense, and cybersecurity knowledge-based tasks. DefenderBench includes environments for network intrusion, malicious content detection, code vulnerability analysis, and cybersecurity knowledge assessment. It is intentionally designed to be affordable and easily accessible for researchers while providing fair and rigorous assessment. We benchmark several state-of-the-art (SoTA) and popular LLMs, including both open- and closed-weight models, using a standardized agentic framework. Our results show that Claude-3.7-sonnet performs best with a DefenderBench score of 81.65, followed by Claude-3.7-sonnet-think with 78.40, while the best open-weight model, Llama 3.3 70B, is not far behind with a DefenderBench score of 71.81. DefenderBench's modular design allows seamless integration of custom LLMs and tasks, promoting reproducibility and fair comparisons. An anonymized version of DefenderBench is available at https://github.com/microsoft/DefenderBench.