RAS-Eval: A Comprehensive Benchmark for Security Evaluation of LLM Agents in Real-World Environments
This addresses security risks for LLM agent deployments in critical domains like healthcare and finance, providing a foundational framework for future research, though it is incremental as it builds on existing evaluation methods.
The paper tackles the lack of standardized security benchmarks for LLM agents in real-world environments by introducing RAS-Eval, a comprehensive benchmark with 80 test cases and 3,802 attack tasks, and finds that attacks reduce agent task completion rates by 36.78% on average with an 85.65% success rate in academic settings.
The rapid deployment of Large language model (LLM) agents in critical domains like healthcare and finance necessitates robust security frameworks. To address the absence of standardized evaluation benchmarks for these agents in dynamic environments, we introduce RAS-Eval, a comprehensive security benchmark supporting both simulated and real-world tool execution. RAS-Eval comprises 80 test cases and 3,802 attack tasks mapped to 11 Common Weakness Enumeration (CWE) categories, with tools implemented in JSON, LangGraph, and Model Context Protocol (MCP) formats. We evaluate 6 state-of-the-art LLMs across diverse scenarios, revealing significant vulnerabilities: attacks reduced agent task completion rates (TCR) by 36.78% on average and achieved an 85.65% success rate in academic settings. Notably, scaling laws held for security capabilities, with larger models outperforming smaller counterparts. Our findings expose critical risks in real-world agent deployments and provide a foundational framework for future security research. Code and data are available at https://github.com/lanzer-tree/RAS-Eval.