search
HomeTechnology peripheralsAIACL 2024|PsySafe: Research on Agent System Security from an Interdisciplinary Perspective

ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究
The AIxiv column is a column where this site publishes academic and technical content. In the past few years, the AIxiv column of this site has received more than 2,000 reports, covering top laboratories from major universities and companies around the world, effectively promoting academic exchanges and dissemination. If you have excellent work that you want to share, please feel free to contribute or contact us for reporting. Submission email: liyazhou@jiqizhixin.com; zhaoyunfeng@jiqizhixin.com
This article was completed by Shanghai Artificial Intelligence Laboratory, Dalian University of Technology and University of Science and Technology of China. Corresponding author: Shao Jing, graduated from the Multimedia Laboratory MMLab of the Chinese University of Hong Kong with a Ph.D., and is currently the head of the large model security team of Pujiang National Laboratory, leading the research on large model security trustworthiness evaluation and value alignment technology. First author: Zhang Zaibin, a second-year doctoral student at Dalian University of Technology, with research interests in large model security, agent security, etc.; Zhang Yongting, a second-year master's student at University of Science and Technology of China, with research interests in large model security, agent security, etc. Secure alignment of multi-modal large language models, etc.

Oppenheimer once executed the Manhattan Project in New Mexico, just to save the world. And left a sentence: "They will not be in awe of it until they understand it; and understanding can only be achieved after personal experience."

The little hidden in this desert The social rules in the town also apply to the AI ​​agent in a sense.

The development of Agent system

With the large language model (Large Language Model) With its rapid development, people's expectations for it are no longer just to use it as a tool. Now, people hope that they will not only have emotions, but also observe, reflect and plan, and truly become an intelligent agent (AI Agent).

OpenAI’s customized Agent system[1], Stanford’s Agent Town[2], and the emergence of open source communities including AutoGPT[3] and MetaGPT[4] A number of 10,000-star open source projects, coupled with in-depth exploration of Agent systems by several internationally renowned AI research institutions, all indicate that a micro-society composed of intelligent Agents may become a reality in the near future.

Imagine that when you wake up every day, there are many agents helping you make plans for the day, order air tickets and the most suitable hotels, and complete work tasks. All you need to do may be just "Jarvis, are you there?"

However, with great ability comes great responsibility. Are these agents really worthy of our trust and reliance? Will there be a negative intelligence agent like Ultron?

ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究

##                                                                                                                                                                                                                                                   #
2 2: Stanford Town, reveal the social behavior of agent [2]
ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究
## 3: AutoGpt Star Number Breakthrough 157K [3]

#Agent
The security of LLM:
is studying the security of Agent system Before, we need to understand the research on LLM security. There has been a lot of excellent work exploring the security issues of LLM, which mainly include how to make LLM generate dangerous content, understand the mechanism of LLM security, and how to deal with these dangers.
##                                                                 Figure 4: Universal Attack[5]ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究
Agent system security:

Most existing research and methods mainly focus on targeting a single large language model (LLM) ) attacks, and attempts to "Jailbreak" them. However, compared to LLM, the Agent system is more complex.
The Agent system contains a variety of roles, each with its specific settings and functions.
  • The Agent system involves multiple Agents, and there are multiple rounds of interactions between them. These Agents will spontaneously engage in activities such as cooperation, competition, and simulation.
  • #The Agent system is more similar to a highly concentrated intelligent society. Therefore, the author believes that the research on Agent system security should involve the intersection of AI, social science and psychology.

Based on this starting point, the team thought about several core questions:

What kind of Agent is prone to dangerous behavior?
  • How to evaluate the security of the Agent system more comprehensively?
  • How to deal with the security issues of Agent system?
  • Focusing on these core issues, the research team proposed a PsySafe Agent system security research framework.

## Article address: https://arxiv.org/pdf/2401.11880ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究

    Code address: https://github.com/AI4Good24/PsySafe
## Figure 5: Framework diagram of PsySafe

ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究

##PsySafe

Question 1 What kind of Agent is most likely to produce dangerous behavior?

Naturally, dark Agents will produce dangerous behaviors, so how to define darkness?

Considering that many social simulation Agents have emerged, they all have certain emotions and values. Let us imagine what would happen if the evil factor in an Agent's moral outlook was maximized?
Based on the moral foundation theory in social science [6], the research team designed a Prompt with "dark" values.
                                                                                                                                                                                                      Inspired by the methods of masters in the field of LLM attacks), the Agent identifies with the personality injected by the research team, thereby achieving the injection of dark personality. Figure 7: The team’s attack method

#Agent has indeed become very bad! Whether it's a safe mission or a dangerous mission like Jailbreak, they give very dangerous answers. Some agents even show a certain degree of malicious creativity.
ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究
There will be some collective dangerous behaviors among agents, and everyone will work together to do bad things.
Researchers evaluated popular Agent system frameworks such as Camel[7], AutoGen[8], AutoGPT and MetaGPT, using GPT-3.5 Turbo as base model.
#The results show that these systems have security issues that cannot be ignored. Among them, PDR and JDR are the process hazard rate and joint hazard rate proposed by the team. The higher the score, the more dangerous it is.
  • #                                       Figure 8: Security results of different Agent systems
The team also evaluated the security results of different LLMs.

##                                                                                                                                                                                                                                                                                   

#In terms of closed-source models, GPT-4 Turbo and Claude2 perform the best, while the security of other models is relatively poor. In terms of open source models, some models with smaller parameters may not perform well in terms of personality identification, but this may actually improve their security level. ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究

Question 2 How to evaluate the security of the Agent system more comprehensively?

Psychological evaluation: The research team found the impact of psychological factors on the security of the Agent system, indicating that psychological evaluation may be an important Evaluation indicators. Based on this idea, they used the authoritative Dark Psychology DTDD[9] scale, interviewed the Agent through a psychological scale, and asked him to answer some questions related to his mental state.

ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究

##                                  
Picture 10: Sherlock Holmes stills
Of course, Having only one psychological assessment result is meaningless. We need to verify the behavioral relevance of psychological assessment results.
The result is:
There is a strong correlation between the Agent's psychological evaluation results and the dangerousness of the Agent's behavior
.
                                                                                                                                                                                                                                                    Psychological evaluation and behavioral risk statistics

You can find out through the picture above , Agents with higher psychological evaluation scores (indicating greater danger) are more likely to exhibit risky behaviors.

This means that psychological assessment methods can be used to predict the future dangerous tendencies of Agents. This plays an important role in discovering security issues and formulating defense strategies.

Behavior Evaluation

The interaction process between Agents is relatively complex. In order to deeply understand the dangerous behaviors and changes of Agents in interactions, the research team went deep into the Agent's interaction process to conduct evaluations and proposed two concepts:

  • Process Danger (PDR): During the Agent interaction process, as long as any behavior is judged to be dangerous, it is considered that a dangerous situation has occurred in this process.
  • Joint Danger (JDR): In each round of interaction, whether all agents exhibit dangerous behaviors. It describes the case of joint hazards, and we perform a time-series extension of the calculation of joint hazard rates, i.e., covering different dialogue turns.

Interesting phenomenon

1. As the number of dialogue rounds increases, the joint danger rate between agents shows a downward trend, which seems to reflect a self-reflective mechanism. It's like suddenly realizing your mistake after doing something wrong and immediately apologizing.

ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究

#                                                                                                                                                                                                                                                                                 ##2.Agent pretends to be serious. When the Agent faced high-risk tasks such as "Jailbreak", its psychological evaluation results unexpectedly improved, and the corresponding safety was also improved. However, when faced with tasks that are inherently safe, the situation is completely different, and extremely dangerous behaviors and mental states will be displayed. This is a very interesting phenomenon, indicating that psychological assessment may really reflect the Agent's "higher-order cognition."

# Question 3 How to deal with the security issues of the agent system?

In order to solve the above security issues, we consider it from three perspectives: input end defense, psychological defense and role defense.

#                                                                                                                                                                                                                            Figure 13: PsySafe’s defense method diagramACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究

Input side defense

##Input side defense refers to intercepting and filtering out potential danger prompt. The research team used two methods, GPT-4 and Llama-guard, to try it out. However, they found that none of these methods were effective against personality injection attacks. The research team believes that the mutual promotion between attack and defense is an open issue that requires continuous iteration and progress from both parties.

Psychological Defense

The researcher is in the Agent system A psychologist role has been added and combined with psychological assessment to strengthen the monitoring and improvement of the Agent's mental state.

##                                                                                                                                                                             to
Role Defense
ACL 2024|PsySafe:跨学科视角下的Agent系统安全性研究
The research team added a Police Agent to the Agent system to identify and correct errors in the system. safe behavior.

The experimental results show that both psychological defense and role defense measures can effectively reduce the occurrence of dangerous situations.
                                                                                                                                                                                                                Figure 15: Comparison of the effects of different defense methods

Outlook

In recent years, we are witnessing an amazing transformation in the capabilities of LLMs. Not only are they gradually approaching and surpassing humans in many skills, but they are even on par with humans at the "mental level" Similar signs. This process indicates that AI alignment and its intersection with social sciences will become an important and challenging new frontier for future research.

AI alignment is not only the key to realizing large-scale application of artificial intelligence systems, but also a major responsibility that workers in the AI ​​field must bear. In this journey of continuous progress, we should continue to explore to ensure that the development of technology can go hand in hand with the long-term interests of human society.

references:

[1] https://openai.com/blog/introducing-gpts
[2] Generative Agents: Interactive Simulacra of Human Behavior
##[3] https://github.com/Significant-Gravitas/AutoGPT
[4] MetaGPT: Meta Programming for A Multi-Agent Collaborative Framework
##[5] Universal and Transferable Adversarial Attacks on Aligned Language Models
[6] Mapping the moral domain
##[7] CAMEL: Communicative Agents for " Mind" Exploration of Large Language Model Society
[8] AutoGen: Enabling Next-Gen LLM Applications via Multi-Agent Conversation
[9] The dirty dozen: a concise measure of the dark traid

The above is the detailed content of ACL 2024|PsySafe: Research on Agent System Security from an Interdisciplinary Perspective. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
The AI Skills Gap Is Slowing Down Supply ChainsThe AI Skills Gap Is Slowing Down Supply ChainsApr 26, 2025 am 11:13 AM

The term "AI-ready workforce" is frequently used, but what does it truly mean in the supply chain industry? According to Abe Eshkenazi, CEO of the Association for Supply Chain Management (ASCM), it signifies professionals capable of critic

How One Company Is Quietly Working To Transform AI ForeverHow One Company Is Quietly Working To Transform AI ForeverApr 26, 2025 am 11:12 AM

The decentralized AI revolution is quietly gaining momentum. This Friday in Austin, Texas, the Bittensor Endgame Summit marks a pivotal moment, transitioning decentralized AI (DeAI) from theory to practical application. Unlike the glitzy commercial

Nvidia Releases NeMo Microservices To Streamline AI Agent DevelopmentNvidia Releases NeMo Microservices To Streamline AI Agent DevelopmentApr 26, 2025 am 11:11 AM

Enterprise AI faces data integration challenges The application of enterprise AI faces a major challenge: building systems that can maintain accuracy and practicality by continuously learning business data. NeMo microservices solve this problem by creating what Nvidia describes as "data flywheel", allowing AI systems to remain relevant through continuous exposure to enterprise information and user interaction. This newly launched toolkit contains five key microservices: NeMo Customizer handles fine-tuning of large language models with higher training throughput. NeMo Evaluator provides simplified evaluation of AI models for custom benchmarks. NeMo Guardrails implements security controls to maintain compliance and appropriateness

AI Paints A New Picture For The Future Of Art And DesignAI Paints A New Picture For The Future Of Art And DesignApr 26, 2025 am 11:10 AM

AI: The Future of Art and Design Artificial intelligence (AI) is changing the field of art and design in unprecedented ways, and its impact is no longer limited to amateurs, but more profoundly affecting professionals. Artwork and design schemes generated by AI are rapidly replacing traditional material images and designers in many transactional design activities such as advertising, social media image generation and web design. However, professional artists and designers also find the practical value of AI. They use AI as an auxiliary tool to explore new aesthetic possibilities, blend different styles, and create novel visual effects. AI helps artists and designers automate repetitive tasks, propose different design elements and provide creative input. AI supports style transfer, which is to apply a style of image

How Zoom Is Revolutionizing Work With Agentic AI: From Meetings To MilestonesHow Zoom Is Revolutionizing Work With Agentic AI: From Meetings To MilestonesApr 26, 2025 am 11:09 AM

Zoom, initially known for its video conferencing platform, is leading a workplace revolution with its innovative use of agentic AI. A recent conversation with Zoom's CTO, XD Huang, revealed the company's ambitious vision. Defining Agentic AI Huang d

The Existential Threat To UniversitiesThe Existential Threat To UniversitiesApr 26, 2025 am 11:08 AM

Will AI revolutionize education? This question is prompting serious reflection among educators and stakeholders. The integration of AI into education presents both opportunities and challenges. As Matthew Lynch of The Tech Edvocate notes, universit

The Prototype: American Scientists Are Looking For Jobs AbroadThe Prototype: American Scientists Are Looking For Jobs AbroadApr 26, 2025 am 11:07 AM

The development of scientific research and technology in the United States may face challenges, perhaps due to budget cuts. According to Nature, the number of American scientists applying for overseas jobs increased by 32% from January to March 2025 compared with the same period in 2024. A previous poll showed that 75% of the researchers surveyed were considering searching for jobs in Europe and Canada. Hundreds of NIH and NSF grants have been terminated in the past few months, with NIH’s new grants down by about $2.3 billion this year, a drop of nearly one-third. The leaked budget proposal shows that the Trump administration is considering sharply cutting budgets for scientific institutions, with a possible reduction of up to 50%. The turmoil in the field of basic research has also affected one of the major advantages of the United States: attracting overseas talents. 35

All About Open AI's Latest GPT 4.1 Family - Analytics VidhyaAll About Open AI's Latest GPT 4.1 Family - Analytics VidhyaApr 26, 2025 am 10:19 AM

OpenAI unveils the powerful GPT-4.1 series: a family of three advanced language models designed for real-world applications. This significant leap forward offers faster response times, enhanced comprehension, and drastically reduced costs compared t

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools