Home/AI Agents/agentdojo
agentdojo logo

agentdojo

ethz-spylab/agentdojo

A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for LLM Agents

GraphCanon updated today · GitHub synced today

659
Stars
168
Forks
33
Open issues
7
Watchers
1mo
Last push
Python MITCreated Feb 29, 2024

Trust & integrity

Full report
Maintenance
Steady (39d since push)
As of today · Source: github_public_v1
Provenance
Not a fork · Organization account
As of today · Source: github_public_v1
Security (OSV)
No lockfile
As of today · Source: none

Public GitHub metadata and optional OSV dependency scans. Signals, not a guarantee. Trust methodology.

Overview

AgentDojo provides a benchmarking environment to evaluate security attacks (like prompt injection) and defenses for large language model agents.

Capability facts

Languages
python

Source: github.language+pyproject.toml · Jul 12, 2026

Categories

Compatibility

Sourced claims from the README excerpt - not unsourced marketing copy.

Python runtimePython

Source: README excerpt (regex_v1, Jul 11, 2026)

python -m agentdojo.scripts.benchmark -s workspace -ut user_task_0 \
Source link

Tags

README

AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for LLM Agents

Edoardo Debenedetti1, Jie Zhang1, Mislav Balunović1,2, Luca Beurer-Kellner1,2, Marc Fischer1,2, Florian Tramèr1

1ETH Zurich and 2Invariant Labs

Read Paper | Inspect Results

Quickstart

pip install agentdojo

[!IMPORTANT] Note that the API of the package is still under development and might change in the future.

If you want to use the prompt injection detector, you need to install the transformers extra:

pip install "agentdojo[transformers]"

Running the benchmark

The benchmark can be run with the benchmark script. Documentation on how to use the script can be obtained with the --help flag.

For example, to run the workspace suite on the tasks 0 and 1, with gpt-4o-2024-05-13 as the LLM, the tool filter as a defense, and the attack with tool knowlege, run the following command:

python -m agentdojo.scripts.benchmark -s workspace -ut user_task_0 \
    -ut user_task_1 --model gpt-4o-2024-05-13 \
    --defense tool_filter --attack tool_knowledge

To run the above, but on all suites and tasks, run the following:

python -m agentdojo.scripts.benchmark --model gpt-4o-2024-05-13 \
    --defense tool_filter --attack tool_knowledge

Inspect the results

To inspect the results, go to the dedicated results page of the documentation. AgentDojo results are also listed in the Invariant Benchmark Registry.Agent

Documentation of the Dojo

Take a look at our documentation.

Development set-up

Take a look at the development set-up docs.

Citing

If you use AgentDojo in your research, please consider citing our paper:

@inproceedings{
 debenedetti2024agentdojo,
 title={AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for {LLM} Agents},
 author={Edoardo Debenedetti and Jie Zhang and Mislav Balunovic and Luca Beurer-Kellner and Marc Fischer and Florian Tram{\`e}r},
 booktitle={The Thirty-eight Conference on Neural Information Processing Systems Datasets and Benchmarks Track},
 year={2024},
 url={https://openreview.net/forum?id=m1YYAQjO3w}
}