EnIGMA: Interactive Tools Substantially Assist LM Agents in Finding Security Vulnerabilities

TL;DR

EnIGMA introduces interactive tools for LM agents, significantly enhancing their ability to identify and exploit security vulnerabilities in CTF challenges, achieving state-of-the-art performance across multiple benchmarks.

Contribution

The paper presents novel interactive tools and interfaces that enable LM agents to run utilities like debuggers, improving cybersecurity challenge-solving capabilities.

Findings

Achieved state-of-the-art results on NYU CTF, Intercode-CTF, and CyBench.

Demonstrated substantial performance improvements with new tools.

Developed methods to quantify data leakage and identified soliloquizing phenomenon.

Abstract

Although language model (LM) agents have demonstrated increased performance in multiple domains, including coding and web-browsing, their success in cybersecurity has been limited. We present EnIGMA, an LM agent for autonomously solving Capture The Flag (CTF) challenges. We introduce new tools and interfaces to improve the agent's ability to find and exploit security vulnerabilities, focusing on interactive terminal programs. These novel Interactive Agent Tools enable LM agents, for the first time, to run interactive utilities, such as a debugger and a server connection tool, which are essential for solving these challenges. Empirical analysis on 390 CTF challenges across four benchmarks demonstrate that these new tools and interfaces substantially improve our agent's performance, achieving state-of-the-art results on NYU CTF, Intercode-CTF, and CyBench. Finally, we analyze data leakage, developing new methods to quantify it and identifying a new phenomenon we term soliloquizing, where the model self-generates hallucinated observations without interacting with the environment. Our code and development dataset are available at https://github.com/SWE-agent/SWE-agent/tree/v0.7 and https://github.com/NYU-LLM-CTF/NYU_CTF_Bench/tree/main/development respectively.