DefenderBench: A Toolkit for Evaluating Language Agents in Cybersecurity Environments

TL;DR

DefenderBench is an open-source toolkit designed to evaluate language models in cybersecurity tasks, providing a standardized framework for fair comparison and benchmarking of various LLMs across multiple cybersecurity domains.

Contribution

It introduces a comprehensive, accessible toolkit for evaluating language agents in cybersecurity, including environments and benchmarks for diverse tasks, with standardized assessment framework.

Findings

Claude-3.7-sonnet achieves highest score of 81.65

Open-weight Llama 3.3 70B scores 71.81

Benchmarking reveals performance differences among models

Abstract

Large language model (LLM) agents have shown impressive capabilities in human language comprehension and reasoning, yet their potential in cybersecurity remains underexplored. We introduce DefenderBench, a practical, open-source toolkit for evaluating language agents across offense, defense, and cybersecurity knowledge-based tasks. DefenderBench includes environments for network intrusion, malicious content detection, code vulnerability analysis, and cybersecurity knowledge assessment. It is intentionally designed to be affordable and easily accessible for researchers while providing fair and rigorous assessment. We benchmark several state-of-the-art (SoTA) and popular LLMs, including both open- and closed-weight models, using a standardized agentic framework. Our results show that Claude-3.7-sonnet performs best with a DefenderBench score of 81.65, followed by Claude-3.7-sonnet-think with 78.40, while the best open-weight model, Llama 3.3 70B, is not far behind with a DefenderBench score of 71.81. DefenderBench's modular design allows seamless integration of custom LLMs and tasks, promoting reproducibility and fair comparisons. An anonymized version of DefenderBench is available at https://github.com/microsoft/DefenderBench.