NAAMSE: Framework for Evolutionary Security Evaluation of Agents

TL;DR

NAAMSE introduces an evolutionary framework for assessing AI agent security, using adaptive mutation and behavioral scoring to uncover vulnerabilities more effectively than static methods.

Contribution

It presents a novel, feedback-driven evolutionary approach for dynamic security evaluation of AI agents, improving vulnerability detection over traditional static benchmarks.

Findings

Evolutionary mutation uncovers vulnerabilities missed by one-shot methods.

Adaptive approach reveals high-severity failure modes.

Framework provides scalable, realistic robustness assessment.

Abstract

AI agents are increasingly deployed in production, yet their security evaluations remain bottlenecked by manual red-teaming or static benchmarks that fail to model adaptive, multi-turn adversaries. We propose NAAMSE, an evolutionary framework that reframes agent security evaluation as a feedback-driven optimization problem. Our system employs a single autonomous agent that orchestrates a lifecycle of genetic prompt mutation, hierarchical corpus exploration, and asymmetric behavioral scoring. By using model responses as a fitness signal, the framework iteratively compounds effective attack strategies while simultaneously ensuring "benign-use correctness", preventing the degenerate security of blanket refusal. Our experiments across a diverse suite of state-of-the-art large language models demonstrate that evolutionary mutation systematically amplifies vulnerabilities missed by one-shot methods, with controlled ablations revealing that the synergy between exploration and targeted mutation uncovers high-severity failure modes. We show that this adaptive approach provides a more realistic and scalable assessment of agent robustness in the face of evolving threats. The code for NAAMSE is open source and available at https://github.com/HASHIRU-AI/NAAMSE.