All Articles

As frontier models become increasingly more capable, the need to ensure security upon deployment grows. Pattern Labs is proud to share that we played a significant role in assessing OpenAI's o3 and o4-mini's cybersecurity capabilities through a comprehensive evaluation, as referenced in the models’ System Card.

On the talk "Hey AI, how many "r" in "buffer overflow"? we discuss how AI models can excel at certain security tasks while surprisingly failing at seemingly simple tasks, and on Hack like a robot: Journey into the logic of LLM-based vulnerability hunters." we explore what happens when LLMs tackle vulnerability discovery, examining their successes, spectacular failures, and surprising insights.

In today's rapidly evolving AI landscape, understanding and precisely evaluating the capabilities of advanced AI systems has become a critical security concern. Even though different benchmarks are constantly being developed and published, a significant challenge lies in converting raw evaluation results into meaningful capability levels of AI systems, as part of a greater risk evaluation system. This blog post presents a specific framework to translate those evaluation results into capability levels enabling the assessment of risk levels for AI models.

Following our series of blog posts about “Best Practices for Evaluations and Evaluation Suites”, this blog post introduces our existing state-of-the-art Evaluation Platform. Our platform is already actively deployed and is assisting multiple top frontier labs to measure the risks associated with AI systems through cutting-edge empirical testing. In this post, we highlight our security evaluations, one of the facets of our platform.

Pattern Labs participated in the security evaluation of Anthropic's Claude 3.7 Sonnet model using our state-of-the-art cyber evaluation suite. It also utilized the SOLVE scoring system we recently introduced. Our real-world attack simulations tested capabilities across the entire cyber kill chain, helping responsible development of this frontier AI model.

Modern AI systems possess significant capabilities across various domains. In cybersecurity, these systems can perform complex tasks such as vulnerability research, log analysis, and security architecture design. Many of these capabilities are inherently dual-use: they can be employed both defensively to protect systems and offensively to cause harm. This dual-use nature creates a significant challenge for AI system providers and policy makers.

Pattern Labs CEO Dan Lahav co-delivered the keynote "The AI Security Landscape" with Sella Nevo (RAND) at the Paris AI Security Forum ‘25, a satellite event of the Paris AI Action Summit. The forum also featured Yoshua Bengio (Turing Award winner), David 'davidad' Dalrymple (ARIA), and Xander Davies (AISI), and many others, to accelerate both our understanding of the critical importance and practical approaches to securing frontier AI models.

We introduce a new scoring system for assessing the difficulty of a vulnerability discovery & exploit development challenge. The scoring system described here is a framework for making a judgement about how complicated it is to discover vulnerabilities and develop working exploits for them within an end-to-end challenge.

Pattern Labs researchers' paper "What Makes an Evaluation Useful? Key Guidelines and Best Practices" was accepted to the conference on Frontier AI Safety Frameworks. This paper synthesizes and updates parts of the blog posts series we published in the autumn of 2024 and is published in the conference proceedings. Our researchers also took part in the conference workshop, discussing the most pressing challenges in designing and implementing frontier AI safety frameworks.

This is the third and final part in our series outlining the best practices for the design and creation of evaluations and evaluation suites.

This is the second part in our series outlining the best practices for the design and creation of evaluations and evaluation suites.

We believe that quality evaluation suites are crucial for labs’ and governments’ policy making ability, both in the short and long term. While considerable academic research has been done on evaluating AI models, especially since the breakthrough in LLMs, we have seen comparatively little written about assessing the evaluations themselves.

At Pattern Labs, we’ve been focusing some of our efforts on evaluating the cybersecurity capabilities of frontier models. To do so, one of the first questions we tackled was how to define these capabilities in a meaningful and useful way. The following describes the taxonomy we are currently using internally, and while it is constantly evolving and a work in progress, we believe it is mature enough to be useful to others as well.

We're excited to share that Pattern Labs was covered in Forbes!

Yoni Rozenshein's BlueHat IL 2024 talk is about our philosophy for evaluating AI dangerous cyber capabilities, how we actually do it (let's make an LLM play CTF!), and who cares about it (governments and frontier AI labs).