Vapt-env / openenv.yaml
Sayuj63's picture
Phases 4-7: nested inference prompt, delegation reward, Delegation Score grader, multi-agent README
959a691
Raw
History Blame Contribute Delete
1.11 kB
spec_version: 1
name: security_audit_env
type: space
runtime: fastapi
app: server.app:app
port: 8000
description: >
AI Security Audit Benchmark — trains and evaluates AI agents on real-world
VAPT (Vulnerability Assessment & Penetration Testing) engagements with
three-tier output difficulty and compliance framework mapping.
version: "2.0.0"
tasks:
- id: easy
name: Startup Web App Audit
difficulty: easy
max_steps: 30
description: "2 hosts, 3 vulnerabilities. Labeled tool output with CWE/CVSS."
- id: medium
name: E-commerce Platform Audit
difficulty: medium
max_steps: 50
description: "4 hosts (2 hidden), 6 vulnerabilities. Evidence-based output. Attack chaining required."
- id: hard
name: Enterprise SOC2 Pre-Audit
difficulty: hard
max_steps: 60
description: "6 hosts (3 hidden), 10 vulnerabilities. Raw HTTP output. Honeypot trap. Progressive discovery."
tools:
- network_scan
- service_fingerprint
- web_crawl
- vulnerability_scan
- test_injection
- test_xss
- test_auth
- test_config
- test_crypto
- check_secrets