1Password open sources a benchmark to stop AI agents from leaking credentials - Help Net Security
1Password released the open-source SCAM benchmark to test if AI agents safely handle credentials during real-world workflows.Summary
1Password has open-sourced a new benchmark called the Security Comprehension and Awareness Measure (SCAM) to evaluate whether autonomous AI agents behave safely when performing routine work tasks that involve accessing sensitive information.
The SCAM benchmark simulates workplace scenarios, embedding traps like phishing links and sensitive credentials hidden in documents. When tested, every model committed critical failures, such as entering credentials into fake login pages, with scores ranging from 35% to 92% across eight models.
However, when given a short security skill document, all models improved significantly, with several achieving zero critical failures. This suggests that basic security guidance can substantially mitigate risks, although one scenario involving forwarding notes with embedded credentials remained a major risk for several models even after guidance.
(Source:Help Net Security)