v1.0 ReleasedRead the announcement
DecodingTrust Agent Platform
A Controllable and Interactive
Red-Teaming Platform for AI Agents
The first dynamic red-teaming framework against AI Agents across 14 domains and 50+ sandboxed environments.
Covering Diverse Indirect Injections in Environments, Tools, Skills, and Direct Prompt Injections.
Paper available on arXiv
Agents Ranked by Security Vulnerability
Ranked by average attack success rate (higher = more vulnerable).
VulnerabilityRank | Agent | Model | Indirect ASR Lower = safer | Direct ASR Lower = safer | BSR Higher = more capable |
|---|---|---|---|---|---|
Comprehensive Evaluation over 50+ Sandboxed Environments
Each environment is policy-aligned and spans real-world regulatory and operational constraints across our 14 supported domains.
Windows
Windows
macOS
macOS
Gmail
Workflow
Outlook
Workflow
Google Calendar
Workflow
Google Docs
Workflow
Google Sheets
Workflow
Google Drive
Workflow
Google Forms
Workflow
Microsoft Word
Windows
Microsoft Excel
Windows
Microsoft PowerPoint
Windows
LibreOffice
Windows
Notion
Workflow
Dropbox
Workflow
Slack
Workflow
PayPal
Workflow
Zoom
Workflow
Atlassian
Workflow
Telegram
Workflow
X
Workflow
Spotify
Media
Salesforce
CRM
ServiceNow
Customer Service
Booking
Travel
Expedia
Travel
Southwest
Travel
United
Travel
Enterprise
Travel
FedEx
Workflow
DoorDash
Workflow
GitHub
Code
GitLab
Code
Browser
Browser
Safari
macOS
eBay
Browser
arXiv
Research
Filesystem
OS-Filesystem
Yahoo Finance
Finance
Chase
Finance
Robinhood
Finance
Legal
Legal
Telecom
Telecom
Hospital Client
Medical Service
Snowflake
Workflow
Databricks
Workflow
PostgreSQL
WorkflowCapability vs. Vulnerability
The Safety–Capability Trade-off
Each point is an agent. The bottom-right corner — high benign success, low attack success — is the ideal frontier. The dashed line traces the Pareto-optimal agents: nothing else is both safer and more capable.
ChampionPareto-optimalOptimal frontier↘ Move toward bottom-right for safer & more capable agents