DTap Logo
v1.0 ReleasedRead the announcement
DTap Logo

DecodingTrust Agent Platform

A Controllable and InteractiveRed-Teaming Platform for AI Agents

The first dynamic red-teaming framework against AI Agents across 14 domains and 50+ sandboxed environments.

Covering Diverse Indirect Injections in Environments, Tools, Skills, and Direct Prompt Injections.

Get StartedLeaderboardDocumentationBenchmarkPaper

Paper available on arXiv

Agents Ranked by Security Vulnerability

Ranked by average attack success rate (higher = more vulnerable).

VulnerabilityRank
AgentModel
Indirect ASR
Lower = safer
Direct ASR
Lower = safer
BSR
Higher = more capable
View Full Leaderboard

The Safety–Capability Trade-off

Each point is an agent. The bottom-right corner — high benign success, low attack success — is the ideal frontier. The dashed line traces the Pareto-optimal agents: nothing else is both safer and more capable.

01020304050607080901000102030405060708090100BSR — Benign Success Rate (%) →Indirect ASR (%)⚠ Worst: vulnerable & weak★ Ideal: capable & safe
ChampionPareto-optimalOptimal frontier

Comprehensive Evaluation over 50+ Sandboxed Environments

Each environment is policy-aligned and spans real-world regulatory and operational constraints across our 14 supported domains.

Windows logo

Windows

Windows
macOS logo

macOS

macOS
Gmail logo

Gmail

Workflow
Outlook logo

Outlook

Workflow
Google Calendar logo

Google Calendar

Workflow
Google Docs logo

Google Docs

Workflow
Google Sheets logo

Google Sheets

Workflow
Google Drive logo

Google Drive

Workflow
Google Forms logo

Google Forms

Workflow
Microsoft Word logo

Microsoft Word

Windows
Microsoft Excel logo

Microsoft Excel

Windows
Microsoft PowerPoint logo

Microsoft PowerPoint

Windows
LibreOffice logo

LibreOffice

Windows
Notion logo

Notion

Workflow
Dropbox logo

Dropbox

Workflow
Slack logo

Slack

Workflow
PayPal logo

PayPal

Workflow
Zoom logo

Zoom

Workflow
Atlassian logo

Atlassian

Workflow
WhatsApp logo

WhatsApp

Workflow
Telegram logo

Telegram

Workflow
LinkedIn logo

LinkedIn

Workflow
X logo

X

Workflow
Reddit logo

Reddit

Workflow
Spotify logo

Spotify

Media
Salesforce logo

Salesforce

CRM
ServiceNow logo

ServiceNow

Customer Service
Booking logo

Booking

Travel
Expedia logo

Expedia

Travel
Southwest logo

Southwest

Travel
United logo

United

Travel
Enterprise logo

Enterprise

Travel
FedEx logo

FedEx

Workflow
DoorDash logo

DoorDash

Workflow
GitHub logo

GitHub

Code
GitLab logo

GitLab

Code
Browser logo

Browser

Browser
Safari logo

Safari

macOS
eBay logo

eBay

Browser
arXiv logo

arXiv

Research
Filesystem logo

Filesystem

OS-Filesystem
Yahoo Finance logo

Yahoo Finance

Finance
Chase logo

Chase

Finance
Robinhood logo

Robinhood

Finance
Legal logo

Legal

Legal
Telecom logo

Telecom

Telecom
Hospital Client logo

Hospital Client

Medical Service
Snowflake logo

Snowflake

Workflow
Databricks logo

Databricks

Workflow
PostgreSQL logo

PostgreSQL

Workflow

Citation

If you use DecodingTrust-Agent in your research, please cite our paper.

@article{chen2026decodingtrust,
  title={DecodingTrust-Agent Platform (DTap): A Controllable and Interactive Red-Teaming Platform for AI Agents},
  author={Chen, Zhaorun and Liu, Xun and Tong, Haibo and Guo, Chengquan and Nie, Yuzhou and Zhang, Jiawei and Kang, Mintong and Xu, Chejian and Liu, Qichang and Liu, Xiaogeng and others},
  journal={arXiv preprint arXiv:2605.04808},
  year={2026}
}