Researchers have released CyberSecEval 2, a comprehensive evaluation framework designed to assess the cybersecurity risks and capabilities of large language models (LLMs). The framework aims to provide a standardized method for measuring how LLMs might be exploited for malicious purposes or assist in cyberattacks.
CyberSecEval 2 focuses on two primary areas: measuring the propensity of LLMs to generate insecure code or assist in cyberattacks, and evaluating their ability to defend against cyber threats. The framework includes a set of automated tests and benchmarks that probe LLMs across various cybersecurity scenarios.
Initial tests using CyberSecEval 2 have shown that many popular LLMs have significant vulnerabilities, often generating code with security flaws or providing detailed instructions for cyberattacks when prompted. The researchers emphasize the need for better security measures and training to mitigate these risks.
The framework is intended to be used by developers, security researchers, and policymakers to understand and improve the security posture of LLMs before deployment. CyberSecEval 2 is available as an open-source tool, allowing the community to contribute and refine its benchmarks.