AgentThreatBench: Benchmark to evaluate guardrail effectiveness against OWASP agentic threats (ASI01/ASI06)

[vgudur-dev]

Proposal: Use AgentThreatBench to benchmark NeMo Guardrails effectiveness

AgentThreatBench is an evaluation suite that operationalizes the OWASP Top 10 for Agentic Applications (2026) into executable benchmark tasks. It was recently merged into the official UK AI Safety Institute's inspect_evals repository.

Why this is directly relevant to NeMo Guardrails

NeMo Guardrails is designed to prevent exactly the threats that AgentThreatBench measures:

AgentThreatBench Task	Relevant Guardrail Type
Memory Poisoning (ASI06)	Input/output rails on memory retrieval
Autonomy Hijack (ASI01)	Topical rails on tool output processing
Data Exfiltration (ASI01)	Output rails on sensitive data transmission

AgentThreatBench could serve as a standardized test suite for measuring how effectively NeMo Guardrails configurations prevent these attacks — providing a before/after comparison that demonstrates guardrail value.

Example integration

from nemoguardrails import RailsConfig, LLMRails
from inspect_evals.agent_threat_bench import run_benchmark

# Run baseline (no guardrails)
baseline_results = run_benchmark(model="openai/gpt-4o")

# Run with NeMo Guardrails
config = RailsConfig.from_path("./guardrails_config")
rails = LLMRails(config)
guarded_results = run_benchmark(model=rails)

# Compare security scores
print(f"Baseline security score: {baseline_results.security_score}")
print(f"Guarded security score: {guarded_results.security_score}")

Resources

• Benchmark docs: https://ukgovernmentbeis.github.io/inspect_evals/evals/safeguards/agent_threat_bench/
• Source code: https://github.com/UKGovernmentBEIS/inspect_evals/tree/main/src/inspect_evals/agent_threat_bench
• OWASP standard: https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/

Would love to discuss adding AgentThreatBench to the NeMo Guardrails test suite or documentation as a reference benchmark for agentic security evaluation.

[vgudur-dev]

Hi @Pouyanpi @tgasser-nv — tagging you as the active maintainer(s) here to ask if you'd be willing to take a look at this request.

Quick context: NeMo Guardrails is designed to enforce safety policies on LLM outputs — AgentThreatBench provides a standardized benchmark to validate that guardrail configurations actually block the 10 OWASP agentic threats.

The ask: a reference to AgentThreatBench in the guardrail evaluation docs, or a built-in test suite that runs AgentThreatBench scenarios against a guardrail configuration

AgentThreatBench is already merged into the UK AI Safety Institute's official inspect_evals suite and is installable via pip install inspect_evals. The benchmark covers 10 executable tasks aligned to the OWASP Top 10 for Agentic Applications 2025.

Happy to provide a prototype integration, a code snippet, or a draft docs PR — whatever would be most useful. Would love to know if this is something the team would consider.