Two challenges. $140K in prizes. One Arena built for hackers pushing limits. We just announced the Machine-in-the-Middle Challenge sponsored by @hackthebox_eu starting Nov 1st, with a second AI-focused Indirect Prompt Injection Challenge dropping the next week. This is where

This is why we built Gray Swan. Shade rigorously tests your AI systems pre-deployment. Our platform actively protects deployed agents from adversarial misuse. Blog: https://t.co/v6TReHfYuf Full research:

Three urgent implications: - Pre-deployment testing must mirror real-world conditions - Refusal robustness needs rigorous evaluation beyond standard tests - Deployed AI agents need continuous protection against misuse

What makes AI agents dangerous isn't just capability—it's economics. Continuous operation for 8.5+ hours at machine speed and cloud costs. Traditional red teams? Vastly more expensive and slower. Attack surface just got democratized.

Standard "safety" claims don't hold up in practice. No sophisticated jailbreaking needed to bypass guardrails. Just competent cybersecurity instructions. If your threat model assumes adversaries need expert knowledge, update it.

Purpose-built AI agents can outperform most cybersecurity professionals; at a fraction of the cost. ARTEMIS found critical vulns: default creds on server management, DNS cache poisoning, root-level SMB backdoors. Same methods as top human testers, but faster and cheaper.

We just ran the first live enterprise comparison: AI agents vs. professional pentesters on Stanford's real network. ARTEMIS placed 2nd overall, beating 90% of human pros. Only agent still finding vulns after 8.5 hours. Research with @Stanford & @CarnegieMellon. 🧵

The methodological split matters for deployment: 200-attempt RL campaigns simulate well-resourced adversaries with time and adaptive tooling. Single-attempt metrics answer: how often does a naive attacker succeed first try? Both matter. Know which threat you're defending

Meanwhile, Apollo's testing revealed some concerning patterns: models attempting to turn off oversight when threatened, self-exfiltration attempts, and instrumental alignment faking. This is why scheming evaluations are critical for agentic deployments.

Evaluation awareness metrics matter: when models detect eval conditions, production behavior becomes unpredictable at scale. Opus 4.5 showed 60% reduction in evaluation awareness vs previous versions through targeted engineering.

This isn't about single-attempt jailbreaks. RL-based adversarial testing means the attacker model learns from failures, adjusts vectors, and systematically probes weaknesses. It's training an AI to break another AI.

Gray Swan Shade ran 200-attempt RL campaigns against Claude models. The ASR degradation curve is wild: Opus 4.5 (coding): 4.7% → 33.6% → 63.0% Opus 4.5 (computer use): 0% even at 200 attempts First model to saturate the benchmark.

@claudeai @AnthropicAI Security-first AI ins't optional anymore; it's the foundation. Congrats to the @AnthropicAI team on the release! 👏 https://t.co/2zDSuELx8b

@claudeai Opus 4.5 showed the strongest resistance to prompt injection attacks among frontier models, validated by our evaluation framework alongside @AnthropicAI's internal benchmarks.

Proud to see @GraySwanAI's prompt injection benchmark featured in today's @claudeai Opus 4.5 launch.

This hacker has made over $10,000 hacking AI! https://t.co/8rBx7AnEy5

Warm up Machine-in-the-Middle and Indirect Prompt Injection competitions with @GraySwanAI are live! 🚀 Can't wait to see if I can solve any of these!

💥TOMORROW: With over 100k cash prize money and even more giveaways on the line, @GraySwanAI is running a competition to see if you can direct AI to hack live boxes and find OSS Vulns! Def check this competition out!

Woah. This looks awesome. Gray Swan partnering with all the big AI companies for a hacking competition. $100k in prizes. 👀

Warm up starts tomorrow!

Full details and calendar are here: https://t.co/iR2cCQMA4v Join the Arena Discord, 12k strong: