AI News AI资讯 7d ago Updated 7d ago 更新于 7天前 51

UK's AI Security Institute finds standard benchmarks systematically underestimate what AI agents can actually do 英国AI安全研究所发现,标准基准测试系统性地低估了AI智能体的实际能力

Standard AI benchmarks systematically underestimate agent capabilities because they use fixed, low compute budgets that cap performance before models reach their potential. Increasing test-time compute (token budgets) significantly boosts success rates, with gains up to 25% in software engineering and notable improvements in cybersecurity tasks. There is a strong power-law correlation between the time a human expert takes to complete a task and the number of tokens an AI agent requires. Newer fr 英国AI安全研究所(AISI)研究发现,固定计算预算的基准测试系统性地低估了AI智能体的实际能力。 增加测试时计算资源(Token预算)可显著提升模型成功率,软件工程中提升约25%,网络安全任务中部分任务需极高预算才能解决。 模型完成任务所需的Token数量与人类专家耗时呈幂律关系,固定预算往往截断了复杂任务的评估。 新一代模型从额外计算资源中获益更多,其能力曲线在覆盖范围、可靠性和效率上均有显著扩展。 AISI建议将能力视为随计算预算变化的曲线而非固定分数,并推行“最小信息量预算”测试以准确评估风险。

75
Hot 热度
70
Quality 质量
72
Impact 影响力

Analysis 深度分析

TL;DR

  • Standard AI benchmarks systematically underestimate agent capabilities because they use fixed, low compute budgets that cap performance before models reach their potential.
  • Increasing test-time compute (token budgets) significantly boosts success rates, with gains up to 25% in software engineering and notable improvements in cybersecurity tasks.
  • There is a strong power-law correlation between the time a human expert takes to complete a task and the number of tokens an AI agent requires.
  • Newer frontier models benefit disproportionately from increased compute compared to older models, showing greater reach, reliability, and efficiency.
  • Evaluating AI safety and capability requires measuring performance curves across varying compute budgets rather than relying on single-point fixed-score metrics.

Why It Matters

This research challenges the validity of current AI evaluation standards, suggesting that many reported "limits" of AI agents are artificial constraints imposed by insufficient testing resources rather than inherent model deficiencies. For security researchers and policymakers, this implies that the actual risk posed by autonomous AI agents may be higher than currently assessed, as these systems can achieve significantly more complex outcomes when allowed greater computational effort. Consequently, risk assessments and deployment decisions based on low-budget benchmarks may be dangerously optimistic or misleading.

Technical Details

  • Benchmark Variations: The UK's AI Security Institute (AISI) tested frontier models across seven benchmarks, including cybersecurity (METR, AISI), software engineering (TerminalBench 2.0, SWE-Bench Pro), math/academics (Humanity's Last Exam), and health (HealthBench), using token budgets ranging from 1 million to over 100 million.
  • Compute Scaling Effects: Success rates increased by approximately 25% in software engineering when budgets rose from 1 million to 10 million tokens. In cybersecurity, about 8% of tasks were only solvable with budgets exceeding 10 million tokens, with some requiring up to 50 million.
  • Human-AI Correlation: Analysis of 211 software engineering and 78 cyber tasks revealed a power-law relationship where agent token consumption scales directly with human expert task duration (e.g., a one-week human task correlates with billions of tokens for the agent).
  • Model Generational Improvements: Newer models demonstrated superior scaling properties, shifting capability curves along three axes: reach (solving harder tasks), reliability (higher success rates), and efficiency (fewer tokens per task). The time horizon for frontier models doubled every 40–50 days at high budgets, compared to every 4.7 months at low budgets.
  • Domain-Specific Plateaus: While domains allowing self-verification (code execution, exploit testing) showed continuous improvement with compute, domains with delayed or missing feedback (like HealthBench) plateaued quickly within standard budgets.

Industry Insight

  • Re-evaluate Evaluation Protocols: Organizations must move beyond static benchmark scores and adopt "minimum informative budgets" that test whether model performance continues to scale with compute. Relying on fixed, low-cost evaluations provides an incomplete and potentially unsafe picture of model capabilities.
  • Adjust Risk Models for Autonomous Agents: Given that AI agents can achieve significantly higher success rates with increased compute, risk frameworks for deploying autonomous agents in critical sectors (cybersecurity, finance, healthcare) must account for the possibility of "compute-amplified" capabilities that exceed current threat models.
  • Monitor Compute Cost Trends: As token costs decrease, high-compute evaluations and attacks become more economically viable. Stakeholders should anticipate that capabilities previously deemed "too expensive" to test or exploit will become accessible, necessitating proactive safety measures that assume higher effective intelligence levels.

TL;DR

  • 英国AI安全研究所(AISI)研究发现,固定计算预算的基准测试系统性地低估了AI智能体的实际能力。
  • 增加测试时计算资源(Token预算)可显著提升模型成功率,软件工程中提升约25%,网络安全任务中部分任务需极高预算才能解决。
  • 模型完成任务所需的Token数量与人类专家耗时呈幂律关系,固定预算往往截断了复杂任务的评估。
  • 新一代模型从额外计算资源中获益更多,其能力曲线在覆盖范围、可靠性和效率上均有显著扩展。
  • AISI建议将能力视为随计算预算变化的曲线而非固定分数,并推行“最小信息量预算”测试以准确评估风险。

为什么值得看

这项研究揭示了当前AI评估体系的重大盲区,指出仅依赖固定预算的基准测试会严重误导对前沿模型能力的判断,特别是对于具备自我验证能力的智能体。对于AI从业者和监管机构而言,理解计算预算与性能的非线性关系,有助于更准确地评估模型在网络安全、软件工程等高价值场景中的真实潜力和风险。

技术解析

  • 计算预算与性能曲线:研究通过七个基准测试发现,AI智能体的性能是测试时计算量(Test-time Compute)的函数。当预算限制在较低水平时,测得的是性能下限而非上限;随着Token预算增加,成功率持续上升直至达到平台期。
  • 领域差异与阈值:在网络安全任务中,约8%的任务仅在预算超过1000万Token时才被解决,部分甚至需要5000万;软件工程技术基准(如SWE-Bench Pro)在预算从100万增至1000万时,成功率提升约25%。相比之下,医疗类任务(HealthBench)因缺乏即时反馈,增加计算量收益甚微。
  • 人类耗时与Token消耗幂律:数据分析显示,模型完成任务所需的Token数与人类专家完成相同任务的时间遵循幂律分布。例如,人类需1分钟的任务消耗数千Token,而需20小时的任务(如“The Last Ones”)则需至少3000万Token,表明固定预算无法评估长周期复杂任务。
  • 代际进步的非均匀性:新模型相比旧模型在三个维度受益更大:Reach(解决更难任务)、Reliability(更高成功率)和Efficiency(更低Token消耗)。然而,在10%-30%的任务上,新模型表现反而不如旧模型,显示进步并非在所有维度均匀发生。
  • 评估方法论革新:AISI提出“最小信息量预算”概念,即测试预算应足够高以观察性能是否达到平台期。同时,研究指出在低Token成本下,高预算测试的可及性增加,使得基于动态预算的评估成为衡量部署风险和价值的必要手段。

行业启示

  • 重新定义基准测试标准:行业和监管机构应摒弃单一固定分数的评估模式,转而采用多维度的计算预算敏感性分析。特别是在涉及自主代理(Agents)的场景中,必须评估其在不同算力投入下的能力边界,以避免低估潜在的系统性风险。
  • 算力成本与能力解锁的经济逻辑:随着Token单价下降,使用高预算进行推理变得经济可行。企业应意识到,通过增加推理时的计算资源(如思维链扩展、多步验证),可以以较低边际成本解锁模型的高阶能力,这在软件开发和安全审计等领域具有极高的ROI。
  • 关注长尾复杂任务的评估缺口:当前基准测试可能无法反映模型在长时间、多步骤任务(如长期网络安全防御或大型代码库重构)中的真实表现。开发者需建立针对长上下文和长周期任务的专用评估协议,因为这类任务的能力增长远超现有固定预算基准所显示的速率。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Agent Agent Security 安全 Evaluation 评测 Benchmark 基准测试