Safety Testing LLM Agents at Scale: From Risk Discovery to Evidence-Grounded Verification
Summary
Vera is an end-to-end automated safety testing framework designed for LLM agents, addressing the limitations of existing methods that rely on expert-designed violations and hard-coded rules. It instantiates software engineering testing principles through a three-stage, self-reinforcing pipeline. This pipeline first discovers and structures emerging risks into taxonomies of safety risks, attack methods, and tool execution environments. Second, it combinatorially composes these dimensions into executable safety cases, specifying goals, initial states, and deterministic verification predicates. Third, adaptive execution runs heterogeneous agents in isolated sandboxes, with a control agent steering multi-turn interactions and evidence-grounded verifiers judging outcomes from environment state and tool-call evidence. Evaluation on four production agent frameworks (OpenClaw, Hermes, Codex, Claude Code) revealed substantial safety weaknesses, with average attack success rates reaching 93.9% under multi-channel attacks. The framework also includes Vera-Bench, comprising 1600 executable safety cases spanning 124 risk categories across three execution settings, and its code is publicly available.
Key takeaway
For MLOps Engineers deploying LLM agents, you must move beyond static safety checks. Vera's findings, showing 93.9% attack success rates, highlight the necessity of dynamic, evidence-grounded verification. Implement modular, executable testing infrastructure like Vera to continuously discover and validate agent safety. This approach ensures your evolving agentic systems are rigorously evaluated against emerging risks, preventing costly failures from autonomous actions and tool interactions.
Key insights
Vera provides a scalable, automated framework for discovering and verifying safety risks in LLM agents using software engineering principles.
Principles
- Safety testing needs continuous risk discovery.
- Combine risks, attacks, environments for cases.
- Verify outcomes with environment evidence.
Method
Vera's three-stage pipeline involves literature-driven risk taxonomy creation, combinatorial composition of executable safety cases, and adaptive execution in sandboxes with evidence-grounded verification.
In practice
- Test agents with multi-channel attacks.
- Use sandboxes for isolated execution.
- Verify outcomes via tool-call evidence.
Topics
- LLM Agents
- Safety Testing
- Automated Verification
- Risk Discovery
- Agentic Systems
- Vera Framework
Code references
Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, MLOps Engineer, AI Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.