ATBench: A Diverse and Realistic Agent Trajectory Benchmark for Safety Evaluation and Diagnosis

Researchers introduce ATBench, a comprehensive benchmark for evaluating the safety of LLM-based agents across realistic multi-step interactions. The 1,000-trajectory dataset addresses critical gaps in existing safety evaluations by incorporating diverse risk scenarios, detailed failure classification, and long-horizon complexity that mirrors real-world deployment challenges.

ATBench represents a significant advancement in LLM safety evaluation methodology. Traditional benchmarks assess isolated prompts or final responses, missing the emergent risks that arise from sequential agent actions—a critical oversight as these systems increasingly operate autonomously across multiple steps and tool interactions. This research directly addresses that gap by constructing trajectories that simulate realistic deployment conditions where safety failures accumulate or trigger across extended interactions.

The benchmark's three-dimensional taxonomy—organizing risks by source, failure mode, and real-world harm—provides the structural clarity needed for precise safety diagnosis rather than binary pass/fail assessments. This granular approach enables researchers and developers to identify specific vulnerability patterns and understand which failure types their safeguards address effectively. The inclusion of 2,084 available tools with 1,954 actual invocations reflects genuine system complexity, avoiding oversimplified test scenarios.

For the AI development community, ATBench establishes baseline expectations for safety evaluation rigor. Early experiments show that even frontier LLMs and specialized guard systems struggle with the benchmark, indicating that current safety measures remain inadequate for production deployments. This finding creates urgency around improving alignment and guardrail mechanisms before wider agent deployment.

The benchmark's human-audited, rule-filtered dataset construction methodology sets quality standards for future safety research. As LLM agents become production systems, comprehensive safety benchmarks like ATBench become essential infrastructure for responsible deployment, similar to how security audits became standard in financial systems. Organizations developing or deploying autonomous agents will increasingly face evaluation against such standards.

• →ATBench contains 1,000 realistic agent trajectories averaging 9 turns to capture multi-step safety failures missed by existing benchmarks
• →The three-dimensional taxonomy enables precise classification of agentic risks by source, failure mode, and real-world harm impact
• →Current frontier LLMs and specialized guardrails show insufficient performance on ATBench, indicating safety gaps in production-ready systems
• →The benchmark's diverse tool ecosystem (2,084 available tools) reflects authentic deployment complexity beyond simplified test environments
• →Human-audited dataset construction and taxonomy-stratified analysis enable diagnosis of long-horizon failure patterns critical for deployment safety