VESTA: A Fully Automated Scenario Generation and Safety Evaluation Framework for LLM Agents

Researchers introduce VESTA, an automated safety evaluation framework for LLM agents that generates 1,072 diverse evaluation scenarios across five risk dimensions. Testing 12 LLM agents reveals significant behavioral safety vulnerabilities, with average attack success rates of 47.1% and some models exceeding 70%, highlighting critical gaps in agent safety assurance.

VESTA addresses a critical gap in AI safety evaluation methodology. As large language models transition from conversational interfaces to autonomous agents capable of tool use, memory management, and environmental interaction, their risk surface expands dramatically. Traditional evaluation approaches relying on static prompts and output-only judgments fail to capture the dynamic safety challenges agents encounter during multi-step task execution. This research matters because it demonstrates that current safety measures are insufficient at scale.

The framework's significance stems from its systematic approach to risk quantification. By instantiating abstract safety concerns into 1,072 measurable scenarios across five risk dimensions, VESTA provides reproducible, process-level evaluation that captures behavioral failures during execution rather than only final outputs. The concerning ASR metrics—averaging 47.1% across agents with peaks above 70%—suggest that deploying these systems in production without significant safety improvements poses substantial risks.

For the AI development industry, these findings create accountability pressure. Organizations building LLM agents now face empirical evidence that existing safety protocols are inadequate. This drives investment in safety-focused research and development, particularly in process-level monitoring and behavioral constraints. Developers must consider evaluation frameworks like VESTA as essential components of agent deployment pipelines.

Looking forward, VESTA's methodology likely becomes an industry standard for agent safety assessment. As regulatory frameworks around AI safety mature, automated evaluation frameworks addressing process-level risks will differentiate trustworthy deployments from riskier alternatives. The research establishes a foundation for measuring safety improvements and tracking progress as new mitigation strategies emerge.

• →VESTA generates 1,072 automated safety evaluation scenarios across five risk dimensions for LLM agents
• →Average attack success rate of 47.1% across 12 LLM agents reveals substantial safety gaps in current systems
• →Process-level evaluation during task execution captures behavioral risks missed by output-only assessment methods
• →Several tested models exceeded 70% ASR, demonstrating critical vulnerabilities requiring immediate mitigation
• →Automated evaluation frameworks are becoming essential for responsible LLM agent deployment and safety certification