Forum Discussion

1P_Blake's avatar
1P_Blake
Icon for Community Manager rankCommunity Manager
9 days ago

1Password’s new benchmark teaches AI agents how not to get scammed

In 2024, a research team found that GPT-4 could identify phishing websites with near-perfect accuracy. Ask a modern AI model, “is this email dangerous?” and it almost always gets it right.

Unfortunately, an AI model’s ability to recognize threats does not translate to an AI agent’s ability to avoid them.

AI agents can read your inbox, open links, read secrets on your computer, forward emails, and fill out forms on their own. The problem is what they could do next: open the phishing link, pull your real password from the vault, and type it into the attacker’s fake login page.

That’s not a hypothetical. In our testing, one of the most capable AI models available today did exactly that, ten seconds after being asked to check the inbox.

To address this risk, we’ve built the Security Comprehension and Awareness Measure (SCAM): an open-source benchmark that tests whether AI models can stay safe when they’re actually doing things like reading emails and filling in passwords.

Read the full post and explore SCAM here:

1 Reply