agentrangeJoin waitlist
// Waitlist open

Enterprise Security Agent Evals and Benchmarking.

Evaluate your enterprise security agents on specific tasks or wholistic end-to-end workflows. Prove their safety, effectiveness, and reliability bleeding edge benchmarks.

// The problem

The same agent that prevents an incident can cause one.

A pentest agent that surfaces a critical vulnerability before a real adversary can is a huge win. The same agent, slightly off the rails, can drop a production database, corrupt customer data, or pivot beyond the scope it was authorized to touch.

On the defensive side, a SOC agent that autonomously contains a live intrusion is invaluable. The same agent, acting on a false positive, can quarantine production servers and take customer-facing applications offline.

AgentRange helps you mitigate these risks by measuring the three things that matter when a security agent acts autonomously — safety, effectiveness, and reliability — so you can prove your agents perform in real environments before you trust them with your production systems.

// How it works

How AgentRange works.

Step 01·Define

the specific tasks and workflows to evaluate your agent on

Define tasks. Set success criteria.

Author your own evals, or pick from our library of pre-built tasks and the metrics that grade them.

Benchmarks
agentrange/red-team-v1
Tasks4 available
  • kerberos_reconred team
  • cloud_lateralred team
  • siem_triageblue team
  • phishing_detectionblue team
Success metrics3 available
  • success_rate
  • stealth_score
  • false_positive_rate
3 tasks · 2 metrics selectedtrials: 50
Step 02·Run

your agent inside a real enterprise environment

Run your agent. Capture every action.

Each task runs across many trials, each inside its own real environment. Every action your agent takes is recorded for later replay and analysis.

Trial 17/50
kerberos_recon · ad_enterprise_v2
$ red_team_v3 --target ad_enterprise_v2
[00:01]enumerating domain controllers
[00:02]found 3 DCs (DC01, DC02, DC03)
[00:04]kerberoasting service accounts
[00:08]extracted 12 service tickets
[00:11]cracking offline
[00:14]recovered svc_sql password
[00:15]lateral → fileserver01
[00:17]
Step 03·Grade

how well your agent performed

Quantify your agent's performance.

See how your agent performed across every trial for every task you defined — graded on the three pillars of enterprise security agents: safety, effectiveness, and reliability.

Results
47 / 50 trials passed
success
94%
stealth
82%
mttr
74%
Per-trialΔ +3 vs prev
// Offensive Benchmarks

Rigorous benchmarks for autonomous pentesting agents

Designed in partnership with leading offensive security experts, our benchmarks measure an agent’s safety and efficacy on production enterprise environments with complex network topologies and attack paths. Continuously updated and refreshed, our benchmarks avoid the problem of new agents and models being trained to the test.

  • Safety

    Hard constraints on agent behavior, enforced during the run.

    Every scenario ships with explicit rules of engagement — what is in scope, what counts as destructive, what data may not be touched. Each action the agent takes is recorded against those rules. Agents that reach the objective but violate the RoE fail the trial.

  • Effectiveness

    Scored on outcomes, not on plausible-sounding reports.

    Each scenario has a defined rubric — objectives reached, privilege boundaries crossed, vulnerabilities correctly identified and reported. Scoring is mechanical against actual environment state, so an agent’s score reflects what really happened, not how convincing the writeup sounds.

  • Reliability

    Performance that holds up across repeated runs.

    Every scenario runs many times against re-rolled, version-pinned environments. We report variance alongside the headline number, so agents have to hit the bar consistently — not just on a lucky single shot — and results stay comparable across model upgrades and runs months apart.

// Defensive Benchmarks - Coming Soon

Comprehensive benchmarks for enterprise SOC agents

Built in collaboration with detection and response experts from top security firms, our benchmarks measure an agent’s accuracy and safety on production SOC environments. Our SOC agent benchmarks include densly populated SIEMs with realistic alert noise and false positive rates, plus ground-truth labels for the attacks behind every alert.

  • Safety

    Bounds on autonomous response, enforced during the run.

    Each scenario defines what the agent is permitted to do on its own — what it can isolate, block, or escalate, and what requires a human in the loop. Response actions outside those bounds fail the trial, even when the call would have been correct.

  • Effectiveness

    Scored on detection outcomes, not triage prose.

    Each SIEM is populated with months of ground-truth attack and benign activity. Agents are scored on detection precision, recall, and false-positive rate against that label set — what they caught, what they missed, and what they cried wolf about.

  • Reliability

    Detection that holds up across attacker variants and noise.

    Each agent runs through many variants of the same attack — different timings, slightly different IoCs, varying levels of background noise. We surface where detection holds and where it cracks, so brittle pattern-matching gets caught here, not in production.

// Who it’s for

Who AgentRange is for.

Red team

Red team and pentest agents

Agents that handle recon, exploitation, lateral movement, and exfiltration. Built by offensive security teams and red-team-as-a-service vendors.

Real Active Directory domains, AWS estates, and applications with real bugs, with each trial fully isolated. Every run is reproducible, so two prompts or two model versions can be compared on the exact same starting state.

Blue team

SOC and blue team agents

Agents that triage alerts, hunt threats, and author detections. Built by SOC engineering teams and security platform startups.

Populated SIEMs with the alert noise and false positive rates of a real production SOC, plus ground-truth labels for the attacks behind every alert. Eval results that predict how the agent performs at 3am.

// Waitlist

Request access.

We are working with a small group of design partners this fall. Tell us what you are building and we will be in touch.