About BoxArena

Container runtimes are a critical security boundary for isolating AI agents, yet no existing benchmark compares runtimes head-to-head on containment under a common attacker. BoxArena is an open-source evaluation framework that fixes the attacker model and varies the runtime, asking: which runtime resists best?

The system runs language-model attackers against a battery of five container-escape quests spanning filesystem, socket, process, network, and kernel-level attack surfaces. It reports resilience (fraction of quests blocked) and attacker score (difficulty- and speed-weighted escape performance), while preserving monitoring evidence and post-hoc control verdicts for later analysis.

BoxArena contributes to the Scalable Formal Oversight research program: rather than relying solely on alignment, it treats the isolation boundary itself as the auditable artifact and measures how well each runtime enforces that boundary under adversarial pressure.

This project was completed as part of the Apart Research AI Control Hackathon.