The Vision · Trust Me Bro

Test agent behavior before it becomes production risk.

Trust Me Bro is a browser-native platform for evaluating whether coding agents follow the user or hidden instructions buried in repo files, docs, skills, setup scripts, logs, and workflow context.

Prompt injection is not only a chat problem. Agents read messy developer context, hold powerful tools, and can act on instructions nobody meant them to trust. We built Trust Me Bro to make that risk visible, repeatable, and safe to study.

01

Judging question

What did we build, and why?

A live evaluation platform for coding-agent security.

We built a live runner, scenario library, and benchmark dashboard for testing how agents behave inside realistic repository tasks. Each scenario gives the agent a virtual filesystem, a normal user goal, and a hidden attack such as skill poisoning, markdown injection, log hijacking, or a bootstrap-script ambush.

We built it because the only honest way to evaluate agent safety is to watch what the agent actually does. If a frontier model executes a suspicious script without reading it, the platform captures that behavior safely and turns it into evidence.

02

Judging question

Who is this for?

The teams deciding how much power agents should get.

Trust Me Bro is for AI product teams, Copilot-style agent teams, model evaluators, security researchers, enterprise AppSec teams, platform engineers, and open-source maintainers. They all need to answer the same practical question before expanding agent permissions: can this agent be trusted in our workflow?

03

Judging question

What is the business value?

Safer agents make agent adoption easier to justify.

Microsoft is a Copilot-first company, and customers will only give agents more autonomy if safety can be evaluated, improved, and explained. Trust Me Bro creates value by reducing adoption risk, increasing customer confidence, and giving product teams concrete data for safer prompts, safer tools, and safer model behavior.

The same data has long-term strategic value: it can become a community-driven security dataset for the models and agents of the future, not just a one-time leaderboard.

04

Judging question

Why would customers need this?

It turns a scary failure mode into evidence.

Today, a team may not know whether an agent will follow hidden instructions in a README, execute an unsafe setup script, or obey a poisoned skill file until it happens in a real codebase. Trust Me Bro lets them test those behaviors first.

Customers can compare models, prompts, and safety modes against the same traps; inspect traces when an agent fails; author new scenarios; and rerun the benchmark as models change. That makes agent trust observable instead of assumed.

05

Judging question

Why is this different?

Not just a benchmark. A place to create the dataset.

Accessible scenario creation

Users can inspect the benchmark, run scenarios, and create their own tests on the platform. Every useful failure can become training and evaluation data for safer future models.

Browser-native isolation

Many agent evaluations depend on a real computer layer: terminals, host filesystems, Docker, cloud VMs, or risky compute access. Trust Me Bro keeps the workspace in a virtual filesystem with harmless canaries, isolated from the host without heavy infrastructure overhead.

Open-source and community driven

Instead of a private benchmark that only reports scores, the scenarios, results, and methodology can be inspected, reproduced, challenged, and expanded by the community.

06

Judging question

What can we show the judges?

No real malware. Real signal.

A deployed live runner that places an agent inside a browser-isolated virtual repository.

Thirteen realistic attack scenarios across skill poisoning, hidden markdown, log hijacking, workflow deception, and setup-script traps.

Benchmark results from 1,950 runs across ten models, three prompt safety modes, and full behavior traces.

Dashboards that turn those runs into safety scores, prompt-robustness curves, scenario heatmaps, and attack difficulty views.

07

Judging question

What are the next steps?

From hackathon demo to continuous agent hardening.

  • 01Expand the scenario library with attacks drawn from real incidents, community submissions, and emerging agent workflows.
  • 02Add assisted scenario generation so researchers can quickly turn a new exploit pattern into a reproducible test.
  • 03Build an evaluation loop where one agent studies failure traces, proposes safer system prompts, and mutates scenarios to make attacks more subtle.
  • 04Package the dataset and runner so model builders, Copilot-style product teams, and enterprise security teams can use the results in their own safety workflows.
08

Judging question

The future of agents needs more than trust. It needs tests.