The Vision · Trust Me Bro
Trust Me Bro is a browser-native platform for evaluating whether coding agents follow the user or hidden instructions buried in repo files, docs, skills, setup scripts, logs, and workflow context.
Prompt injection is not only a chat problem. Agents read messy developer context, hold powerful tools, and can act on instructions nobody meant them to trust. We built Trust Me Bro to make that risk visible, repeatable, and safe to study.
Judging question
What did we build, and why?
We built a live runner, scenario library, and benchmark dashboard for testing how agents behave inside realistic repository tasks. Each scenario gives the agent a virtual filesystem, a normal user goal, and a hidden attack such as skill poisoning, markdown injection, log hijacking, or a bootstrap-script ambush.
We built it because the only honest way to evaluate agent safety is to watch what the agent actually does. If a frontier model executes a suspicious script without reading it, the platform captures that behavior safely and turns it into evidence.
Judging question
Who is this for?
Trust Me Bro is for AI product teams, Copilot-style agent teams, model evaluators, security researchers, enterprise AppSec teams, platform engineers, and open-source maintainers. They all need to answer the same practical question before expanding agent permissions: can this agent be trusted in our workflow?
Judging question
What is the business value?
Microsoft is a Copilot-first company, and customers will only give agents more autonomy if safety can be evaluated, improved, and explained. Trust Me Bro creates value by reducing adoption risk, increasing customer confidence, and giving product teams concrete data for safer prompts, safer tools, and safer model behavior.
The same data has long-term strategic value: it can become a community-driven security dataset for the models and agents of the future, not just a one-time leaderboard.
Judging question
Why would customers need this?
Today, a team may not know whether an agent will follow hidden instructions in a README, execute an unsafe setup script, or obey a poisoned skill file until it happens in a real codebase. Trust Me Bro lets them test those behaviors first.
Customers can compare models, prompts, and safety modes against the same traps; inspect traces when an agent fails; author new scenarios; and rerun the benchmark as models change. That makes agent trust observable instead of assumed.
Judging question
Why is this different?
Users can inspect the benchmark, run scenarios, and create their own tests on the platform. Every useful failure can become training and evaluation data for safer future models.
Many agent evaluations depend on a real computer layer: terminals, host filesystems, Docker, cloud VMs, or risky compute access. Trust Me Bro keeps the workspace in a virtual filesystem with harmless canaries, isolated from the host without heavy infrastructure overhead.
Instead of a private benchmark that only reports scores, the scenarios, results, and methodology can be inspected, reproduced, challenged, and expanded by the community.
Judging question
What can we show the judges?
A deployed live runner that places an agent inside a browser-isolated virtual repository.
Thirteen realistic attack scenarios across skill poisoning, hidden markdown, log hijacking, workflow deception, and setup-script traps.
Benchmark results from 1,950 runs across ten models, three prompt safety modes, and full behavior traces.
Dashboards that turn those runs into safety scores, prompt-robustness curves, scenario heatmaps, and attack difficulty views.
Judging question
What are the next steps?
Judging question
What proves this is real and important?
The future of agents needs more than trust. It needs tests.