UC Berkeley Launches CyberGym to Test AI on Large-Scale Cybersecurity

UC Berkeley has taken a bold step toward strengthening cybersecurity research with the launch of CyberGym, an innovative evaluation framework designed to rigorously test AI agents against real-world, large-scale vulnerabilities. As cyberattacks grow increasingly sophisticated and pervasive, the role of artificial intelligence in defending systems has never been more critical. With CyberGym, researchers now have a high-fidelity environment for assessing the effectiveness of AI-driven security tools at a level of complexity rarely seen in existing benchmarks.

What is CyberGym?

CyberGym is a first-of-its-kind, open-source cybersecurity evaluation framework developed by researchers at UC Berkeley. The platform enables the simulation of real-world cyberattacks across expansive codebases that mirror the scale and scope of modern-day enterprise applications.

CyberGym addresses a significant gap in cybersecurity research: traditional benchmarks tend to focus on small, synthetic programs that fail to reflect the complexity of modern software systems. This limits the real-world applicability of AI models developed and evaluated in these environments. CyberGym solves this by offering a sandboxed, scalable testing environment capable of measuring an AI agent’s ability to:

• Detect diverse classes of software vulnerabilities
• Respond to threats in dynamic, realistic IT environments
• Scale across millions of lines of code, mirroring real enterprise-level systems

Why CyberGym Matters

With the average cost of a data breach exceeding $4 million globally and increasing at an alarming rate, there is a growing need for smarter, more effective cybersecurity tools. AI has emerged as a potential game changer, but the question remains: how do we fairly and thoroughly test these AI systems in environments that match the complexity of what they’ll face in production?

This is the problem that UC Berkeley set out to solve with CyberGym. By providing developers, security analysts, and AI researchers with a controlled, reproducible testbed that mimics real IT infrastructure, CyberGym offers a meaningful way to benchmark the performance of AI agents against realistic threats.

Key Benefits of CyberGym

• Higher Realism: Evaluates AI security tools in networked, OS-level environments with full-stack applications and services.
• Extensive Automation: Automates the process of vulnerability injection, code instrumentation, and telemetry collection.
• Security Relevance: Tests how well AI agents handle practical, high-impact vulnerabilities such as buffer overflows, command injections, and privilege escalations.

How CyberGym Works

CyberGym doesn’t just simulate synthetic data or toy examples — it recreates real-world systems and actively embeds vulnerabilities that an AI agent must discover and mitigate. The framework works across multiple layers, ranging from the source code and Linux kernel to Dockerized services and web applications.

Framework Architecture

The CyberGym framework consists of the following core components:

• Vulnerability Injection Engine: Automatically plants low-level security vulnerabilities drawn from real CVEs into open-source codebases.
• Sandboxing Environment: Runtime environments model not just code, but also user behavior, web traffic, and system-level interactions to enable contextual understanding for AI agents.
• Telemetry Pipeline: Captures fine-grained instrumentation data, attack traces, and response scenarios to evaluate how AI models perform under threat.
• Scalable Benchmark Suite: Includes dozens of large, diverse applications with different bug types and security challenges.

This structure ensures that AI agents are evaluated not just on static code analysis but also on how effectively they handle dynamic runtime threats in evolving systems. AI security tools that perform well in CyberGym are more likely to generalize to live production environments.

Evaluating AI Agents with CyberGym

To benchmark AI agents, researchers run them through a set of pre-defined tasks within CyberGym’s vulnerability-infused environments. These tasks include:

• Bug Finding: Detect known and unknown vulnerabilities in sprawling codebases
• Patch Generation: Suggest secure code fixes based on contextual data
• Intrusion Detection: Monitor live system behavior to spot anomalous activity
• Threat Containment: Shut down compromised processes and prevent further exploitation

CyberGym enables comparative evaluations of different AI models using standardized metrics such as:

• Precision and recall of vulnerability detection
• Response latency to active threats
• Success rate in generated patches
• False positive/negative rates

Unlocking Real-World Applications

One of the standout features of CyberGym is its focus on scalability and impact. Unlike most academic benchmarks, which use small files and proof-of-concept threats, CyberGym enables researchers to test against real-world software systems, such as:

• WordPress: With over 60 million deployments globally, securing WordPress is a priority for the web ecosystem.
• Apache HTTP Server: Powers a large fraction of global internet traffic with complex code and legacy modules.
• MySQL and PostgreSQL: Popular databases with known security challenges in injection handling.

This level of realism makes CyberGym deceptively powerful: it can stress-test AI models in lifelike conditions, which could lead to breakthroughs in deploying trustworthy AI-powered cybersecurity systems in the wild.

Open Source and Community Involvement

Currently open-source and available on GitHub, CyberGym invites contributions and participation from a global research community. UC Berkeley hopes the framework will become a staple testing bed for both academia and industry.

Some of the future extensions planned include:

• Support for Windows-based environments and hybrid OS networks
• Integration with cloud-native infrastructure like Kubernetes and AWS
• Expanded metrics to evaluate memory usage, scalability, and robustness under adversarial conditions

UC Berkeley is also organizing regular CyberGym Challenges, encouraging researchers to submit AI models optimized for security assessment. These competitions not only influence how systems are evaluated but also foster collaboration across the AI security landscape.

What This Means for the Future of AI and Cybersecurity

CyberGym signals a significant leap toward establishing rigorous, large-scale benchmarks to govern AI’s role in cybersecurity. With its extensive tooling, real-world relevance, and scalable architecture, the framework positions UC Berkeley at the forefront of the fight against cybercrime in the AI age.

In an era where critical infrastructure, financial institutions, and even democratic processes are being attacked via software exploits, it’s imperative that our defenses grow just as intelligent — and just as adaptable — as the threats they are designed to neutralize. CyberGym brings us a step closer to that vision.

Final Thoughts

As AI and machine learning become essential components in modern cybersecurity toolkits, benchmarks like CyberGym are crucial. They ensure that what’s developed in the lab can actually protect systems in the wild. By combining real-world relevance, open-source accessibility, and cutting-edge research, UC Berkeley’s CyberGym sets a new gold standard in AI security evaluation.

Whether you’re a researcher, a cybersecurity engineer, or an AI enthusiast, CyberGym is a project worth watching — and contributing to — as we enter the next generation of cyber-resilience.