Crucible — Live Adversarial Campaigns Against AI Agents

We pressure-test AI agents the way real attackers will — live, in populated environments, against humans whose job is to break them. Benchmarks measure the average case. We measure what happens under sustained adversarial heat, where the failures that actually matter live.

Track record

Our work extending Agents of Chaos (Shapira et al., 2025) — the seminal study of emergent harm in populated multi-agent environments — led OpenAI to engage us to run an internal red-team campaign against their agents.

The original two-week engagement produced enough actionable findings that OpenAI commissioned a three-week followup. That followup was then extended to five weeks as the campaign kept surfacing high-impact results.

2 weeks

first engagement

on the strength of our Agents of Chaos work

3 weeks

commissioned followup

on the strength of the first engagement's findings

5 weeks

extended in-flight

because impactful results kept landing

Across both engagements we ran the work end-to-end: custom adversarial infrastructure, a hand-picked senior research roster, daily synthesised reporting, and a methodology that adapts in real time to what the attacks reveal.

What we do

Campaigns, not evaluations. We stand up populated ecosystems — dozens of agents and a hand-picked senior research roster acting as participants — and run them continuously for two to five weeks. Findings come from emergent behaviour under sustained pressure, not from a fixed prompt suite.

Custom adversarial infrastructure. We build the surfaces the agents have to defend: chat platforms, financial back ends, clinical workflows, internal tooling. Each campaign runs on a custom runtime that exposes agent workspaces, memories, and tool access — so attacks land where they would land in production.

Severity-graded harm reports. Every campaign closes with a structured phase report: a daily-updated harm taxonomy, severity ratings, sanitised artefacts, and recommended mitigations. The deliverable is something a security org can act on directly.

How we work

Recruit narrow, hire senior. Every campaign roster is hand-picked through trusted networks. We don't run open calls.
Founder-on-the-floor. Platform fixes ship in hours, not sprints, while the campaign is live. The infrastructure adapts to what the attacks reveal.
Lower the friction floor. Every observation a researcher wants to record becomes an affordance in the platform within a day.
Daily logs as scoreboard. An LLM-summarised cross-environment log goes out each morning; findings compound visibly and good attacks are amplified across the team.
Phase the work explicitly. Build → experiment → report. Each transition is announced. No diffuse "research mode."

Team

Alex Loftus

Principal

Jannik Brinkmann

Principal

Alice Rigg

Researcher

Giordano Rogers

Researcher

Negev Taglicht

Researcher

Antonio Mari

Researcher

Kevin Rigg

Engineer

Engagements

Today: Crucible currently operates as a research collective. Engagements are contracted through Handshake; references are available under NDA.
Scope: Two- to five-week live campaigns against your agent surfaces — chat, support, financial, clinical, or internal tooling. Deliverables: full phase report, sanitised raw artefacts, and a session of recommended mitigations.
Contact: alexloftus2004@gmail.com · jannik.brinkmann698@gmail.com