CyberMetric: A Benchmark Dataset based on Retrieval-Augmented Generation for Evaluating LLMs in Cybersecurity Knowledge

Cybersecurity
Agent

Datasets containing 80, 500, 2000 and 10000 multiple-choice questions, designed to evaluate understanding across nine domains within cybersecurity

Contributed By

@neilshaabi

Code

src/inspect_evals/cybermetric

Paper

https://arxiv.org/abs/2402.07688

Overview

CyberMetric is a collection of four datasets containing 80, 500, 2000 and 10000 multiple-choice questions, designed to evaluate understanding across nine domains within cybersecurity: Disaster Recovery and BCP, Identity and Access Management (IAM), IoT Security, Cryptography, Wireless Security, Network Security, Cloud Security, Penetration Testing, and Compliance/Audit.

Contributed by @neilshaabi

Usage

Installation

There are two ways of using Inspect Evals, from pypi as a dependency of your own project and as a standalone checked out GitHub repository.

If you are using it from pypi, install the package and its dependencies via:

pip install inspect-evals

If you are using Inspect Evals in its repository, start by installing the necessary dependencies with:

uv sync

Running evaluations

Now you can start evaluating models. For simplicity’s sake, this section assumes you are using Inspect Evals from the standalone repo. If that’s not the case and you are not using uv to manage dependencies in your own project, you can use the same commands with uv run dropped.

uv run inspect eval inspect_evals/cybermetric_80 --model openai/gpt-5-nano
uv run inspect eval inspect_evals/cybermetric_500 --model openai/gpt-5-nano
uv run inspect eval inspect_evals/cybermetric_2000 --model openai/gpt-5-nano
uv run inspect eval inspect_evals/cybermetric_10000 --model openai/gpt-5-nano

To run multiple tasks simulteneously use inspect eval-set:

uv run inspect eval-set inspect_evals/cybermetric_80 inspect_evals/cybermetric_500 inspect_evals/cybermetric_2000 inspect_evals/cybermetric_10000

You can also import tasks as normal Python objects and run them from python:

from inspect_ai import eval, eval_set
from inspect_evals.cybermetric import cybermetric_80, cybermetric_500, cybermetric_2000, cybermetric_10000
eval(cybermetric_80)
eval_set([cybermetric_80, cybermetric_500, cybermetric_2000, cybermetric_10000], log_dir='logs-run-42')

After running evaluations, you can view their logs using the inspect view command:

uv run inspect view

For VS Code, you can also download Inspect AI extension for viewing logs.

If you don’t want to specify the --model each time you run an evaluation, create a .env configuration file in your working directory that defines the INSPECT_EVAL_MODEL environment variable along with your API key. For example:

INSPECT_EVAL_MODEL=anthropic/claude-opus-4-1-20250805
ANTHROPIC_API_KEY=<anthropic-api-key>

Options

You can control a variety of options from the command line. For example:

uv run inspect eval inspect_evals/cybermetric_80 --limit 10
uv run inspect eval inspect_evals/cybermetric_500 --max-connections 10
uv run inspect eval inspect_evals/cybermetric_2000 --temperature 0.5

See uv run inspect eval --help for all available options.

Dataset

Here is an example prompt from the dataset (after it has been further processed by Inspect):

Answer the following multiple choice question. The entire content of your response should be of the following format: ‘ANSWER: $LETTER’ (without quotes) where LETTER is one of A,B,C,D.

In cryptography, what is the purpose of using a key-derivation function (KDF)?

  1. Generate public keys, B) Authenticate digital signatures, C) Encrypt data using a password, D) KDF are algorithms used to transform a secret into crucial parameters like keys and Initialization Vectors (IVs).

The model is then tasked to pick the correct choice.

Scoring

A simple accuracy is calculated over the datapoints.