Nov 23, 2025
Honeypots, Sparse Autoencoders, and Adversarial Probes: A Practical Toolkit for Evaluating Safety Monitors in Reasoning Models
Subramanyam Sahoo
SentinelGym is a unified defensive AI system that combines honeypot-based vulnerability injection, GRPO safety finetuning, sparse-autoencoder mechanistic interpretability, and adversarial probe evaluation to test and harden code-generating language models against AI-enabled cyber threats. By injecting synthetic vulnerabilities, auditing internal representations through SAEs, and stress-testing linear probes with adversarial red-team strategies, SentinelGym exposes both behavioral and mechanistic failure modes—such as collusion, unsafe reasoning, and probe brittleness—that traditional evaluations miss. The result is a practical, reproducible framework that strengthens the defensive “shield,” enables early detection of harmful internal model behaviors, and demonstrates measurable improvement in secure coding patterns after finetuning, directly advancing the core goals of defensive acceleration.
Team really seemed to capture the spirit of this hackathon. SentinelGym shows potential, but may be spreading itself too thin. For a low-stakes hackathon just trying to introduce participants to the idea of developing with code-model defense in mind, the team put together a great prototype / demo.
I worry that a “professional” version of this toolkit might fall short in certain areas and give developers a false sense of security. Instead of independently developing every defense component, SentinelGym could focus on integrating the most mature existing tools and directing effort toward strengthening a smaller set of high-value defenses. This would reduce maintenance burden and produce a clearer, more reliable toolkit that developers can confidently rely on.
It may also help to clarify the primary intended users and deployment environments so future work can prioritize evaluation that reflects real defensive needs. I'd like to see more explicitly outlined connection to specific threats. Establishing clearer success metrics would help ensure that the toolkit improves outcomes rather than just increasing system complexity.
Cite this work
@misc {
title={
(HckPrj) Honeypots, Sparse Autoencoders, and Adversarial Probes: A Practical Toolkit for Evaluating Safety Monitors in Reasoning Models
},
author={
Subramanyam Sahoo
},
date={
11/23/25
},
organization={Apart Research},
note={Research submission to the research sprint hosted by Apart.},
howpublished={https://apartresearch.com}
}
