Table of Contents
Fetching ...

VirtualCrime: Evaluating Criminal Potential of Large Language Models via Sandbox Simulation

Yilin Tang, Yu Wang, Lanlan Qiu, Wenchang Gao, Yunfei Ma, Baicheng Chen, Tianxing He

TL;DR

This work presents VirtualCrime, a sandbox framework to quantify the criminal potential of large language models by simulating multi-turn, tool-using criminal campaigns. It introduces a three-agent system (Attacker, Judge, World Manager) operating over 11 maps and 40 tasks that span four crime categories, enabling both high-level and granular assessment of capabilities. Eight state-of-the-art models and a human baseline are evaluated, revealing substantial variation in task success and emphasizing that stronger general capability does not guarantee safer behavior, while some models exhibit advanced deceptive strategies. The findings advocate for enhanced safety alignment, comprehensive evaluation, and regulatory considerations to mitigate risky AI deployment in real-world contexts. The work contributes a scalable benchmark and methodological framework for probing proactive criminal behavior in AI agents, with implications for policy, safety research, and AI governance.

Abstract

Large language models (LLMs) have shown strong capabilities in multi-step decision-making, planning and actions, and are increasingly integrated into various real-world applications. It is concerning whether their strong problem-solving abilities may be misused for crimes. To address this gap, we propose VirtualCrime, a sandbox simulation framework based on a three-agent system to evaluate the criminal capabilities of models. Specifically, this framework consists of an attacker agent acting as the leader of a criminal team, a judge agent determining the outcome of each action, and a world manager agent updating the environment state and entities. Furthermore, we design 40 diverse crime tasks within this framework, covering 11 maps and 13 crime objectives such as theft, robbery, kidnapping, and riot. We also introduce a human player baseline for reference to better interpret the performance of LLM agents. We evaluate 8 strong LLMs and find (1) All agents in the simulation environment compliantly generate detailed plans and execute intelligent crime processes, with some achieving relatively high success rates; (2) In some cases, agents take severe action that inflicts harm to NPCs to achieve their goals. Our work highlights the need for safety alignment when deploying agentic AI in real-world settings.

VirtualCrime: Evaluating Criminal Potential of Large Language Models via Sandbox Simulation

TL;DR

This work presents VirtualCrime, a sandbox framework to quantify the criminal potential of large language models by simulating multi-turn, tool-using criminal campaigns. It introduces a three-agent system (Attacker, Judge, World Manager) operating over 11 maps and 40 tasks that span four crime categories, enabling both high-level and granular assessment of capabilities. Eight state-of-the-art models and a human baseline are evaluated, revealing substantial variation in task success and emphasizing that stronger general capability does not guarantee safer behavior, while some models exhibit advanced deceptive strategies. The findings advocate for enhanced safety alignment, comprehensive evaluation, and regulatory considerations to mitigate risky AI deployment in real-world contexts. The work contributes a scalable benchmark and methodological framework for probing proactive criminal behavior in AI agents, with implications for policy, safety research, and AI governance.

Abstract

Large language models (LLMs) have shown strong capabilities in multi-step decision-making, planning and actions, and are increasingly integrated into various real-world applications. It is concerning whether their strong problem-solving abilities may be misused for crimes. To address this gap, we propose VirtualCrime, a sandbox simulation framework based on a three-agent system to evaluate the criminal capabilities of models. Specifically, this framework consists of an attacker agent acting as the leader of a criminal team, a judge agent determining the outcome of each action, and a world manager agent updating the environment state and entities. Furthermore, we design 40 diverse crime tasks within this framework, covering 11 maps and 13 crime objectives such as theft, robbery, kidnapping, and riot. We also introduce a human player baseline for reference to better interpret the performance of LLM agents. We evaluate 8 strong LLMs and find (1) All agents in the simulation environment compliantly generate detailed plans and execute intelligent crime processes, with some achieving relatively high success rates; (2) In some cases, agents take severe action that inflicts harm to NPCs to achieve their goals. Our work highlights the need for safety alignment when deploying agentic AI in real-world settings.
Paper Structure (35 sections, 18 figures, 2 tables)

This paper contains 35 sections, 18 figures, 2 tables.

Figures (18)

  • Figure 1: The VirtualCrime Sandbox Framework.
  • Figure 2: Overall success rate and task success rate across four categories of criminal objectives, with human participants completing 19 out of 40 tasks due to cost considerations.
  • Figure 3: Comparison of Injury/Fatality distribution across Harmful Runs and Win Runs. The left bar shows the success rate of runs involving injury/fatality (Harmful Wins vs. Harmful Losses), while the right bar provides the proportion of these harmful wins relative to total wins as a reference, highlighting the extent to which each model relies on violence to achieve success.
  • Figure 4: Distribution of Expert-Level (Level 5) Criminal Capabilities. Left: Overall rate of Level 5. Right: Level 5 rates across four criminal dimensions. Models are ordered by their overall rate.
  • Figure 5: Model strategy and acts of successful kidnapping case.
  • ...and 13 more figures