From c05997285a66d970625f4b29debc5dc1520b99ea Mon Sep 17 00:00:00 2001 From: amanycodes Date: Fri, 10 Oct 2025 00:27:51 +0530 Subject: [PATCH] fix the missing autogpt CRE Signed-off-by: amanycodes --- .../autogpt-recursive-self-analysis-loop.yaml | 68 +++++++++++++++++++ rules/cre-2025-0145/test.log | 35 ++++++++++ 2 files changed, 103 insertions(+) create mode 100644 rules/cre-2025-0145/autogpt-recursive-self-analysis-loop.yaml create mode 100644 rules/cre-2025-0145/test.log diff --git a/rules/cre-2025-0145/autogpt-recursive-self-analysis-loop.yaml b/rules/cre-2025-0145/autogpt-recursive-self-analysis-loop.yaml new file mode 100644 index 0000000..08fd469 --- /dev/null +++ b/rules/cre-2025-0145/autogpt-recursive-self-analysis-loop.yaml @@ -0,0 +1,68 @@ +rules: +- cre: + id: CRE-2025-0145 + severity: 0 + title: AutoGPT Recursive Self-Analysis Loop Leading to Token Exhaustion and System Crash + category: infinite-loop-problem + author: prequel + description: | + - AutoGPT enters an infinite recursive loop when attempting to analyze and fix its own execution errors + - The agent repeatedly tries to debug its own code, spawning new analysis tasks for each failure + - Each iteration consumes API tokens and memory, eventually exhausting resources + - The loop accelerates as error messages grow longer, consuming tokens exponentially + - System becomes unresponsive and crashes with out-of-memory errors or API rate limit failures + cause: | + - AutoGPT's autonomous reasoning incorrectly identifies its own execution as a problem to solve + - Lack of loop detection mechanisms allows unlimited recursive task spawning + - Error context accumulation causes exponential growth in prompt size + - Missing safeguards for self-referential task creation + - Insufficient resource monitoring and circuit breakers for runaway processes + tags: + - autogpt + - infinite-loop + - token-exhaustion + - autonomous-agents + - llm + - openai + - recursive-analysis + - critical-failure + - memory-exhaustion + - crash-loop + - rate-limiting + mitigation: | + - Implement loop detection to identify and break recursive self-analysis patterns + - Add resource consumption thresholds (tokens, memory, API calls) with automatic shutdown + - Create task depth limits to prevent unlimited recursion + - Implement circuit breakers that trigger after repeated similar failures + - Add explicit blacklist for self-referential task creation + - Monitor token usage rate and implement exponential backoff + - Use separate monitoring process to detect and kill runaway AutoGPT instances + - Implement task deduplication to prevent identical recursive operations + references: + - https://github.com/Significant-Gravitas/AutoGPT/issues/1994 + - https://github.com/Significant-Gravitas/AutoGPT/issues/3766 + - https://github.com/Significant-Gravitas/AutoGPT/issues/1543 + - https://jina.ai/news/auto-gpt-unmasked-hype-hard-truths-production-pitfalls/ + applications: + - name: autogpt + version: ">=0.3.0" + - name: openai + version: ">=0.27.0" + impact: Complete system failure with resource exhaustion, potential financial losses from API overconsumption + impactScore: 9 + mitigationScore: 3 + reports: 15 + metadata: + kind: prequel + id: 4kRDJ3CPPMtMZu5xr8Vo28 + gen: 1 + rule: + set: + window: 30s + event: + source: cre.log.autogpt + match: + - value: 'Entering recursive analysis loop' + - value: 'COMMAND = analyze_code' + - value: 'recursion depth' + - value: 'RecursionError: maximum recursion depth exceeded' diff --git a/rules/cre-2025-0145/test.log b/rules/cre-2025-0145/test.log new file mode 100644 index 0000000..c781393 --- /dev/null +++ b/rules/cre-2025-0145/test.log @@ -0,0 +1,35 @@ +2025-08-31 14:23:45.234 [INFO] [autogpt.main] Starting AutoGPT v0.5.1 with goal: "Optimize my Python code for better performance" +2025-08-31 14:23:45.567 [INFO] [autogpt.llm] Initializing OpenAI API client with model gpt-4 +2025-08-31 14:23:46.102 [INFO] [autogpt.agent] Agent initialized with memory backend: LocalCache +2025-08-31 14:23:47.234 [INFO] [autogpt.agent] COMMAND = analyze_code args: {"code": "def slow_function():\\n result = []\\n for i in range(1000000):\\n result.append(i**2)\\n return result"} +2025-08-31 14:23:48.567 [ERROR] [autogpt.commands] Error executing analyze_code: JSONDecodeError in response +2025-08-31 14:23:48.890 [WARN] [autogpt.agent] Entering recursive analysis loop to debug previous error +2025-08-31 14:23:49.234 [INFO] [autogpt.agent] THOUGHTS: Previous command failed, need to analyze what went wrong +2025-08-31 14:23:49.567 [INFO] [autogpt.agent] NEXT ACTION: COMMAND = analyze_code args: {"code": "analyze_code function from autogpt/commands/analyze_code.py", "recursion depth": 1} +2025-08-31 14:23:50.123 [DEBUG] [autogpt.memory] Storing error context, current size: 2.3MB +2025-08-31 14:23:50.890 [ERROR] [autogpt.commands] Error executing analyze_code: Cannot analyze own execution context +2025-08-31 14:23:51.234 [WARN] [autogpt.agent] Thinking... need to fix my own error handling +2025-08-31 14:23:51.678 [INFO] [autogpt.agent] COMMAND = analyze_code args: {"code": "autogpt error handling module", "recursion depth": 2} +2025-08-31 14:23:52.345 [DEBUG] [autogpt.memory] Memory usage increasing: 5.7MB, token count: 8234 +2025-08-31 14:23:52.890 [ERROR] [autogpt.llm] API request failed: context length exceeded +2025-08-31 14:23:53.234 [INFO] [autogpt.agent] SYSTEM: Potential loop detected but continuing to resolve errors +2025-08-31 14:23:53.567 [INFO] [autogpt.agent] THOUGHTS: Error analyzing previous attempt, need deeper analysis +2025-08-31 14:23:54.012 [INFO] [autogpt.agent] NEXT ACTION: COMMAND = analyze_code args: {"code": "full autogpt execution trace", "recursion depth": 3} +2025-08-31 14:23:54.678 [WARN] [autogpt.monitor] Task queue growing: 12 pending tasks +2025-08-31 14:23:55.234 [DEBUG] [autogpt.memory] Memory usage: 12.4MB, token count: 15672 +2025-08-31 14:23:55.890 [ERROR] [autogpt.commands] RecursionError: maximum recursion depth exceeded while calling analyze_code +2025-08-31 14:23:56.345 [CRITICAL] [autogpt.agent] Task queue overflow: 47 pending recursive tasks +2025-08-31 14:23:56.789 [INFO] [autogpt.agent] COMMAND = analyze_code args: {"code": "recursion error in analyze_code", "recursion depth": 4} +2025-08-31 14:23:57.234 [ERROR] [autogpt.llm] openai.error.RateLimitError: Rate limit reached for gpt-4 in organization +2025-08-31 14:23:57.567 [WARN] [autogpt.monitor] Token consumption rate: 2341 tokens/second +2025-08-31 14:23:58.012 [DEBUG] [autogpt.memory] Memory usage critical: 45.8MB, token count: 42318 +2025-08-31 14:23:58.456 [ERROR] [autogpt.agent] Too many pending tasks: 89 in queue +2025-08-31 14:23:58.890 [INFO] [autogpt.agent] THOUGHTS: Still analyzing previous errors, must understand the recursion +2025-08-31 14:23:59.234 [INFO] [autogpt.agent] NEXT ACTION: COMMAND = analyze_code args: {"code": "entire autogpt error stack", "recursion depth": 5} +2025-08-31 14:23:59.678 [CRITICAL] [autogpt.monitor] JavaScript heap out of memory +2025-08-31 14:24:00.123 [ERROR] [autogpt.memory] MemoryError: Cannot allocate memory for context storage +2025-08-31 14:24:00.456 [CRITICAL] [autogpt.agent] Task buffer exceeded: 156 recursive analyze_code calls pending +2025-08-31 14:24:00.789 [ERROR] [autogpt.llm] API rate limit exceeded: 429 Too Many Requests +2025-08-31 14:24:01.123 [FATAL] [autogpt.main] AutoGPT crashed: Unrecoverable recursive loop detected +2025-08-31 14:24:01.234 [INFO] [autogpt.cleanup] Emergency shutdown initiated +2025-08-31 14:24:01.345 [ERROR] [autogpt.cleanup] Failed to save state: Out of memory