AI systems deployed in high-stakes settings often suffer from insufficient real-world data, leading to weak adversarial strategies and inaccurate risk assessments. Method: This paper proposes a synthetic-data-driven framework for optimizing adversarial capability. It innovatively decouples attack proficiency into five core skills—each independently optimized—and integrates probabilistic modeling with attack dynamics simulation to ensure reliable transfer from synthetic environments to real-world scenarios. The framework incorporates SHADE-Arena—a controlled adversarial testing environment—and Bayesian hyperparameter optimization. Contribution/Results: Experiments demonstrate substantial improvements in attack intensity: the security score drops from a baseline of 0.87 to 0.41, validating the method’s effectiveness, robustness, and cross-environment transferability.

As AI deployments become more complex and high-stakes, it becomes increasingly important to be able to estimate their risk. AI control is one framework for doing so. However, good control evaluations require eliciting strong attack policies. This can be challenging in complex agentic environments where compute constraints leave us data-poor. In this work, we show how to optimize attack policies in SHADE-Arena, a dataset of diverse realistic control environments. We do this by decomposing attack capability into five constituent skills -- suspicion modeling, attack selection, plan synthesis, execution and subtlety -- and optimizing each component individually. To get around the constraint of limited data, we develop a probabilistic model of attack dynamics, optimize our attack hyperparameters using this simulation, and then show that the results transfer to SHADE-Arena. This results in a substantial improvement in attack strength, reducing safety score from a baseline of 0.87 to 0.41 using our scaffold.