AutoGPT Recursive Self-Analysis Loop Detection

[MAVRICK-1]

🎯 Overview

This PR introduces a critical detection rule for AutoGPT recursive self-analysis loop vulnerability - addressing catastrophic agent failures where AutoGPT enters infinite loops attempting to debug its own execution. The rule identifies recursive task spawning leading to complete resource exhaustion and system crash.

CRE Playground Links

CRE-2025-0200 Playground: Test Rule

📊 AutoGPT Failure Modes Covered

#	Failure Type	Example Error Pattern
1	Recursive Analysis Loop	Entering recursive analysis loop to debug previous error
2	Self-Referential Tasks	COMMAND = analyze_code args: {"code": "autogpt error handling module"}
3	Exponential Token Growth	Token consumption rate: 2341 tokens/second
4	Memory Exhaustion	MemoryError: Cannot allocate memory for context storage
5	API Rate Limiting	openai.error.RateLimitError: Rate limit reached for gpt-4
6	Task Queue Overflow	Task buffer exceeded: 156 recursive analyze_code calls pending
7	Recursion Depth Exceeded	RecursionError: maximum recursion depth exceeded
8	Complete System Crash	AutoGPT crashed: Unrecoverable recursive loop detected

🧪 Testing & Validation

# Test the CRE rule with example logs
cat rules/cre-2025-0200/test.log | preq -r rules/cre-2025-0200/autogpt-recursive-self-analysis-loop.yaml

Detection Pattern

The rule detects the cascading failure pattern:

1. Initial error in AutoGPT execution
2. Agent attempts to analyze its own code
3. Recursive loop formation with increasing depth
4. Resource exhaustion (tokens, memory, API calls)
5. System crash

🎬 Reproduction Scenario

repo : https://github.com/MAVRICK-1/autogpt-env

Screencast.from.2025-08-31.23-03-40.mp4

🛡️ Mitigation Strategies

Immediate Actions

1. Loop Detection: Implement pattern matching for recursive self-analysis
2. Resource Limits: Set hard limits on token consumption per minute
3. Task Depth Control: Maximum recursion depth of 3 for any task chain
4. Circuit Breakers: Auto-shutdown after 3 similar consecutive failures

Long-term Solutions

1. Task Deduplication: Prevent identical recursive operations
2. Separate Monitoring: External process to detect runaway instances
3. Exponential Backoff: Increasing delays between retry attempts
4. Blacklist Self-Reference: Prevent agent from analyzing own code

📈 Impact Analysis

Severity: CRITICAL (0)

• Financial Impact: Potential thousands of dollars in API costs within minutes
• System Impact: Complete service outage, requires manual intervention
• Data Impact: Loss of agent state and ongoing work
• Recovery Time: 15-30 minutes for system restart and cleanup

Affected Versions

• AutoGPT >= 0.3.0
• All configurations using OpenAI API
• Particularly vulnerable with GPT-4 models due to higher token costs

📚 References

• AutoGPT Issue #1994 - Gets stuck in a loop
• AutoGPT Issue #3766 - Crash on Operation
• AutoGPT Issue #1543 - Crashes after thinking
• Auto-GPT Production Pitfalls Analysis

✅ Checklist

• CRE rule follows schema specification
• Test logs demonstrate the failure pattern
• Rule successfully detects the issue with preq
• Severity set to CRITICAL (0)
• Comprehensive mitigation strategies provided
• References to real AutoGPT issues included
• Impact score and mitigation score defined

closes #129
/claim #129

[tonymeehan]

Please resolve conflicts!

[MAVRICK-1]

@tonymeehan done