Skip to content

Fixing field name mismatch in CyberSOCEval malware analysis prompt generation #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kyle-deprow wants to merge 1 commit into from
Closed

Fixing field name mismatch in CyberSOCEval malware analysis prompt generation #136

kyle-deprow wants to merge 1 commit into from

Conversation

@kyle-deprow
Copy link

@kyle-deprow kyle-deprow commented Oct 23, 2025

This PR fixes a critical bug in the CyberSOCEval4 Malware Analysis benchmark where prompts were being generated with "None" as the question text. The issue was caused by a field name mismatch in malware_analysis.py. The code was attempting to retrieve the question using test_case.get("question_text"), but the actual dataset file (questions.json) stores the question under the field name "question". This caused all prompts to be generated with the literal string "None" instead of the actual question text, resulting in prompts like "Answer the following multi-choice question: None." being sent to the models under test. The fix changes the field accessor from "question_text" to "question" to match the dataset schema, ensuring that the actual question text is properly included in the generated prompts.

Fixing bug in CyberSOCEval malware analysis resulting in
b1a3885 
'None' questions being passed to model
@meta-cla meta-cla bot added the cla signed label Oct 23, 2025
laurendeason
laurendeason approved these changes Oct 24, 2025
View reviewed changes
Copy link
Contributor

@laurendeason laurendeason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is indeed a critical bug. Thank you so much for bringing it to our attention! We will be regenerating results for this benchmark post fix.

@meta-codesync
Copy link

meta-codesync bot commented Oct 24, 2025

@laurendeason has imported this pull request. If you are a Meta employee, you can view this in D85461327.

@meta-codesync meta-codesync bot closed this in 1d30117 Oct 24, 2025
@meta-codesync
Copy link

meta-codesync bot commented Oct 24, 2025

@laurendeason merged this pull request in 1d30117.

@lshariprasad
Copy link

lshariprasad commented Oct 25, 2025

PR Summary:
This pull request fixes a critical bug in the CyberSOCEval4 Malware Analysis benchmark where prompts were incorrectly generated with "None" as the question text.

Root Cause:
The issue was caused by a field name mismatch in malware_analysis.py. The code attempted to access test_case.get("question_text"), but the dataset file (questions.json) actually stores the question under the field name "question".

Impact:
Because of this mismatch, all generated prompts used the literal string "None" instead of the intended question, producing malformed inputs such as:
Answer the following multi-choice question: None.

Fix Implemented:
The field accessor was updated from "question_text" to "question" in malware_analysis.py to correctly align with the dataset schema. This ensures that actual question text is now properly included in the generated prompts during model evaluation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@laurendeason laurendeason laurendeason approved these changes

+1 more reviewer

@thepointer1982 thepointer1982 thepointer1982 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla signed Merged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@kyle-deprow @lshariprasad @laurendeason @thepointer1982 @facebook-github-bot