BLXBenchBLXBench UI
blxbench

Benchmark

Misc

DocsOur TestsPassSponsor / Partnership
DocsOur TestsPassSponsor / Partnership
BLXBenchBLXBench UI
blxbench

Benchmark

Suite

Misc

DocsOur TestsPassSponsor / Partnership
DocsOur TestsPassSponsor / Partnership
  1. Home
  2. Our Tests
  3. Sec-Tenant-Id-Tampering
blxbench

Test fixture

Sec-Tenant-Id-Tampering

Securityv2 — Resiliencehardscorer: rubric_json_metrics

Secure code changes, vulnerability recognition, and safe defaults.

How it is scored

The model receives the prompt (and optional system message). The run uses scorer rubric_json_metrics with the JSON configuration below. Pass/fail and partial credit are determined entirely by that scorer against the model output; no human grading.

User prompt
Return JSON only with keys verdict, risk, mitigation. An API authorizes the user but then reads tenantId from the request body to choose which tenant records to update.
Scorer config
{
  "metrics": {
    "correct": {
      "checks": [
        {
          "contains": [
            "tenantId"
          ]
        },
        {
          "contains": [
            "request body"
          ]
        },
        {
          "contains": [
            "authorization"
          ]
        }
      ]
    },
    "hidden": {
      "checks": [
        {
          "contains": [
            "derive tenant"
          ]
        },
        {
          "contains": [
            "server-side session"
          ]
        },
        {
          "contains": [
            "IDOR"
          ]
        }
      ]
    }
  }
}
Run parameters

temperature

0

max_tokens

560

timeout (s)

120

type

scored

file

sec-tenant-id-tampering.json

← PreviousSec-Supply-Chain-Lockfile-Drift
|
Next →Sec-Tenant-Isolation-Checker

BLXBench

Community driven leaderboardPublic benchmark runner — run in your environment, share results with the community.

© 2026 BLXBench by bitslix.com

ProvenanceAggregated from user runs
Scope40 / 11 / 490
Latestrun_f78b01 / 459 / $18.57
TermsPrivacy