Measuring Security Without Fooling Ourselves: Why Benchmarking Agents Is Hard | Dark Hacker News