English
Related papers

Related papers: VPI-Bench: Visual Prompt Injection Attacks for Com…

200 papers

Computer Use Agents (CUAs), autonomous systems that interact with software interfaces via browsers or virtual machines, are rapidly being deployed in consumer and enterprise environments. These agents introduce novel attack surfaces and…

Computer-use agents (CUAs) can now autonomously complete complex tasks in real digital environments, but when misled, they can also be used to automate harmful actions programmatically. Existing safety evaluations largely target explicit…

Cryptography and Security · Computer Science 2026-04-20 Xuwei Ding , Skylar Zhai , Linxin Song , Jiate Li , Taiwei Shi , Nicholas Meade , Siva Reddy , Jian Kang , Jieyu Zhao

The integration of artificial intelligence (AI) agents into web browsers introduces security challenges that go beyond traditional web application threat models. Prior work has identified prompt injection as a new attack vector for web…

Machine Learning · Computer Science 2025-11-26 Kaiyuan Zhang , Mark Tenenholtz , Kyle Polley , Jerry Ma , Denis Yarats , Ninghui Li

AI agents are vulnerable to indirect prompt injection attacks, where malicious instructions embedded in external content or tool outputs cause unintended or harmful behavior. Inspired by the well-established concept of firewalls, we show…

Cryptography and Security · Computer Science 2026-03-24 Rishika Bhagwatkar , Kevin Kasa , Abhay Puri , Gabriel Huang , Irina Rish , Graham W. Taylor , Krishnamurthy Dj Dvijotham , Alexandre Lacoste

As LLM-based computer-use agents (CUAs) begin to autonomously interact with real-world interfaces, understanding their vulnerability to manipulative interface designs becomes increasingly critical. We introduce SusBench, an online benchmark…

Human-Computer Interaction · Computer Science 2026-02-24 Longjie Guo , Chenjie Yuan , Mingyuan Zhong , Robert Wolfe , Ruican Zhong , Yue Xu , Bingbing Wen , Hua Shen , Lucy Lu Wang , Alexis Hiniker

Autonomous UI agents powered by AI have tremendous potential to boost human productivity by automating routine tasks such as filing taxes and paying bills. However, a major challenge in unlocking their full potential is security, which is…

Cryptography and Security · Computer Science 2025-05-20 Ivan Evtimov , Arman Zharmagambetov , Aaron Grattafiori , Chuan Guo , Kamalika Chaudhuri

AI agents such as OpenClaw are increasingly deployed in local workflows with access to external tools. This creates indirect prompt-injection (IPI) risk: an agent may execute harmful instructions embedded in untrusted inputs such as email,…

Cryptography and Security · Computer Science 2026-05-26 Lei Zhao , Abhay Bhaskar , Edgar Dobriban

AI agents are vulnerable to prompt injection attacks, where malicious content hijacks agent behavior to steal credentials or cause financial loss. The only known robust defense is architectural isolation that strictly separates trusted task…

A Large Language Model (LLM) powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces (GUIs)…

Computer-use agents (CUAs) promise to automate complex tasks across operating systems (OS) and the web, but remain vulnerable to indirect prompt injection. Current evaluations of this threat either lack support realistic but controlled…

Computation and Language · Computer Science 2026-03-03 Zeyi Liao , Jaylen Jones , Linxi Jiang , Yuting Ning , Eric Fosler-Lussier , Yu Su , Zhiqiang Lin , Huan Sun

Multiple prompt injection attacks have been proposed against web agents. At the same time, various methods have been developed to detect general prompt injection attacks, but none have been systematically evaluated for web agents. In this…

Cryptography and Security · Computer Science 2025-10-03 Yinuo Liu , Ruohan Xu , Xilong Wang , Yuqi Jia , Neil Zhenqiang Gong

Graphical User Interface (GUI) agents are increasingly deployed to interact with online web services, yet their exposure to open-world content renders them vulnerable to Environmental Injection Attacks (EIAs). In these attacks, an attacker…

Cryptography and Security · Computer Science 2026-02-03 Yitong Zhang , Ximo Li , Liyi Cai , Jia Li

Multimodal Large Language Models (MLLMs) integrate vision and text to power applications, but this integration introduces new vulnerabilities. We study Image-based Prompt Injection (IPI), a black-box attack in which adversarial instructions…

Computer Vision and Pattern Recognition · Computer Science 2026-03-05 Neha Nagaraja , Lan Zhang , Zhilong Wang , Bo Zhang , Pawan Patil

Computer-use agent (CUA) frameworks, powered by large language models (LLMs) or multimodal LLMs (MLLMs), are rapidly maturing as assistants that can perceive context, reason, and act directly within software environments. Among their most…

Cryptography and Security · Computer Science 2025-10-13 Weidi Luo , Qiming Zhang , Tianyu Lu , Xiaogeng Liu , Bin Hu , Hung-Chun Chiu , Siyuan Ma , Yizhe Zhang , Xusheng Xiao , Yinzhi Cao , Zhen Xiang , Chaowei Xiao

As multimodal agents are increasingly trained to operate graphical user interfaces (GUIs) to complete user tasks, they face a growing threat from indirect prompt injection, attacks in which misleading instructions are embedded into the…

Artificial Intelligence · Computer Science 2025-05-21 Yijie Lu , Tianjie Ju , Manman Zhao , Xinbei Ma , Yuan Guo , ZhuoSheng Zhang

Advancements in multimodal foundation models have enabled the development of Computer Use Agents (CUAs) capable of autonomously interacting with GUI environments. As CUAs are not restricted to certain tools, they allow to automate more…

Machine Learning · Computer Science 2026-04-10 Dominik Seip , Matthias Hein

Graphical User Interface (GUI) agents powered by Large Vision-Language Models (LVLMs) have emerged as a revolutionary approach to automating human-machine interactions, capable of autonomously operating personal devices (e.g., mobile…

Computation and Language · Computer Science 2025-09-25 Ziang Ye , Yang Zhang , Wentao Shi , Xiaoyu You , Fuli Feng , Tat-Seng Chua

Retrieval-augmented generation (RAG) systems have become widely used for enhancing large language model capabilities, but they introduce significant security vulnerabilities through prompt injection attacks. We present a comprehensive…

Cryptography and Security · Computer Science 2025-11-21 Badrinath Ramakrishnan , Akshaya Balaji

Recent work has embodied LLMs as agents, allowing them to access tools, perform actions, and interact with external content (e.g., emails or websites). However, external content introduces the risk of indirect prompt injection (IPI)…

Computation and Language · Computer Science 2024-08-06 Qiusi Zhan , Zhixiang Liang , Zifan Ying , Daniel Kang

Recently, AI-driven interactions with computing devices have advanced from basic prototype tools to sophisticated, LLM-based systems that emulate human-like operations in graphical user interfaces. We are now witnessing the emergence of…

Computation and Language · Computer Science 2026-04-30 Ada Chen , Yongjiang Wu , Junyuan Zhang , Jingyu Xiao , Shu Yang , Jen-tse Huang , Kun Wang , Wenxuan Wang , Shuai Wang
‹ Prev 1 2 3 10 Next ›