Evaluating the Robustness of Multimodal Agents Against Active Environmental Injection Attacks

Yurun Chen, Xavier Hu, Keting Yin, Juncheng Li, Shengyu Zhang

🏛 Institutions: ZJU
📅 Date: February 18, 2025
📑 Publisher: ACM MM 2025
💻 Env: Mobile
🔑 Keywords: security AEIA AEIA-MN mobile notifications reasoning gap vulnerabilities

TLDR

This paper defines Active Environment Injection Attacks, where malicious content is disguised as ordinary environmental elements to manipulate multimodal agents. Its AEIA-MN attack uses mobile notifications and reasoning-gap exploitation to show that AndroidWorld agents remain highly vulnerable.

Open paper arXiv Edit on GitHub Report issue

Related papers

AgentRAE: Remote Action Execution through Notification-based Visual Backdoors against Screenshots-based Mobile GUI Agents

March 24, 2026 · arXiv
Zero-Permission Manipulation: Can We Trust Large Multimodal Model Powered GUI Agents?

January 18, 2026 · arXiv
LLM-Powered GUI Agents in Phone Automation: Surveying Progress and Prospects

April 28, 2025 · TMLR 2025
The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents

April 12, 2026 · arXiv
Preference Redirection via Attention Concentration: An Attack on Computer Use Agents

April 9, 2026 · arXiv
WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks

April 7, 2026 · arXiv