A Survey on the Safety and Security Threats of Computer-Using Agents: JARVIS or Ultron?

This survey systematizes safety and security risks in computer-using agents, from reasoning failures and multimodal vulnerabilities to risks introduced by multi-component agent stacks. It organizes the field around threat categories, defensive strategies, and the benchmarks and datasets currently used to study secure CUA deployment.

• OS Agents: A Survey on MLLM-based Agents for Computer, Phone and Browser Use
  December 20, 2024 · ACL 2025
• The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents
  April 12, 2026 · arXiv
• Preference Redirection via Attention Concentration: An Attack on Computer Use Agents
  April 9, 2026 · arXiv
• Dual-Modality Multi-Stage Adversarial Safety Training: Robustifying Multimodal Web Agents Against Cross-Modal Attacks
  March 4, 2026 · arXiv
• LLM-Powered GUI Agents in Phone Automation: Surveying Progress and Prospects
  April 28, 2025 · TMLR 2025
• Human-Guided Harm Recovery for Computer Use Agents
  April 20, 2026 · arXiv
• Are GUI Agents Focused Enough? Automated Distraction via Semantic-level UI Element Injection
  April 9, 2026 · arXiv
• Visual Confused Deputy: Exploiting and Defending Perception Failures in Computer-Using Agents
  March 16, 2026 · arXiv
• SlowBA: An efficiency backdoor attack towards VLM-based GUI agents
  March 9, 2026 · arXiv
• LPS-Bench: Benchmarking Safety Awareness of Computer-Use Agents in Long-Horizon Planning under Benign and Adversarial Scenarios
  February 3, 2026 · arXiv
• SafePred: A Predictive Guardrail for Computer-Using Agents via World Models
  February 2, 2026 · arXiv
• GEM: Gaussian Embedding Modeling for Out-of-Distribution Detection in GUI Agents
  May 19, 2025 · arXiv
• A Survey on GUI Agents with Foundation Models Enhanced by Reinforcement Learning
  April 29, 2025 · arXiv
• Towards Trustworthy GUI Agents: A Survey
  March 30, 2025 · arXiv
• GUI Agents: A Survey
  December 18, 2024 · Findings of ACL 2025
• GUI Agents with Foundation Models: A Comprehensive Survey
  November 7, 2024 · arXiv
• CORA: Conformal Risk-Controlled Agents for Safeguarded Mobile GUI Automation
  April 10, 2026 · arXiv
• WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks
  April 7, 2026 · arXiv
• AgentRAE: Remote Action Execution through Notification-based Visual Backdoors against Screenshots-based Mobile GUI Agents
  March 24, 2026 · arXiv
• When Benign Inputs Lead to Severe Harms: Eliciting Unsafe Unintended Behaviors of Computer-Use Agents
  February 9, 2026 · arXiv
• When Actions Go Off-Task: Detecting and Correcting Misaligned Actions in Computer-Use Agents
  February 9, 2026 · arXiv
• WebSentinel: Detecting and Localizing Prompt Injection Attacks for Web Agents
  February 3, 2026 · arXiv
• Zero-Permission Manipulation: Can We Trust Large Multimodal Model Powered GUI Agents?
  January 18, 2026 · arXiv
• CaMeLs Can Use Computers Too: System-level Security for Computer Use Agents
  January 14, 2026 · arXiv