Cross-Modal Content Optimization for Steering Web Agent Preferences
Tanqiu Jiang , Min Bai , Nikolaos Pappas , Yanjun Qi , Sandesh Swamy
- 🏛 Institutions
- Stony Brook University , AWS AI Labs
- 📅 Date
- October 4, 2025
- 📑 Publisher
- arXiv
- 💻 Env
- Web
- 🔑 Keywords
TLDR
This paper introduces Cross-Modal Preference Steering (CPS), a black-box attack that jointly perturbs an item's image and text to bias web-agent ranking and selection decisions. Under a realistic threat model where the attacker controls only their own listing metadata, CPS outperforms prior baselines across GPT-4.1, Qwen-2.5VL, and Pixtral-Large while keeping detection rates much lower.
Related papers (24)
- AdvAgent: Controllable Blackbox Red-teaming on Web AgentsOctober 22, 2024 · ICML 2025 (Poster)
- GUI Agents for Continual Game GenerationMay 27, 2026 · arXiv
- Odysseys: Benchmarking Web Agents on Realistic Long Horizon TasksApril 27, 2026 · arXiv
- WebForge: Breaking the Realism-Reproducibility-Scalability Trilemma in Browser Agent BenchmarkApril 13, 2026 · arXiv
- The Amazing Agent Race: Strong Tool Users, Weak NavigatorsApril 11, 2026 · arXiv
- Same Outcomes, Different Journeys: A Trace-Level Framework for Comparing Human and GUI-Agent Behavior in Production Search SystemsApril 9, 2026 · arXiv
- MolmoWeb: Open Visual Web Agent and Open Data for the Open WebApril 9, 2026 · arXiv
- ClawBench: Can AI Agents Complete Everyday Online Tasks?April 9, 2026 · arXiv
- GameWorld: Towards Standardized and Verifiable Evaluation of Multimodal Game AgentsApril 8, 2026 · arXiv
- WebSP-Eval: Evaluating Web Agents on Website Security and Privacy TasksApril 7, 2026 · arXiv
- The Art of Building Verifiers for Computer Use AgentsApril 5, 2026 · arXiv
- The Tool Illusion: Rethinking Tool Use in Web AgentsApril 3, 2026 · arXiv
- When Users Change Their Mind: Evaluating Interruptible Agents in Long-Horizon Web NavigationApril 1, 2026 · arXiv
- WebArena-Infinity: Generating Browser Environments with Verifiable Tasks at ScaleMarch 2026 · Blog Post
- Vision2Web: A Hierarchical Benchmark for Visual Website Development with Agent VerificationMarch 27, 2026 · arXiv
- WebTestBench: Evaluating Computer-Use Agents towards End-to-End Automated Web TestingMarch 26, 2026 · arXiv
- Ego2Web: A Web Agent Benchmark Grounded in Egocentric VideosMarch 23, 2026 · CVPR 2026
- ContractSkill: Repairable Contract-Based Skills for Multimodal Web AgentsMarch 20, 2026 · arXiv
- WebPII: Benchmarking Visual PII Detection for Computer-Use AgentsMarch 18, 2026 · arXiv
- Why Do LLM-based Web Agents Fail? A Hierarchical Planning PerspectiveMarch 15, 2026 · arXiv
- AI Planning Framework for LLM-Based Web AgentsMarch 13, 2026 · arXiv
- HATS: Hardness-Aware Trajectory Synthesis for GUI AgentsMarch 12, 2026 · CVPR 2026
- Safe and Scalable Web Agent Learning via Recreated WebsitesMarch 11, 2026 · arXiv
- SpecOps: A Fully Automated AI Agent Testing Framework in Real-World GUI EnvironmentsMarch 10, 2026 · ICSE 2026