In-Browser LLM-Guided Fuzzing for Real-Time Prompt Injection Testing in Agentic AI Browsers

This paper studies prompt-injection testing for agentic AI browsers with an LLM-guided fuzzing loop that runs inside a real browser and mutates malicious pages using immediate attack feedback. It reports that simple attacks are usually blocked, but adaptive mutations drive failure rates to 58-74% by the tenth iteration, with page summarization and question-answering features showing the highest risk.

• WebSentinel: Detecting and Localizing Prompt Injection Attacks for Web Agents
  February 3, 2026 · arXiv
• It's a TRAP! Task-Redirecting Agent Persuasion Benchmark for Web Agents
  December 29, 2025 · arXiv
• Genesis: Evolving Attack Strategies for LLM Web Agent Red-Teaming
  October 21, 2025 · ICME 2026
• WebInject: Prompt Injection Attack to Web Agents
  May 16, 2025 · EMNLP 2025 (Poster)
• WASP: Benchmarking Web Agent Security Against Prompt Injection Attacks
  April 22, 2025 · NeurIPS 2025 (Poster)
• EIA: Environmental Injection Attack on Generalist Web Agents for Privacy Leakage
  September 17, 2024 · ICLR 2025 (Poster)