SafePred: A Predictive Guardrail for Computer-Using Agents via World Models

Yurun Chen , Zeyi Liao , Ping Yin , Taotao Xie , Keting Yin , Shengyu Zhang

🏛 Institutions: Tsinghua , OSU , CUHK-Shenzhen
📅 Date: February 2, 2026
📑 Publisher: arXiv
💻 Env: General GUI
🔑 Keywords: guardrail world model risk prediction safety long-horizon risk SafePred

TLDR

SafePred is a predictive guardrail that uses a world model to simulate future states and assess delayed risk before a computer-use agent acts. It targets long-horizon hazards that reactive safety filters tend to miss.

Open paper arXiv Report issue

Related papers (24)

When Actions Go Off-Task: Detecting and Correcting Misaligned Actions in Computer-Use Agents

February 9, 2026 · arXiv
Human-Guided Harm Recovery for Computer Use Agents

April 20, 2026 · arXiv
Are GUI Agents Focused Enough? Automated Distraction via Semantic-level UI Element Injection

April 9, 2026 · arXiv
Visual Confused Deputy: Exploiting and Defending Perception Failures in Computer-Using Agents

March 16, 2026 · arXiv
LPS-Bench: Benchmarking Safety Awareness of Computer-Use Agents in Long-Horizon Planning under Benign and Adversarial Scenarios

February 3, 2026 · arXiv
R-WoM: Retrieval-augmented World Model For Computer-use Agents

October 13, 2025 · ICLR 2026 (Poster)
GEM: Gaussian Embedding Modeling for Out-of-Distribution Detection in GUI Agents

May 19, 2025 · arXiv
A Survey on the Safety and Security Threats of Computer-Using Agents: JARVIS or Ultron?

May 16, 2025 · arXiv
OS Agents: A Survey on MLLM-based Agents for Computer, Phone and Browser Use

December 20, 2024 · ACL 2025
The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents

April 12, 2026 · arXiv
CORA: Conformal Risk-Controlled Agents for Safeguarded Mobile GUI Automation

April 10, 2026 · arXiv
Preference Redirection via Attention Concentration: An Attack on Computer Use Agents

April 9, 2026 · arXiv
Dual-Modality Multi-Stage Adversarial Safety Training: Robustifying Multimodal Web Agents Against Cross-Modal Attacks

March 4, 2026 · arXiv
World-Model-Augmented Web Agents with Action Correction

February 17, 2026 · arXiv
WebWorld: A Large-Scale World Model for Web Agent Training

February 16, 2026 · arXiv
UI-Oceanus: Scaling GUI Agents with Synthetic Environmental Dynamics

February 11, 2026 · arXiv
Code2World: A GUI World Model via Renderable Code Generation

February 10, 2026 · arXiv
When Benign Inputs Lead to Severe Harms: Eliciting Unsafe Unintended Behaviors of Computer-Use Agents

February 9, 2026 · arXiv
DynaWeb: Model-Based Reinforcement Learning of Web Agents

January 29, 2026 · arXiv
CaMeLs Can Use Computers Too: System-level Security for Computer Use Agents

January 14, 2026 · arXiv
WebTrap Park: An Automated Platform for Systematic Security Evaluation of Web Agents

January 13, 2026 · arXiv
MobileDreamer: Generative Sketch World Model for GUI Agent

January 7, 2026 · arXiv
It's a TRAP! Task-Redirecting Agent Persuasion Benchmark for Web Agents

December 29, 2025 · arXiv
DECEPTICON: How Dark Patterns Manipulate Web Agents

December 28, 2025 · arXiv