SlowBA: An efficiency backdoor attack towards VLM-based GUI agents

SlowBA studies a backdoor attack on VLM-based GUI agents that targets response efficiency rather than action correctness, using realistic pop-up triggers to induce excessively long reasoning chains. Its two-stage reward-level backdoor injection stays stealthy, preserves task accuracy, and substantially increases latency under trigger conditions.

• AgentRAE: Remote Action Execution through Notification-based Visual Backdoors against Screenshots-based Mobile GUI Agents
  March 24, 2026 · arXiv
• Visual Confused Deputy: Exploiting and Defending Perception Failures in Computer-Using Agents
  March 16, 2026 · arXiv
• A Survey on the Safety and Security Threats of Computer-Using Agents: JARVIS or Ultron?
  May 16, 2025 · arXiv
• The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents
  April 12, 2026 · arXiv
• Preference Redirection via Attention Concentration: An Attack on Computer Use Agents
  April 9, 2026 · arXiv
• WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks
  April 7, 2026 · arXiv
• Dual-Modality Multi-Stage Adversarial Safety Training: Robustifying Multimodal Web Agents Against Cross-Modal Attacks
  March 4, 2026 · arXiv
• WebSentinel: Detecting and Localizing Prompt Injection Attacks for Web Agents
  February 3, 2026 · arXiv
• Zero-Permission Manipulation: Can We Trust Large Multimodal Model Powered GUI Agents?
  January 18, 2026 · arXiv
• HackWorld: Evaluating Computer-Use Agents on Exploiting Web Application Vulnerabilities
  October 14, 2025 · ICLR 2026 (Poster)
• Environmental Injection Attacks against GUI Agents in Realistic Dynamic Environments
  September 14, 2025 · arXiv
• AgentSentinel: An End-to-End and Real-Time Security Defense Framework for Computer-Use Agents
  September 9, 2025 · CCS 2025
• VPI-Bench: Visual Prompt Injection Attacks for Computer-Use Agents
  June 3, 2025 · ICLR 2026 (Poster)
• RedTeamCUA: Realistic Adversarial Testing of Computer-Use Agents in Hybrid Web-OS Environments
  May 28, 2025 · ICLR 2026 (Oral)
• WebInject: Prompt Injection Attack to Web Agents
  May 16, 2025 · EMNLP 2025 (Poster)
• LLM-Powered GUI Agents in Phone Automation: Surveying Progress and Prospects
  April 28, 2025 · TMLR 2025
• WASP: Benchmarking Web Agent Security Against Prompt Injection Attacks
  April 22, 2025 · NeurIPS 2025 (Poster)
• sudo rm -rf agentic_security
  March 26, 2025 · ACL 2025 Industry Track
• MIP against Agent: Malicious Image Patches Hijacking Multimodal OS Agents
  March 13, 2025 · NeurIPS 2025 (Poster)
• In-Context Defense in Computer Agents: An Empirical Study
  March 12, 2025 · arXiv
• Why Are Web AI Agents More Vulnerable Than Standalone LLMs? A Security Analysis
  February 27, 2025 · arXiv
• Evaluating the Robustness of Multimodal Agents Against Active Environmental Injection Attacks
  February 18, 2025 · ACM MM 2025
• Naive Visual Memory is Not Enough: A Failure-Mode Study of GUI Agents
  June 12, 2026 · arXiv
• Demo2Tutorial: From Human Experience to Multimodal Software Tutorials
  June 2, 2026 · arXiv