Preference Redirection via Attention Concentration: An Attack on Computer Use Agents

Dominik Seip, Matthias Hein

🏛 Institutions: University of Tübingen
📅 Date: April 9, 2026
📑 Publisher: arXiv
💻 Env: Desktop
🔑 Keywords: security safety attack adversarial patch attention manipulation PRAC

TLDR

PRAC is a novel attack on Computer Use Agents that redirects model attention toward a stealthy adversarial patch to alter internal preferences rather than directly manipulating outputs. The attack influences product selection on online shopping platforms and generalizes across fine-tuned variants of the same backbone, highlighting risks for CUAs built on open-weight models.

Open paper arXiv Edit on GitHub Report issue