Preference Redirection via Attention Concentration: An Attack on Computer Use Agents

PRAC is a novel attack on Computer Use Agents that redirects model attention toward a stealthy adversarial patch to alter internal preferences rather than directly manipulating outputs. The attack influences product selection on online shopping platforms and generalizes across fine-tuned variants of the same backbone, highlighting risks for CUAs built on open-weight models.

• The Blind Spot of Agent Safety: How Benign User Instructions Expose Critical Vulnerabilities in Computer-Use Agents
  April 12, 2026 · arXiv
• VPI-Bench: Visual Prompt Injection Attacks for Computer-Use Agents
  June 3, 2025 · ICLR 2026 (Poster)
• Attacking Vision-Language Computer Agents via Pop-ups
  November 4, 2024 · ACL 2025
• Dual-Modality Multi-Stage Adversarial Safety Training: Robustifying Multimodal Web Agents Against Cross-Modal Attacks
  March 4, 2026 · arXiv
• Zero-Permission Manipulation: Can We Trust Large Multimodal Model Powered GUI Agents?
  January 18, 2026 · arXiv
• Genesis: Evolving Attack Strategies for LLM Web Agent Red-Teaming
  October 21, 2025 · ICME 2026
• A Survey on the Safety and Security Threats of Computer-Using Agents: JARVIS or Ultron?
  May 16, 2025 · arXiv
• Dissecting Adversarial Robustness of Multimodal LM Agents
  June 18, 2024 · ICLR 2025 (Poster)
• When Benign Inputs Lead to Severe Harms: Eliciting Unsafe Unintended Behaviors of Computer-Use Agents
  February 9, 2026 · arXiv
• When Actions Go Off-Task: Detecting and Correcting Misaligned Actions in Computer-Use Agents
  February 9, 2026 · arXiv
• CaMeLs Can Use Computers Too: System-level Security for Computer Use Agents
  January 14, 2026 · arXiv
• AgentSentinel: An End-to-End and Real-Time Security Defense Framework for Computer-Use Agents
  September 9, 2025 · CCS 2025
• macOSWorld: A Multilingual Interactive Benchmark for GUI Agents
  June 4, 2025 · NeurIPS 2025 (Poster)
• RiOSWorld: Benchmarking the Risk of Multimodal Computer-Use Agents
  May 31, 2025 · NeurIPS 2025 (Poster)
• RedTeamCUA: Realistic Adversarial Testing of Computer-Use Agents in Hybrid Web-OS Environments
  May 28, 2025 · ICLR 2026 (Oral)
• sudo rm -rf agentic_security
  March 26, 2025 · ACL 2025 Industry Track
• MIP against Agent: Malicious Image Patches Hijacking Multimodal OS Agents
  March 13, 2025 · NeurIPS 2025 (Poster)
• In-Context Defense in Computer Agents: An Empirical Study
  March 12, 2025 · arXiv
• Human-Guided Harm Recovery for Computer Use Agents
  April 20, 2026 · arXiv
• CORA: Conformal Risk-Controlled Agents for Safeguarded Mobile GUI Automation
  April 10, 2026 · arXiv
• Are GUI Agents Focused Enough? Automated Distraction via Semantic-level UI Element Injection
  April 9, 2026 · arXiv
• WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks
  April 7, 2026 · arXiv
• AgentRAE: Remote Action Execution through Notification-based Visual Backdoors against Screenshots-based Mobile GUI Agents
  March 24, 2026 · arXiv
• Visual Confused Deputy: Exploiting and Defending Perception Failures in Computer-Using Agents
  March 16, 2026 · arXiv