The researchers executed 3,168 adversarial runs throughout NanoBrowser and BrowserUse utilizing 264 benchmark circumstances. Oblique immediate injection assaults, the place malicious directions are hidden inside bizarre internet content material resembling product evaluations and metadata, achieved assault success charges starting from 41.67% to 68.16%, whereas direct immediate injection exceeded 79% throughout all examined configurations.
“Crucially, these failures exhibit distinct patterns when analysed by a stakeholder lens: some assaults succeed with out disrupting the person’s delegated job whereas disproportionately harming third events (stealthy parasitism), whereas others disrupt job completion with out realizing the adversarial goal (misaligned disruption),” the researchers wrote in a paper.
OpenAI and Google didn’t instantly reply to requests for remark.
Each assault goal uncovered not less than one failure mode
The benchmark evaluated internet brokers throughout 4 attainable outcomes: Sturdy Conduct, Stealthy Parasitism, Misaligned Disruption, and Compounded Failure. Sturdy Conduct represents the perfect state wherein an agent completes a person’s job with out advancing an attacker’s goal or exhibiting execution instability.
