Weathering the CUA Storm: Mapping Security Threats in the Rapid Rise of Computer Use Agents

Daniel Jones; Martin Pouliot; Giorgio Severi; Joris de Gruyter; Gary David Lopez Munoz; Santiago Zanella-Beguelin; Justin Song; Amanda J. Minnich; Pamela Cortez

Weathering the CUA Storm: Mapping Security Threats in the Rapid Rise of Computer Use Agents

Daniel Jones, Martin Pouliot, Giorgio Severi, Joris de Gruyter, Gary David Lopez Munoz, Santiago Zanella-Beguelin, Justin Song, Amanda J. Minnich, Pamela Cortez

Published: 08 Jun 2025, Last Modified: 27 Jun 2025WCUA 2025 PosterEveryoneRevisionsBibTeXCC BY 4.0

Submission Track: Paper Track (up to 8 pages)

Keywords: Computer Use Agents (CUAs); Human-in-the-Loop (HiTL); Indirect Prompt Injection; Prompt Injection Attacks; Agent Exploitability; RCE (Remote Code Execution); Security Risks in Autonomous Agents; Chain-of-Thought (CoT) Leakage; Identity Ambiguity; Privacy Profiling; Red Teaming; Agent Safety Evaluation;

TL;DR: A position paper on the security threats of computer-use agents

Abstract: Computer Use Agents (CUAs) - AI agents that interact with software interfaces like virtual machines (VMs) or web browsers - are rapidly being deployed across consumer and enterprise workflows. The security boundaries of CUAs, however, remain poorly understood. In this position paper, we present a systematic evaluation of the security risks posed by CUAs across realistic operational scenarios. We outline seven key categories of vulnerabilities for which we provide a detailed analysis of common failure modes and a set of practical observations from our security testing of multiple CUA applications.

Camera Ready Modification Summary: Included Workshop footnote and revealed authors names. No reviewer suggestions to address.

Submission Number: 16

Loading