Saved in:
Bibliographic Details
Main Authors: Mudryi, Mykyta, Chaklosh, Markiyan, Wójcik, Grzegorz
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.13076
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918025221898240
author Mudryi, Mykyta
Chaklosh, Markiyan
Wójcik, Grzegorz
author_facet Mudryi, Mykyta
Chaklosh, Markiyan
Wójcik, Grzegorz
contents Autonomous browsing agents powered by large language models (LLMs) are increasingly used to automate web-based tasks. However, their reliance on dynamic content, tool execution, and user-provided data exposes them to a broad attack surface. This paper presents a comprehensive security evaluation of such agents, focusing on systemic vulnerabilities across multiple architectural layers. Our work outlines the first end-to-end threat model for browsing agents and provides actionable guidance for securing their deployment in real-world environments. To address discovered threats, we propose a defense in depth strategy incorporating input sanitization, planner executor isolation, formal analyzers, and session safeguards. These measures protect against both initial access and post exploitation attack vectors. Through a white box analysis of a popular open source project, Browser Use, we demonstrate how untrusted web content can hijack agent behavior and lead to critical security breaches. Our findings include prompt injection, domain validation bypass, and credential exfiltration, evidenced by a disclosed CVE and a working proof of concept exploit.
format Preprint
id arxiv_https___arxiv_org_abs_2505_13076
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle The Hidden Dangers of Browsing AI Agents
Mudryi, Mykyta
Chaklosh, Markiyan
Wójcik, Grzegorz
Cryptography and Security
Artificial Intelligence
Autonomous browsing agents powered by large language models (LLMs) are increasingly used to automate web-based tasks. However, their reliance on dynamic content, tool execution, and user-provided data exposes them to a broad attack surface. This paper presents a comprehensive security evaluation of such agents, focusing on systemic vulnerabilities across multiple architectural layers. Our work outlines the first end-to-end threat model for browsing agents and provides actionable guidance for securing their deployment in real-world environments. To address discovered threats, we propose a defense in depth strategy incorporating input sanitization, planner executor isolation, formal analyzers, and session safeguards. These measures protect against both initial access and post exploitation attack vectors. Through a white box analysis of a popular open source project, Browser Use, we demonstrate how untrusted web content can hijack agent behavior and lead to critical security breaches. Our findings include prompt injection, domain validation bypass, and credential exfiltration, evidenced by a disclosed CVE and a working proof of concept exploit.
title The Hidden Dangers of Browsing AI Agents
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2505.13076