Salvato in:
Dettagli Bibliografici
Autori principali: Feng, Yunhao, Ding, Yifan, Du, Xiaohu, Wen, Ming, Deng, Xinhao, Guo, Yanming, Xie, Yuxiang, Zheng, Baihui, Tan, Yingshui, Li, Yige, Wu, Yutao, Wang, Yixu, Cao, Kerui, Huang, Wenke, Ma, Xingjun, Jiang, Yu-Gang
Natura: Preprint
Pubblicazione: 2026
Soggetti:
Accesso online:https://arxiv.org/abs/2606.01166
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866916070996049920
author Feng, Yunhao
Ding, Yifan
Du, Xiaohu
Wen, Ming
Deng, Xinhao
Guo, Yanming
Xie, Yuxiang
Zheng, Baihui
Tan, Yingshui
Li, Yige
Wu, Yutao
Wang, Yixu
Cao, Kerui
Huang, Wenke
Ma, Xingjun
Jiang, Yu-Gang
author_facet Feng, Yunhao
Ding, Yifan
Du, Xiaohu
Wen, Ming
Deng, Xinhao
Guo, Yanming
Xie, Yuxiang
Zheng, Baihui
Tan, Yingshui
Li, Yige
Wu, Yutao
Wang, Yixu
Cao, Kerui
Huang, Wenke
Ma, Xingjun
Jiang, Yu-Gang
contents Computer-use agents extend language models from text generation to sustained interaction with files, terminals, browsers, and external tools. This shift creates safety risks that are difficult to detect from isolated prompts or final responses, because harm often emerges only through multi-step execution traces whose individual actions appear locally benign. We introduce BraveGuard, a self-evolving defense framework for training guard models from open-world threat signals and realistic agent trajectories. BraveGuard mines recent research sources to identify emerging risks and attack patterns, instantiates them as executable computer-use tasks, collects agent rollouts, and derives trajectory-level supervision for guard model training. As new threats and validation failures appear, the pipeline can be repeated, yielding an adaptive defense loop rather than a static, benchmark-driven training process. We instantiate BraveGuard by training multiple guard backbones, including Qwen3-Guard and Llama-Guard variants, and evaluate the resulting guards on trajectory-level agent-safety benchmarks. BraveGuard consistently improves safety detection across computer-use trajectories. On AgentHazard, it substantially improves detection accuracy over off-the-shelf guard models, with accuracy increasing from 38.79% to 82.38% under the averaged guard-model setting. These results show that guard supervision grounded in open-world threat discovery and realistic agent execution can improve safety monitoring beyond fixed taxonomies and synthetic prompt-level data. BraveGuard offers a scalable path toward adaptive defenses for computer-use agents facing evolving real-world risks.
format Preprint
id arxiv_https___arxiv_org_abs_2606_01166
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle BraveGuard: From Open-World Threats to Safer Computer-Use Agents
Feng, Yunhao
Ding, Yifan
Du, Xiaohu
Wen, Ming
Deng, Xinhao
Guo, Yanming
Xie, Yuxiang
Zheng, Baihui
Tan, Yingshui
Li, Yige
Wu, Yutao
Wang, Yixu
Cao, Kerui
Huang, Wenke
Ma, Xingjun
Jiang, Yu-Gang
Cryptography and Security
Computation and Language
Computer-use agents extend language models from text generation to sustained interaction with files, terminals, browsers, and external tools. This shift creates safety risks that are difficult to detect from isolated prompts or final responses, because harm often emerges only through multi-step execution traces whose individual actions appear locally benign. We introduce BraveGuard, a self-evolving defense framework for training guard models from open-world threat signals and realistic agent trajectories. BraveGuard mines recent research sources to identify emerging risks and attack patterns, instantiates them as executable computer-use tasks, collects agent rollouts, and derives trajectory-level supervision for guard model training. As new threats and validation failures appear, the pipeline can be repeated, yielding an adaptive defense loop rather than a static, benchmark-driven training process. We instantiate BraveGuard by training multiple guard backbones, including Qwen3-Guard and Llama-Guard variants, and evaluate the resulting guards on trajectory-level agent-safety benchmarks. BraveGuard consistently improves safety detection across computer-use trajectories. On AgentHazard, it substantially improves detection accuracy over off-the-shelf guard models, with accuracy increasing from 38.79% to 82.38% under the averaged guard-model setting. These results show that guard supervision grounded in open-world threat discovery and realistic agent execution can improve safety monitoring beyond fixed taxonomies and synthetic prompt-level data. BraveGuard offers a scalable path toward adaptive defenses for computer-use agents facing evolving real-world risks.
title BraveGuard: From Open-World Threats to Safer Computer-Use Agents
topic Cryptography and Security
Computation and Language
url https://arxiv.org/abs/2606.01166