WARD: Adversarially Robust Defense of Web Agents against Prompt Injections

Web agents can autonomously complete online tasks by interacting with websites, but their exposure to open web environments makes them vulnerable to prompt injection attacks embedded in HTML content or visual interfaces. Existing guard models still suffer from limited generalization to unseen...

WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks

Web agents automate browser tasks, ranging from simple form completion to complex workflows like ordering groceries. While current benchmarks evaluate general-purpose performancee.g., WebArena or safety against malicious actionse.g., SafeArena, no existing framework assesses an agent's ability to...

Poison Once, Exploit Forever: Environment-Injected Memory Poisoning Attacks on Web Agents

Memory makes LLM-based web agents personalized, powerful, yet exploitable. By storing past interactions to personalize future tasks, agents inadvertently create a persistent attack surface that spans websites and sessions. While existing security research on memory assumes attackers can directly...

MUZZLE: Adaptive Agentic Red-Teaming of Web Agents against Indirect Prompt Injection Attacks

Large language model LLM based web agents are increasingly deployed to automate complex online tasks by directly interacting with web sites and performing actions on users' behalf. While these agents offer powerful capabilities, their design exposes them to indirect prompt injection attacks...

EUVD-2011-1717

Malware in sbrugna...

WAInjectBench: Benchmarking Prompt Injection Detections for Web Agents

Multiple prompt injection attacks have been proposed against web agents. At the same time, various methods have been developed to detect general prompt injection attacks, but none have been systematically evaluated for web agents. In this work, we bridge this gap by presenting the first...

The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents

In our first post, we introduced the world of AI web agents - defining what they are, outlining their core capabilities, and surveying the leading frameworks that make them possible. Now, we’re shifting gears to look at the other side of the coin: the vulnerabilities and attack surfaces that aris...

The Rise of Agentic AI: From Chatbots to Web Agents

Disclaimer: This post isn’t our usual security-focused content – today we’re taking a quick detour to explore the fascinating world of AI agents with the focus of AI web agents. Enjoy this educational dive as a warm-up before we get into the juicy details of AI web agents in our follow-up post...

Context Manipulation Attacks : Web Agents Are Susceptible to Corrupted Memory

Autonomous web navigation agents, which translate natural language instructions into sequences of browser actions, are increasingly deployed for complex tasks across e-commerce, information retrieval, and content discovery. Due to the stateless nature of large language models LLMs, these agents...

AdInject: Real-World Black-Box Attacks on Web Agents Via Advertising Delivery

Vision-Language Model VLM based Web Agents represent a significant step towards automating complex tasks by simulating human-like interaction with websites. However, their deployment in uncontrolled web environments introduces significant security vulnerabilities. Existing research on adversarial...

WASP: Benchmarking Web Agent Security against Prompt Injection Attacks

Autonomous UI agents powered by AI have tremendous potential to boost human productivity by automating routine tasks such as filing taxes and paying bills. However, a major challenge in unlocking their full potential is security, which is exacerbated by the agent's ability to take action on their...

Vulnerabilities fixed in ForgeRock Web Agents and Java Agents

ForgeRock has fixed vulnerabilities in Web Agents and Java Agents. An unauthenticated remote malicious agent could potentially exploit the vulnerabilities potentially exploit them to bypass authentication, gain access to sensitive data or execute arbitrary code execute arbitrary code. ForgeRock h...

Security Bulletin: An Authenticated Agent Can Modify Another Agent's Properties (CVE-2018-1995)

Summary Old versions of UrbanCode Deploy web agents can allow unauthorized property modification of other agents. Vulnerability Details CVEID: CVE-2018-1995 Details: An authenticated agent can modify another agent's properties using a specially crafted request. Consequences: Agent properties can ...

CVE-2015-6854

The non-Domino web agents in CA Single Sign-On aka SSO, formerly SiteMinder R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service daemon crash or obtain sensitive information via a crafted request...

CVE-2015-6854

The non-Domino web agents in CA Single Sign-On aka SSO, formerly SiteMinder R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service daemon crash or obtain sensitive information via a crafted request...

Unspecified Vulnerability in Oracle Fusion Middleware OpenSSO Component

Oracle OpenSSO is the United States Oracle Oracle a single sign-on SSO open source implementation , it is deployed in a variety of different Web or application servers on the Web application to provide centralized authentication capabilities . A security vulnerability exists in the OpenSSO Web...

CVE-2015-0451

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...

CVE-2015-0451

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...

Buffer overflow

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...

CVE-2013-5968

CVE-2013-5968 is a cross-site scripting (XSS) vulnerability affecting CA SiteMinder 12.0–12.51 and SiteMinder 6 Web Agents. The issue allows remote attackers to inject arbitrary script or HTML via vectors involving the double-quote character. The NVD entry lists a Medium severity (CVSSv2 base sco...