Evaluating Computer-Use Agents on Exploiting Web Application Vulnerabilities (www.researchgate.net)

Researchers evaluated autonomous “computer-use” agents — typically LLMs or RL agents paired with browser automation — on their ability to discover and in some cases exploit common web-application vulnerabilities. In controlled, instrumented environments the study benchmarks agents against classes of flaws such as reflected/stored XSS, SQL injection, CSRF and authentication/logic bugs, measuring exploit success, false positives, number of interaction steps, and robustness to multi-step flows. Key technical elements include pipeline architectures that combine language models with tool APIs (headless browser control, form fuzzers, and out-of-band callbacks), reward shaping for exploit outcomes, and prompt or policy tuning to guide exploration. Results show these agents can outperform simple scanners on complex, stateful workflows but still miss subtle business-logic flaws that require deep semantic understanding. The work is significant because it quantifies how close automated agents are to performing offensive security tasks, highlighting both utility for automated red-teaming and substantial dual-use risk. Technical implications include the need for hardened web defenses (context-aware input sanitization, robust auth flows), better detection of automated exploit attempts, and stricter research controls: sandboxed testbeds, responsible disclosure, and access limits on publicly available agent toolchains. The paper calls for coordinated defenses and development of safe evaluation protocols to let defenders leverage automation without widening the attack surface.