EIA: Environmental Injection Attack on Generalist Web Agents for Privacy Leakage

Generalist web agents have demonstrated remarkable potential in autonomouslycompleting a wide range of tasks on real websites, significantly boosting humanproductivity. However, web tasks, such as booking flights, usually involveusers’ PII, which may be exposed to potential privacy risks if web agentsaccidentally interact with compromised websites, a scenario that remainslargely unexplored in the literature. In this work, we narrow this gap byconducting the first study on the privacy risks of generalist web agents inadversarial environments. First, we present a realistic threat model forattacks on the website, where we consider two adversarial targets: stealingusers’ specific PII or the entire user request. Then, we propose a novel attackmethod, termed Environmental Injection Attack (EIA). EIA injects maliciouscontent designed to adapt well to environments where the agents operate and ourwork instantiates EIA specifically for privacy scenarios in web environments.We collect 177 action steps that involve diverse PII categories on realisticwebsites from the Mind2Web, and conduct experiments using one of the mostcapable generalist web agent frameworks to date. The results demonstrate thatEIA achieves up to 70

Academy

IntPDF

EIA: Environmental Injection Attack on Generalist Web Agents for Privacy Leakage

Further reading

EIA: Environmental Injection Attack on Generalist Web Agents for Privacy Leakage

Further reading#

Further reading