OSGuard: A Benchmark for Safety in Computer-Use Agents
Quick Answer
OSGuard introduces a dual-granularity benchmark for evaluating safety in computer-use agents, revealing gaps in multimodal guardrails.
Quick Take
OSGuard introduces a dual-granularity benchmark for evaluating safety in computer-use agents, revealing gaps in multimodal guardrails. It includes an action-level benchmark and a risk-augmented execution suite, demonstrating that current models excel in isolated judgments but struggle with end-to-end safety. This framework allows for improved diagnosis of unsafe actions and overall task safety.
Key Points
- OSGuard features an action-level benchmark for evaluating local guardrail decisions.
- The execution suite introduces latent hazards while keeping original tasks achievable.
- Experimental results show gaps between local oversight and reliable end-to-end safety.
- Current multimodal guardrails excel in isolated action judgments.
- The dual-granularity design enhances diagnosis of unsafe actions in agents.
Paper Resources
Article Content
From source RSS / original summaryarXiv:2606. 15034v1 Announce Type: new Abstract: Computer-use agents are increasingly evaluated by whether they complete realistic desktop and web tasks. However, task success alone can miss failures in which an agent reaches the nominal goal through an unsafe shortcut. We introduce OSGuard, a dual-granularity benchmark suite for evaluating safety in computer-use agents under benign, unchanged user instructions.
OSGuard contains an action-level benchmark for local guardrail decisions and a risk-augmented execution suite for end-to-end evaluation. The action-level benchmark consists of contextualized proposed actions labeled as allowed, unrelated, or unsafe, each judged relative to the original instruction and current interface state.
The execution suite contains manually constructed OSWorld-derived task variants in which the original task remains achievable, but the environment is modified to introduce latent hazards such as destructive overwrites, etc. Each variant is paired with augmented evaluators that retain the original task-success criterion while adding explicit state-based safety invariants, allowing us to distinguish safe completions from unsafe completions that satisfy the nominal task objective.
Our experimental results on OSGuard show that current multimodal guardrails can perform well on isolated action judgments, while risk-augmented execution exposes remaining gaps between local oversight and reliable end-to-end safety. This dual-granularity design enables more precise diagnosis of whether models can both recognize unsafe proposed actions and improve full-task safety when deployed as guardrails.
Reader Mode unavailable (could not extract clean content).
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from arXiv cs.AI
See more →Arbor: Tree Search as a Cognition Layer for Autonomous Agents
Arbor introduces a multi-agent framework utilizing structured tree search for optimizing LLM inference, achieving up to 193% throughput-latency improvement compared to vendor-optimized systems. It employs an Orchestrator and Critic agent for stability and coordination, demonstrating hardware-agnostic performance with minimal variance.
