Benchmarking Web Agent Safety under E-commerce Deceptive Interfaces
Quick Answer
The study introduces WebDecept, a plugin framework that tests web agents' vulnerabilities to deceptive e-commerce interfaces.
Quick Take
The study introduces WebDecept, a plugin framework that tests web agents' vulnerabilities to deceptive e-commerce interfaces. Results reveal that current agents are highly susceptible to manipulations like targeted ads and domain redirection, highlighting significant safety concerns for real-world deployment.
Key Points
- WebDecept enables controlled injection of deceptive patterns into web environments.
- Seven common deceptive patterns were tested, including shopping manipulation.
- Current web agents showed high susceptibility to deceptive interfaces.
- Prompt-based constraints often failed to mitigate agent failures.
- Design choices in deceptive patterns significantly influenced manipulation success.
Paper Resources
Article Excerpt
From source RSS / original summaryarXiv:2606. 13686v1 Announce Type: new Abstract: As autonomous web agents are increasingly deployed to perform real-world tasks, ensuring their safety has become a critical concern. In this work, we study web agent behavior under realistic deceptive interfaces in the e-commerce domain. We introduce WebDecept, a lightweight and configurable plugin framework that enables controlled injection of deceptive interface patterns into existing web environments.
Using WebDecept, we instantiate seven deceptive patterns commonly observed on the open web, including targeted advertisements, domain redirection, and shopping manipulation. By injecting these patterns into the frontend during task execution, we perform controlled evaluation of multiple multimodal web agents. Our results show that current web agents are highly susceptible to multiple classes of deceptive interfaces, and that prompt-based constraints are often insufficient to mitigate these failures.
We further analyze how the design choices of deceptive patterns influence the success of such manipulations. These findings highlight safety challenges that should be addressed as web agents are scaled toward real-world deployment.
Reader Mode unavailable (could not extract clean content).
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from arXiv cs.CL
See more →Time to REFLECT: Can We Trust LLM Judges for Evidence-based Research Agents?
The REFLECT benchmark reveals that current LLM judges are unreliable, achieving below 55% accuracy in evaluating reasoning and evidence use, highlighting the need for improved evaluation methods for deep research agents.