Paper Detail

WebAgentGuard: A Reasoning-Driven Guard Model for Detecting Prompt Injection Attacks in Web Agents

Yulin Chen, Tri Cao, Haoran Li, Yue Liu, Yibo Li, Yufei He, Le Minh Khoi, Yangqiu Song, Shuicheng Yan, Bryan Hooi

Browse

Workflow Queues

arxiv Score 18.3

Published 2026-04-14 · First seen 2026-04-15

Research Track B · General AI

Open paper source

Abstract

Web agents powered by vision-language models (VLMs) enable autonomous interaction with web environments by perceiving and acting on both visual and textual webpage content to accomplish user-specified tasks. However, they are highly vulnerable to prompt injection attacks, where adversarial instructions embedded in HTML or rendered screenshots can manipulate agent behavior and lead to harmful outcomes such as information leakage. Existing defenses, including system prompt defenses and direct fine-tuning of agents, have shown limited effectiveness. To address this issue, we propose a defense framework in which a web agent operates in parallel with a dedicated guard agent, decoupling prompt injection detection from the agent's own reasoning. Building on this framework, we introduce WebAgentGuard, a reasoning-driven, multimodal guard model for prompt injection detection. We construct a synthetic multimodal dataset using GPT-5 spanning 164 topics and 230 visual and UI design styles, and train the model via reasoning-intensive supervised fine-tuning followed by reinforcement learning. Experiments across multiple benchmarks show that WebAgentGuard consistently outperforms strong baselines while preserving agent utility, without introducing additional latency.

Workflow Status

Review status
pending
Role
unreviewed
Read priority
now
Vote
Not set.
Saved
no
Collections
Not filed yet.
Next action
Not filled yet.

Reading Brief

No structured notes yet. Add `summary_sections`, `why_relevant`, `claim_impact`, or `next_action` in `papers.jsonl` to enrich this view.

Why It Surfaced

No ranking explanation is available yet.

Tags

No tags.

Similar Papers

SnapGuard: Lightweight Prompt Injection Detection for Screenshot-Based Web Agents 2026-04-28 · Score 14.8 Research Track B · General AI A Subgoal-driven Framework for Improving Long-Horizon LLM Agents 2026-03-20 · Score 22.8 Research Track B · General AI WebUncertainty: Dual-Level Uncertainty Driven Planning and Reasoning For Autonomous Web Agent 2026-04-20 · Score 21.0 Research Track B · General AI In-Browser Agents for Search Assistance 2026-01-14 · Score 10.0 Research Track B · General AI IntentWeave: A Progressive Entry Ladder for Multi-Surface Browser Agents in Cloud Portals 2026-03-24 · Score 10.0 Research Track B · General AI

BibTeX

@article{chen2026webagentguard,
  title = {WebAgentGuard: A Reasoning-Driven Guard Model for Detecting Prompt Injection Attacks in Web Agents},
  author = {Yulin Chen and Tri Cao and Haoran Li and Yue Liu and Yibo Li and Yufei He and Le Minh Khoi and Yangqiu Song and Shuicheng Yan and Bryan Hooi},
  year = {2026},
  abstract = {Web agents powered by vision-language models (VLMs) enable autonomous interaction with web environments by perceiving and acting on both visual and textual webpage content to accomplish user-specified tasks. However, they are highly vulnerable to prompt injection attacks, where adversarial instructions embedded in HTML or rendered screenshots can manipulate agent behavior and lead to harmful outcomes such as information leakage. Existing defenses, including system prompt defenses and direct fine},
  url = {https://arxiv.org/abs/2604.12284},
  keywords = {cs.CR},
  eprint = {2604.12284},
  archiveprefix = {arXiv},
}

Metadata

{}