This is a page that curates AI-related papers published worldwide. All content here is summarized using Google Gemini and operated on a non-profit basis. Copyright for each paper belongs to the authors and their institutions; please make sure to credit the source when sharing.
Xilong Wang, John Bloch, Zedian Shao, Yuepeng Hu, Shuyan Zhou, Neil Zhenqiang Gong
Outline
This paper proposes WebInject, a novel attack technique against multimodal large-scale language models (MLLMs)-based web agents. WebInject is a prompt injection attack that induces web agents to perform actions desired by the attacker by injecting subtle perturbations into the pixel values of a web page. To overcome the difficulty of the non-differentiable mapping between the original pixel values and the screenshot, we train a neural network that approximates this mapping and solve the optimization problem using projected gradient descent. Experimental results on various datasets demonstrate that WebInject is significantly more effective than existing methods.
Takeaways, Limitations
•
Takeaways:
◦
By demonstrating vulnerabilities in MLLM-based web agents, we highlight the importance of web agent security.
◦
WebInject presents a new type of attack vector against web agents and could make a significant contribution to future security research.
◦
Attacks using pixel value manipulation are a different approach from traditional prompt engineering, and may inspire research into various attack techniques.
•
Limitations:
◦
Currently, the focus is on attacks against specific types of web agents, and generalizability to different web agent architectures requires further research.
◦
The success rate of an attack may vary depending on the structure of the web page and the characteristics of the web agent.
◦
Further validation of the attack success rate and effectiveness in a real web environment is needed.
