Read original ↗
paperarXivTrust 82 · PrimaryPublished 5d agoLive · 3d ago

Untrusted Content Masking for Web Agents with Security Guarantees

Defenses that provide security guarantees against prompt injection attacks rely on strict isolation between trusted instructions and untrusted data. In text-based environments such as tool-use APIs, this separation arises naturally: agents can reason from interface definitions without ever processing untrusted content. Extending these guarantees to web agents faces a fundamental challenge: to perceive and interact with their environment, web agents must first observe the rendered page, which intermingles trusted content with untrusted content. This structural entanglement removes the trust bou

Lineage graph

Paper → model → repo connections mined from source citations (Tier-1 exact match).

Why these links exist

  • Linked via arxiv authorKristina Nikolić

    Untrusted Content Masking for Web Agents with Security Guarantees

  • Linked via arxiv authorEgor Zverev

    Untrusted Content Masking for Web Agents with Security Guarantees

  • Linked via arxiv authorJavier Rando

    Untrusted Content Masking for Web Agents with Security Guarantees

  • Linked via arxiv authorMatthew Jagielski

    Untrusted Content Masking for Web Agents with Security Guarantees

  • Linked via arxiv authorEdoardo Debenedetti

    Untrusted Content Masking for Web Agents with Security Guarantees

  • Linked via arxiv authorFlorian Tramèr

    Untrusted Content Masking for Web Agents with Security Guarantees

Covers

Implements

authored (incoming)

Covers (incoming)

Related across the graph

Topics