WebTrap Park: An Automated Platform for Systematic Security Evaluation of Web Agents
Xinyi Wu, Jiagui Chen, Geng Hong, Jiayi Dong, Xudong Pan, Jiarun Dai, Min Yang
TL;DR
WebTrap Park is an automated, scalable platform that systematically evaluates the security of Web Agents by observing their interactions with live web pages, revealing security differences across frameworks.
Contribution
It introduces a comprehensive platform for security assessment of Web Agents without modifying them, using 1,226 executable evaluation tasks based on real web interactions.
Findings
Security differences across agent frameworks are significant
Agent architecture impacts security more than underlying models
Platform enables reproducible security evaluations
Abstract
Web Agents are increasingly deployed to perform complex tasks in real web environments, yet their security evaluation remains fragmented and difficult to standardize. We present WebTrap Park, an automated platform for systematic security evaluation of Web Agents through direct observation of their concrete interactions with live web pages. WebTrap Park instantiates three major sources of security risk into 1,226 executable evaluation tasks and enables action based assessment without requiring agent modification. Our results reveal clear security differences across agent frameworks, highlighting the importance of agent architecture beyond the underlying model. WebTrap Park is publicly accessible at https://security.fudan.edu.cn/webagent and provides a scalable foundation for reproducible Web Agent security evaluation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Web Application Security Vulnerabilities · Access Control and Trust