Don't Click That: Teaching Web Agents to Resist Deceptive Interfaces

TL;DR

This paper introduces DUDE, a framework to improve web agents' resistance to deceptive UI elements, using a new benchmark and hybrid learning techniques, significantly reducing deception susceptibility.

Contribution

The paper formalizes deception-aware defense for web agents, proposes DUDE with hybrid-reward learning, and introduces RUC, a comprehensive benchmark for deception scenarios.

Findings

DUDE reduces deception susceptibility by 53.8%.

It maintains task performance while improving robustness.

RUC benchmark covers 1,407 deception scenarios across four domains.

Abstract

Vision-language model (VLM) based web agents demonstrate impressive autonomous GUI interaction but remain vulnerable to deceptive interface elements. Existing approaches either detect deception without task integration or document attacks without proposing defenses. We formalize deception-aware web agent defense and propose DUDE (Deceptive UI Detector & Evaluator), a two-stage framework combining hybrid-reward learning with asymmetric penalties and experience summarization to distill failure patterns into transferable guidance. We introduce RUC (Real UI Clickboxes), a benchmark of 1,407 scenarios spanning four domains and deception categories. Experiments show DUDE reduces deception susceptibility by 53.8% while maintaining task performance, establishing an effective foundation for robust web agent deployment.