WebTrap Park: An Automated Platform for Systematic Security Evaluation of Web Agents
This provides a scalable and reproducible foundation for security evaluation of Web Agents, addressing a critical need for developers and researchers deploying agents in real web environments.
The paper tackled the problem of fragmented and non-standardized security evaluation for Web Agents by introducing WebTrap Park, an automated platform that instantiates 1,226 executable tasks to assess security risks through direct observation of agent interactions with live web pages, revealing clear security differences across agent frameworks.
Web Agents are increasingly deployed to perform complex tasks in real web environments, yet their security evaluation remains fragmented and difficult to standardize. We present WebTrap Park, an automated platform for systematic security evaluation of Web Agents through direct observation of their concrete interactions with live web pages. WebTrap Park instantiates three major sources of security risk into 1,226 executable evaluation tasks and enables action based assessment without requiring agent modification. Our results reveal clear security differences across agent frameworks, highlighting the importance of agent architecture beyond the underlying model. WebTrap Park is publicly accessible at https://security.fudan.edu.cn/webagent and provides a scalable foundation for reproducible Web Agent security evaluation.