WebPII: Benchmarking Visual PII Detection for Computer-Use Agents
This addresses privacy risks for users of computer-use agents by providing a benchmark and model for detecting sensitive information in web screenshots, though it is incremental as it builds on existing detection methods with a new dataset.
The paper tackled the lack of a public benchmark for detecting personally identifiable information (PII) in web screenshots, a critical privacy risk for computer-use agents, by introducing WebPII, a synthetic dataset of 44,865 e-commerce UI images, and demonstrated practical utility with WebRedact, which more than doubled baseline accuracy (0.753 vs 0.357 mAP@50) at real-time CPU latency (20ms).
Computer use agents create new privacy risks: training data collected from real websites inevitably contains sensitive information, and cloud-hosted inference exposes user screenshots. Detecting personally identifiable information in web screenshots is critical for privacy-preserving deployment, but no public benchmark exists for this task. We introduce WebPII, a fine-grained synthetic benchmark of 44,865 annotated e-commerce UI images designed with three key properties: extended PII taxonomy including transaction-level identifiers that enable reidentification, anticipatory detection for partially-filled forms where users are actively entering data, and scalable generation through VLM-based UI reproduction. Experiments validate that these design choices improve layout-invariant detection across diverse interfaces and generalization to held-out page types. We train WebRedact to demonstrate practical utility, more than doubling text-extraction baseline accuracy (0.753 vs 0.357 mAP@50) at real-time CPU latency (20ms). We release the dataset and model to support privacy-preserving computer use research.