Don't Click That: Teaching Web Agents to Resist Deceptive Interfaces
For developers of VLM-based web agents, this work addresses the vulnerability to deceptive UI elements, which is a critical safety concern for autonomous GUI interaction.
The paper formalizes deception-aware web agent defense and proposes DUDE, a framework that reduces deception susceptibility by 53.8% while maintaining task performance on a new benchmark of 1,407 scenarios.
Vision-language model (VLM) based web agents demonstrate impressive autonomous GUI interaction but remain vulnerable to deceptive interface elements. Existing approaches either detect deception without task integration or document attacks without proposing defenses. We formalize deception-aware web agent defense and propose DUDE (Deceptive UI Detector & Evaluator), a two-stage framework combining hybrid-reward learning with asymmetric penalties and experience summarization to distill failure patterns into transferable guidance. We introduce RUC (Real UI Clickboxes), a benchmark of 1,407 scenarios spanning four domains and deception categories. Experiments show DUDE reduces deception susceptibility by 53.8% while maintaining task performance, establishing an effective foundation for robust web agent deployment.