AgentHijack: Benchmarking Computer Use Agent Robustness to Common Environment Corruptions
For developers of autonomous computer use agents, this work highlights the critical need for robustness evaluation and provides a benchmark and mitigation framework to address real-world environment uncertainties.
AgentHijack benchmarks the robustness of MLLM-based computer use agents against 9 common environment corruptions (e.g., pop-ups, resolution changes), showing that even minor corruptions cause substantial performance degradation. The proposed AgentHijack-Agent framework mitigates this, achieving improved robustness.
Autonomous computer use agents that powered by multimodal large language models (MLLMs) are emerging as capable assistants for completing complex digital workflows. However, real-world execution environments are far from ideal: pop-ups, resolution changes, and competing applications frequently interfere with agent perception and control. We introduce AgentHijack, a benchmark designed to evaluate the robustness of computer-use agents under common corruptions, where the uncertainties in dynamic environment disrupt the execution flow without direct adversarial intent. Specifically, AgentHijack introduces 9 configurable common corruptions to replicate realistic imperfect scenarios. We evaluate a variety of desktop tasks that utilize MLLM-based agents and discover that even minor instances of corruption can result in substantial performance degradation, which emphasizes the fragility of agents and underscores the necessity of robustness evaluation. Afterward, we propose AgentHijack-Agent, a framework that integrates an action generator with enhanced grounding capabilities and an onlooker responsible for behavior summarization and environment checking. Extensive experiments validate its effectiveness. Our code, environment, baseline models and data are publicly available at: https://AgentHijack.github.io.