Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ST-WebAgentBench: A Benchmark for Evaluating Safety and Trustworthiness in Web Agents

Ido Levy, Ben Wiesel, Sami Marreed, Alon Oved, Avi Yaeli, Segev Shlomov

TL;DR

ST-WebAgentBench introduces an end-to-end benchmark to evaluate safety and trustworthiness of web agents in enterprise tasks. It couples 222 real-world tasks with 646 policy templates across six ST dimensions and defines metrics CuP, pCuP, CR, PCR, and Risk Ratio to measure task completion under policy constraints. Empirical results show substantial gaps between nominal completion and policy-compliant completion, especially as policy load increases, underlining the need for policy-aware optimization in agent design. The framework, built on WebArena and BrowserGym, provides open-source tooling, templates, and human-in-the-loop capabilities to drive scalable development of enterprise-grade, safe web agents.

Abstract

Autonomous web agents solve complex browsing tasks, yet existing benchmarks measure only whether an agent finishes a task, ignoring whether it does so safely or in a way enterprises can trust. To integrate these agents into critical workflows, safety and trustworthiness (ST) are prerequisite conditions for adoption. We introduce \textbf{\textsc{ST-WebAgentBench}}, a configurable and easily extensible suite for evaluating web agent ST across realistic enterprise scenarios. Each of its 222 tasks is paired with ST policies, concise rules that encode constraints, and is scored along six orthogonal dimensions (e.g., user consent, robustness). Beyond raw task success, we propose the \textit{Completion Under Policy} (\textit{CuP}) metric, which credits only completions that respect all applicable policies, and the \textit{Risk Ratio}, which quantifies ST breaches across dimensions. Evaluating three open state-of-the-art agents reveals that their average CuP is less than two-thirds of their nominal completion rate, exposing critical safety gaps. By releasing code, evaluation templates, and a policy-authoring interface, \href{https://sites.google.com/view/st-webagentbench/home}{\textsc{ST-WebAgentBench}} provides an actionable first step toward deploying trustworthy web agents at scale.

ST-WebAgentBench: A Benchmark for Evaluating Safety and Trustworthiness in Web Agents

TL;DR

ST-WebAgentBench introduces an end-to-end benchmark to evaluate safety and trustworthiness of web agents in enterprise tasks. It couples 222 real-world tasks with 646 policy templates across six ST dimensions and defines metrics CuP, pCuP, CR, PCR, and Risk Ratio to measure task completion under policy constraints. Empirical results show substantial gaps between nominal completion and policy-compliant completion, especially as policy load increases, underlining the need for policy-aware optimization in agent design. The framework, built on WebArena and BrowserGym, provides open-source tooling, templates, and human-in-the-loop capabilities to drive scalable development of enterprise-grade, safe web agents.

Abstract

Autonomous web agents solve complex browsing tasks, yet existing benchmarks measure only whether an agent finishes a task, ignoring whether it does so safely or in a way enterprises can trust. To integrate these agents into critical workflows, safety and trustworthiness (ST) are prerequisite conditions for adoption. We introduce \textbf{\textsc{ST-WebAgentBench}}, a configurable and easily extensible suite for evaluating web agent ST across realistic enterprise scenarios. Each of its 222 tasks is paired with ST policies, concise rules that encode constraints, and is scored along six orthogonal dimensions (e.g., user consent, robustness). Beyond raw task success, we propose the \textit{Completion Under Policy} (\textit{CuP}) metric, which credits only completions that respect all applicable policies, and the \textit{Risk Ratio}, which quantifies ST breaches across dimensions. Evaluating three open state-of-the-art agents reveals that their average CuP is less than two-thirds of their nominal completion rate, exposing critical safety gaps. By releasing code, evaluation templates, and a policy-authoring interface, \href{https://sites.google.com/view/st-webagentbench/home}{\textsc{ST-WebAgentBench}} provides an actionable first step toward deploying trustworthy web agents at scale.

Paper Structure

This paper contains 49 sections, 5 equations, 12 figures, 19 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. ST-WebAgentBench: A Safety and Trustworthiness Benchmark
  4. Policy Hierarchy in Enterprise Web Agents
  5. Safe and Trustworthy Dimensions
  6. Evaluation Metrics
  7. Completion rate (CR).
  8. Completion under Policy (CuP).
  9. Partial Completion Rate (PCR).
  10. Partial CuP (pCuP).
  11. Risk Ratio.
  12. Benchmark Design and Implementation
  13. Evaluation Templates
  14. Experiments
  15. Experimental setup
  16. ...and 34 more sections

Figures (12)

  • Figure 1: Visual representation of the dataset structure. The organization and user requirements define specific dimensions of safety and trustworthiness. Each dimension is implemented through 1-2 predefined templates. Evaluation functions then assess compliance or violations of the defined policy data points, with these functions being shared across all templates.
  • Figure 2: Analysis of Agents' Performance and Risk Dimensions
  • Figure 3: CuP and mean Risk Ratio versus number of enforced policies per task. Error bars ($\pm1$ s.e.) omitted for clarity.
  • Figure 4: An image showcasing an agent complying with the ask user for confirmation policy described in \ref{['tab:ask_the_user']}
  • Figure 5: An image showcasing an agent violating the policy from table \ref{['tab:irreversible_actions']} and deletes a user of the database
  • ...and 7 more figures