Table of Contents
Fetching ...

WebTrap Park: An Automated Platform for Systematic Security Evaluation of Web Agents

Xinyi Wu, Jiagui Chen, Geng Hong, Jiayi Dong, Xudong Pan, Jiarun Dai, Min Yang

TL;DR

WebTrap Park tackles the lack of standardized security evaluation for Web Agents by enabling automated, live-environment assessment of concrete agent actions. It organizes risk into Malicious User Prompts, Malicious Prompt Injection, and Deceptive Website Design, and deploys 1,226 evaluation tasks via a Docker/Kubernetes-based pipeline that requires no modification to agents. The study reveals significant security differences across agent frameworks and backbone models, underscoring that architecture matters beyond the underlying model. The platform offers a scalable, reproducible foundation for real-world Web Agent security auditing and is publicly accessible at https://security.fudan.edu.cn/webagent.

Abstract

Web Agents are increasingly deployed to perform complex tasks in real web environments, yet their security evaluation remains fragmented and difficult to standardize. We present WebTrap Park, an automated platform for systematic security evaluation of Web Agents through direct observation of their concrete interactions with live web pages. WebTrap Park instantiates three major sources of security risk into 1,226 executable evaluation tasks and enables action based assessment without requiring agent modification. Our results reveal clear security differences across agent frameworks, highlighting the importance of agent architecture beyond the underlying model. WebTrap Park is publicly accessible at https://security.fudan.edu.cn/webagent and provides a scalable foundation for reproducible Web Agent security evaluation.

WebTrap Park: An Automated Platform for Systematic Security Evaluation of Web Agents

TL;DR

WebTrap Park tackles the lack of standardized security evaluation for Web Agents by enabling automated, live-environment assessment of concrete agent actions. It organizes risk into Malicious User Prompts, Malicious Prompt Injection, and Deceptive Website Design, and deploys 1,226 evaluation tasks via a Docker/Kubernetes-based pipeline that requires no modification to agents. The study reveals significant security differences across agent frameworks and backbone models, underscoring that architecture matters beyond the underlying model. The platform offers a scalable, reproducible foundation for real-world Web Agent security auditing and is publicly accessible at https://security.fudan.edu.cn/webagent.

Abstract

Web Agents are increasingly deployed to perform complex tasks in real web environments, yet their security evaluation remains fragmented and difficult to standardize. We present WebTrap Park, an automated platform for systematic security evaluation of Web Agents through direct observation of their concrete interactions with live web pages. WebTrap Park instantiates three major sources of security risk into 1,226 executable evaluation tasks and enables action based assessment without requiring agent modification. Our results reveal clear security differences across agent frameworks, highlighting the importance of agent architecture beyond the underlying model. WebTrap Park is publicly accessible at https://security.fudan.edu.cn/webagent and provides a scalable foundation for reproducible Web Agent security evaluation.
Paper Structure (12 sections, 2 figures, 2 tables)

This paper contains 12 sections, 2 figures, 2 tables.

Figures (2)

  • Figure 1: Security Performance across different Web Agent Frameworks (Model: GPT-4o).
  • Figure 2: Security Performance across Different Backend Models (Agent: Browser Use (text)).