Capable but Careless: Do Computer-Use Agents Follow Contextual Integrity?
If you're deploying computer-use agents that touch email, calendars, or personal apps, this should alarm you: 11 of 15 frontier agents leak private information in more than 50% of test scenarios, with an average leakage rate of 67.9%. The paper introduces AgentCIBench and names three specific failure modes—pulling in visually adjacent data, over-sharing on ambiguous prompts, and sending content to wrong recipients—giving you a concrete taxonomy to test against before shipping.
Takeaways
- Most frontier computer-use agents will leak private context across application boundaries more often than not.
- Three distinct failure modes (visual co-location, task-ambiguity overshare, recipient misalignment) should be explicitly tested in any agent privacy audit.
- Cross-application context leakage is a systemic architectural problem, not a model-specific quirk.