Visual Confused Deputy: Exploiting and Defending Perception Failures in Computer-Using Agents

ArXi:2603.14707v1 Announce Type: cross Computer-using agents (CUAs) act directly on graphical user interfaces, yet their perception of the screen is often unreliable. Existing work largely treats these failures as performance limitations, asking whether an action succeeds, rather than whether the agent is acting on the correct object at all. We argue that this is fundamentally a security problem.