CaMeLs Can Use Computers Too: System-level Security for Computer Use Agents

ArXi:2601.09923v2 Announce Type: replace AI agents are vulnerable to prompt injection attacks, where malicious content hijacks agent behavior to steal credentials or cause financial loss. The only known robust defense is architectural isolation that strictly separates trusted task planning from untrusted environment observations.