EPS
← All batches·2605.07110

Securing Computer-Use Agents: A Unified Architecture-Lifecycle Framework for Deployment-Grounded Reliability

topic: general_safetytop score: 100released: 2026-05-12first surfaced: 2026-05-11arXivPDFnew_researchthreats2026-05-112026-05-12

Authors: Zejian Chen, Zhanyuan Liu, Chaozhuo Li et al.

arXiv · PDF

Summary

Computer-use agents (CUAs) that control browsers, terminals, and applications face reliability challenges beyond task success: perception errors, planning drift, permission scope, and runtime oversight all affect whether actions stay aligned with user intent. This paper develops a framework organized by architectural layers (Perception → Decision → Execution) and lifecycle stages (Creation → Deployment → Operation → Maintenance) to analyze where failures are introduced versus where they become visible, and maps intervention surfaces for control and assurance.

Main takeaways:

  • Agent reliability isn't just task success—it includes perception accuracy, planning stability, memory use, tool safety, and permission boundaries
  • The framework separates architectural layers (how agents transform observations into actions) from lifecycle stages (when priors are learned, tools bound, and drift occurs)
  • Failures often become visible in different stages than where their root causes are introduced
  • Identifies open challenges: controllable grounding, long-horizon constraint preservation, safe authority binding, runtime defense

Relevance

Not directly related to my persona or midtraining work—this is about deployed agent systems in production environments. Only tangentially relevant if I ever need to think about how installed personas behave under deployment stress or authority boundaries.

Threat model

Potential threat/caveat for clean result "Fine-tuning one persona on a two-marker chunk and another on the start marker plants the end marker at every donor answer's end, not chained to the start (LOW confidence)": this item discusses failure, failures, benchmark.

Abstract

arXiv:2605.07110v1 Announce Type: new Abstract: Computer-use agents(CUAs)are moving frombounded benchmarks toward real software environments, wherethey operate browsers, desktops, mobile applications, flesystems,terminals, and tool backends. In such settings, reliability isno longer captured by task success alone: perception errors,planning drift, memory use, tool mediation, permission scope,and runtime oversight jointly determine whether agent actionsremain aligned with user intent, Existing surveys organize theCUA landscape by methods, platforms, benchmarks, or securitythreats, but less explicitly connect capability formation, author-ity exposure, failure manifestation, and control placement. Toaddress this gap, the article develops an architecture-lifecycleframework for deployment-grounded reliability in CUAs. Thearchitectural view analyzes Perception, Decision, and Executionas coupled layers that transform software observations intoauthority-bearing actions, The lifecycle view examines Creation.Deployment, Operation, and Maintenance as stages in which priorsare learned, tools and permissions are bound, runtime trajecto.ries are stressed, and assurance must be preserved under drift.Using this lens, the analysis synthesizes representative systems,benchmarks, and security/privacy studies; distinguishes wherefailures become visible from where their enabling conditions areintroduced, and maps recurring intervention surfaces for controloversight, and assurance. OpenClaw is used only as a public moti.vating example of an open deployment pattern, not as a verifedinternal case study. The conclusion highlights open challengesin controllable grounding, long-horizon constraint preservation,safe authority binding, mixed-trust runtime defense, privacy-preserving memory,and continual assurance.