Computer-Use Agents (CUAs) are capable but careless when using information inappropriate for task completion. We built AgentCIBench to create stress-test scenarios and benchmark frontier models on personal task completion and contextual integrity violations.</p>\n","updatedAt":"2026-06-23T14:10:08.230Z","author":{"_id":"5df7ea99da6d0311fd3d53fa","avatarUrl":"/avatars/f7772d2befbcdf230028da2bbde97c2e.svg","fullname":"Anmol Goel","name":"anmol","type":"user","isPro":false,"isHf":false,"isHfAdmin":false,"isMod":false,"followerCount":1,"isUserFollowing":false}},"numEdits":0,"identifiedLanguage":{"language":"en","probability":0.7898998856544495},"editors":["anmol"],"editorAvatarUrls":["/avatars/f7772d2befbcdf230028da2bbde97c2e.svg"],"reactions":[],"isReport":false}}],"primaryEmailConfirmed":false,"paper":{"id":"2606.23189","authors":[{"_id":"6a3a921cfdcd3514343bb906","name":"Anmol Goel","hidden":false},{"_id":"6a3a921cfdcd3514343bb907","name":"Iryna Gurevych","hidden":false}],"mediaUrls":["https://cdn-uploads.huggingface.co/production/uploads/5df7ea99da6d0311fd3d53fa/DXVr20Jl4eLWl4woAeTos.mp4"],"publishedAt":"2026-06-22T00:00:00.000Z","submittedOnDailyAt":"2026-06-23T00:00:00.000Z","title":"Capable but Careless: Do Computer-Use Agents Follow Contextual Integrity?","submittedOnDailyBy":{"_id":"5df7ea99da6d0311fd3d53fa","avatarUrl":"/avatars/f7772d2befbcdf230028da2bbde97c2e.svg","isPro":false,"fullname":"Anmol Goel","user":"anmol","type":"user","name":"anmol"},"summary":"Computer-use agents (CUAs) now act on a user's behalf across personal applications such as email, calendars, and to-do lists. This cross-application access is useful, but it also creates a privacy risk that has been largely overlooked: when an agent works in one context, it can pull in information from another that is inappropriate in that context. Hence, we introduce AgentCIBench, an evaluation harness that turns this risk into executable, deterministically scored scenarios. We target three common failure modes in CUAs: visual co-location, where the agent pulls in prohibited items that sit next to the task target in the UI; task-ambiguity overshare, where the agent dumps dense personal state in response to an under-specified prompt; and recipient misalignment, where the agent sends content to an addressee for whom it is inappropriate. We evaluate 15 frontier agents and find a surprisingly high failure rate: 11 of 15 leak on more than 50% of scenarios, with an average leakage of 67.9%, and the same failures persist when agents act end-to-end in the environment to complete the task. We release AgentCIBench to encourage the development of safer computer-use agents and position contextual disclosure testing as a pre-deployment safety check.","upvotes":1,"discussionId":"6a3a921cfdcd3514343bb908","projectPage":"https://ukplab.github.io/arxiv2026-agentcibench/","githubRepo":"https://github.com/UKPLab/arxiv2026-agentcibench","githubRepoAddedBy":"user","ai_summary":"Computer-use agents frequently expose inappropriate information across applications, prompting the creation of AgentCIBench to evaluate and mitigate privacy risks in cross-application contexts.","ai_keywords":["computer-use agents","contextual disclosure","privacy risk","AgentCIBench","visual co-location","task-ambiguity overshare","recipient misalignment"],"ai_summary_model":"Qwen/Qwen2.5-Coder-32B-Instruct","githubStars":1,"organization":{"_id":"62de69518960b17bb39a263c","name":"UKPLab","fullname":"Ubiquitous Knowledge Processing Lab","avatar":"https://cdn-avatars.huggingface.co/v1/production/uploads/1658743016913-62de689d86220b5cb895acea.png"}},"canReadDatabase":false,"canManagePapers":false,"canSubmit":false,"hasHfLevelAccess":false,"upvoted":false,"upvoters":[{"_id":"6a2da6c8ca070ee12c6e396c","avatarUrl":"/avatars/0355287dcabaa67dbc7f0b10b87451f9.svg","isPro":false,"fullname":"Joe Mama","user":"JoeMama123123123","type":"user"}],"acceptLanguages":["en"],"dailyPaperRank":0,"organization":{"_id":"62de69518960b17bb39a263c","name":"UKPLab","fullname":"Ubiquitous Knowledge Processing Lab","avatar":"https://cdn-avatars.huggingface.co/v1/production/uploads/1658743016913-62de689d86220b5cb895acea.png"},"markdownContentUrl":"https://huggingface.co/buckets/huggingchat/papers-content/resolve/2606/2606.23189.md","query":{}}">

Get this paper in your agent:

Don't have the latest CLI?

Cite arxiv.org/abs/2606.23189 in a model README.md to link it from this page.

Cite arxiv.org/abs/2606.23189 in a dataset README.md to link it from this page.

Cite arxiv.org/abs/2606.23189 in a Space README.md to link it from this page.

Add this paper to a collection to link it from this page.