LPS-Bench: Benchmarking Safety Awareness of Computer-Use Agents in Long-Horizon Planning under Benign and Adversarial Scenarios

Computer-use agents (CUAs) that interact with real computer systems can perform automated tasks but face critical safety risks. Ambiguous instructions may trigger harmful actions, and adversarial users can manipulate tool execution to achieve malicious goals. Existing benchmarks mostly focus on short-horizon or GUI-based tasks, evaluating on execution-time errors but overlooking the ability to anticipate planning-time risks. To fill this gap, we present LPS-Bench, a benchmark that evaluates the planning-time safety awareness of MCP-based CUAs under long-horizon tasks, covering both benign and adversarial interactions across 65 scenarios of 7 task domains and 9 risk types. We introduce a multi-agent automated pipeline for scalable data generation and adopt an LLM-as-a-judge evaluation protocol to assess safety awareness through the planning trajectory. Experiments reveal substantial deficiencies in existing CUAs' ability to maintain safe behavior. We further analyze the risks and propose mitigation strategies to improve long-horizon planning safety in MCP-based CUA systems. We open-source our code at https://github.com/tychenn/LPS-Bench.

Key Contributions

• LPS-Bench: a benchmark of 65 scenarios across 7 task domains and 9 risk types evaluating planning-time safety awareness of MCP-based CUAs under both benign and adversarial long-horizon settings
• Multi-agent automated pipeline for scalable safety scenario generation with LLM-as-a-judge evaluation across full planning trajectories
• Empirical evaluation of 13 LLM agents revealing substantial safety deficiencies, with analysis of risk categories and proposed mitigation strategies

🛡️ Threat Analysis

Details

Similar Papers