2026-06-16原文2 min readUpdated: 2026-06-16

OSGuard: A Benchmark for Safety in Computer-Use Agents

OSGuard is a dual-granularity benchmark for evaluating safety in computer-use agents under benign instructions. It includes an action-level benchmark for local guardrail decisions and a risk-augmented execution suite for end-to-end evaluation. Experiments show that current multimodal guardrails perform well on isolated action judgments but reveal gaps in reliable end-to-end safety.

SourcearXiv AIAuthor: Mina Mohammadmirzaei, Jeffrey Flanigan

[2606.15034] OSGuard: A Benchmark for Safety in Computer-Use Agents

[Submitted on 13 Jun 2026]

Title:OSGuard: A Benchmark for Safety in Computer-Use Agents

View a PDF of the paper titled OSGuard: A Benchmark for Safety in Computer-Use Agents, by Mina Mohammadmirzaei and 1 other authors

View PDF HTML (experimental)

Abstract:Computer-use agents are increasingly evaluated by whether they complete realistic desktop and web tasks. However, task success alone can miss failures in which an agent reaches the nominal goal through an unsafe shortcut. We introduce OSGuard, a dual-granularity benchmark suite for evaluating safety in computer-use agents under benign, unchanged user instructions. OSGuard contains an action-level benchmark for local guardrail decisions and a risk-augmented execution suite for end-to-end evaluation. The action-level benchmark consists of contextualized proposed actions labeled as allowed, unrelated, or unsafe, each judged relative to the original instruction and current interface state. The execution suite contains manually constructed OSWorld-derived task variants in which the original task remains achievable, but the environment is modified to introduce latent hazards such as destructive overwrites, etc. Each variant is paired with augmented evaluators that retain the original task-success criterion while adding explicit state-based safety invariants, allowing us to distinguish safe completions from unsafe completions that satisfy the nominal task objective. Our experimental results on OSGuard show that current multimodal guardrails can perform well on isolated action judgments, while risk-augmented execution exposes remaining gaps between local oversight and reliable end-to-end safety. This dual-granularity design enables more precise diagnosis of whether models can both recognize unsafe proposed actions and improve full-task safety when deployed as guardrails.

Subjects:

Artificial Intelligence (cs.AI)

Cite as: arXiv:2606.15034 [cs.AI]

(or arXiv:2606.15034v1 [cs.AI] for this version)

https://doi.org/10.48550/arXiv.2606.15034

arXiv-issued DOI via DataCite (pending registration)

Submission history

From: Mina Mohammadmirzaei [view email] [v1] Sat, 13 Jun 2026 00:32:24 UTC (2,646 KB)

Full-text links:

Access Paper:

View a PDF of the paper titled OSGuard: A Benchmark for Safety in Computer-Use Agents, by Mina Mohammadmirzaei and 1 other authors

View PDF

HTML (experimental)

TeX Source

view license

Current browse context:

cs.AI

new | recent | 2026-06

Change to browse by:

References & Citations

NASA ADS

Google Scholar

Semantic Scholar

Data provided by:

Bibliographic Tools

Bibliographic and Citation Tools

Bibliographic Explorer Toggle

Bibliographic Explorer (What is the Explorer?)

Connected Papers Toggle

Connected Papers (What is Connected Papers?)

Litmaps Toggle

Litmaps (What is Litmaps?)

scite.ai Toggle

scite Smart Citations (What are Smart Citations?)

Code, Data, Media

Code, Data and Media Associated with this Article

alphaXiv Toggle

alphaXiv (What is alphaXiv?)

Links to Code Toggle

CatalyzeX Code Finder for Papers (What is CatalyzeX?)

DagsHub Toggle

DagsHub (What is DagsHub?)

GotitPub Toggle

Gotit.pub (What is GotitPub?)

Huggingface Toggle

Hugging Face (What is Huggingface?)

ScienceCast Toggle

ScienceCast (What is ScienceCast?)

Demos

Replicate Toggle

Replicate (What is Replicate?)

Spaces Toggle

Hugging Face Spaces (What is Spaces?)

Spaces Toggle

TXYZ.AI (What is TXYZ.AI?)