In summary: Most commercial computer-use agents routinely disclose data from contexts where it is not relevant, because they do not respect the boundary between data sources and action context.
Researchers have shown that AI agents operating on user devices routinely transfer sensitive data from one application to another, where it does not belong. A new evaluation benchmark (AgentCIBench) reveals data leaks in an average of 67.9% of scenarios across 15 leading agents reviewed.
Computer-use agents (CUAs) are AI systems that act on behalf of users on personal applications such as email, calendars, and to-do lists. While this cross-application access makes functional sense, it creates a data protection risk that has received little attention so far: agents can transfer information from one context to another where it is out of place.
The researchers identified three common failure modes. The first is visual co-location: the agent pulls in prohibited information that is displayed alongside the actual task objective in the user interface. The second is task-ambiguity overshare: the agent discloses dense personal data when the prompt is underspecified. The third is recipient misalignment: the agent sends content to a person for whom it is inappropriate. Evaluation of 15 leading agents revealed alarming results: 11 of the 15 agents caused leaks in more than 50% of scenarios, with an average data leak of 67.9%. The same errors occurred even when agents operated end-to-end in the environment to complete a task.
For CTOs, this means concretely: agents deployed in a multi-app environment can systematically disclose sensitive data – even if the individual agent works technically. This is not an edge-case error, but a structural problem with the current generation of computer-use agents. The team provides AgentCIBench free of charge to promote the development of safer computer-use agents and to establish contextual-disclosure testing as a pre-deployment security check.
Source: arxiv.org · Published June 21, 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.