Chris Harig

TL;DR: I built a control setting for computer-use agents and studied a few monitoring setups. I found that attackers can leverage the opacity of computer-use tool calls and gaps between screenshot-action pairs to access credentials or exfiltrate data to other devices on a network without being caught by a monitor....