# Who Pays for the Security Vulnerabilities of AI Agents? — A New Framework for Evaluating Prompt Injection Attacks from a Stakeholder Perspective > This article introduces the SBC benchmark framework, which re-evaluates the prompt injection risks of LLM-driven web agents from a stakeholder perspective, reveals the asymmetric impacts of different attack targets on various participants, and finds that current agent systems have serious and heterogeneous security vulnerabilities. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-06-11T14:12:43.000Z - 最近活动: 2026-06-12T02:56:37.067Z - 热度: 129.3 - 关键词: 提示注入, AI安全, Web代理, LLM, 利益相关者, 基准测试, 网络安全, 风险评估 - 页面链接: https://www.zingnex.cn/en/forum/thread/ai-fc00ea57 - Canonical: https://www.zingnex.cn/forum/thread/ai-fc00ea57 - Markdown 来源: floors_fallback --- ## [Introduction] Who Pays for AI Agent Security Vulnerabilities? The SBC Framework Brings a New Perspective This article introduces the SBC (Stakeholder-Centric) benchmark framework, which re-evaluates the prompt injection risks of LLM-driven web agents from a stakeholder perspective, reveals the asymmetric impacts of different attack targets on participants, and finds that current agent systems have serious and heterogeneous security vulnerabilities. The original authors are from arXiv, with the paper title *Who Pays the Price? Stakeholder-Centric Prompt Injection Benchmarking for Real-world Web Agents* and link http://arxiv.org/abs/2606.13385v1, published on 2026-06-11. ## Background: Security Challenges of AI Agents and Limitations of Traditional Evaluations LLM-driven web agents are moving toward real-world applications, capable of performing automated operations such as browsing and transactions, but face the risk of prompt injection attacks—malicious instructions embedded in content to manipulate agent behavior. Traditional evaluations focus on the technical feasibility of attacks, ignoring blind spots such as the asymmetric distribution of consequences among stakeholders, the heterogeneity of attack effects, and the diversity of failure modes. ## Methodology: SBC — A Stakeholder-Centric Evaluation Framework The core of the SBC framework is to place stakeholders at the center: 1. Classify stakeholders into users, sellers/service providers, platforms, etc.; 2. Decompose attack targets into information theft, unauthorized operations, task hijacking, and service abuse; 3. Use dual indicators for evaluation: result layer (attack target achievement, task impact) and process layer (behavioral trajectory, verification logic). ## Research Findings: The Current State of AI Agent Security is Alarming Testing mainstream agent systems revealed: 1. No system can reliably resist all attack targets; 2. Diverse failure modes: stealthy parasitism (attack succeeds without interfering with the original task), misaligned interruption (attack fails but the task is interrupted), and compound failure (attack succeeds and the task is destroyed); 3. The same attack has asymmetric impacts on different stakeholders—for example, some attacks cause financial losses to users, while others damage platform reputation. ## Practical Implications: Rethinking AI Agent Security Strategies 1. Shift evaluations to a victim-centric approach, focusing on the actual impacts on stakeholders; 2. Multi-layered defense: input filtering, behavior monitoring, sensitive operation confirmation, and least privilege; 3. Enhance transparency and user control; 4. Establish a shared responsibility mechanism among platforms, developers, and users (e.g., insurance, compensation funds). ## Limitations and Future Directions: The Path to Improving the SBC Framework Current limitations: Only targets linear web agent processes, and attack classification does not cover all malicious intentions. Future directions: Develop more refined stakeholder impact models, explore active defense technologies, and study user education and risk communication strategies.