@inproceedings{zhang-etal-2026-dont-click,
    title = "Don{'}t Click That: Teaching Web Agents to Resist Deceptive Interfaces",
    author = "Zhang, Yilin  and
      Hua, Yingkai  and
      Wei, Chunyu  and
      Wang, Xin  and
      Chen, Yueguo",
    editor = "Liakata, Maria  and
      Moreira, Viviane P.  and
      Zhang, Jiajun  and
      Jurgens, David",
    booktitle = "Proceedings of the 64th Annual Meeting of the {A}ssociation for {C}omputational {L}inguistics (Volume 1: Long Papers)",
    month = jul,
    year = "2026",
    address = "San Diego, California, United States",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/ingest-acl/2026.acl-long.310/",
    pages = "6830--6852",
    ISBN = "979-8-89176-390-6",
    abstract = "Vision-language model (VLM) based web agents demonstrate impressive autonomous GUI interaction but remain vulnerable to deceptive interface elements. Existing approaches either detect deception without task integration or document attacks without proposing defenses. We formalize deception-aware web agent defense and propose DUDE (Deceptive UI Detector Evaluator), a two-stage framework combining hybrid-reward learning with asymmetric penalties and experience summarization to distill failure patterns into transferable guidance. We introduce RUC (Real UI Clickboxes), a benchmark of 1,407 scenarios spanning four domains and deception categories. Experiments show DUDE reduces deception susceptibility by 53.8{\%} while maintaining task performance, establishing an effective foundation for robust web agent deployment."
}