{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2025:ZDN4ON3FCVBTK6ODRNVU7GAG74","short_pith_number":"pith:ZDN4ON3F","schema_version":"1.0","canonical_sha256":"c8dbc7376515433579c38b6b4f9806ff0dfbd89a8ad6e8bea33b1ddce8b7b2f0","source":{"kind":"arxiv","id":"2505.14289","version":2},"attestation_state":"computed","paper":{"title":"EVA: Evolving Semantic Adversaries for Red-Teaming GUI Agents Against Environmental Injection Attacks","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.AI","authors_text":"Daizong Ding, Gongshen Liu, Manman Zhao, Tianjie Ju, Xinbei Ma, Yijie Lu, Yuan Guo, Zhuosheng Zhang, Zihe Yan","submitted_at":"2025-05-20T12:41:05Z","abstract_excerpt":"Graphical User Interface (GUI) agents powered by Multimodal Large Language Models (MLLMs) are increasingly deployed yet vulnerable to Environmental Injection Attacks (EIAs).However, current red-teaming methods are hindered by prohibitive computational costs and limited adaptability. A fundamental question remains unaddressed: does the bottleneck of attack success lie in visual perception or semantic understanding? Through controlled experiments, we observe that semantic deception, rather than visual appearance, serves as the primary determinant of attack success. Based on this insight, we intr"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2505.14289","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.AI","submitted_at":"2025-05-20T12:41:05Z","cross_cats_sorted":[],"title_canon_sha256":"e626dcccf6e121f6bd2645c204b1d2cfdae2694c9ee47d8ff664a3fa76e8b342","abstract_canon_sha256":"9989d8ade7e1e8de3d0410c04a12a9089a271ec1046d7440d05b8c01aba83d2b"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-08T01:03:44.969043Z","signature_b64":"EHWJ+9TmbYFitcApaGJJhlxt6lzGTOtnTY3Xkt5dVEhV5dhQILF9Y4dv+nq53NdNPb7L8reG6AuyKeLwMHgJAg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"c8dbc7376515433579c38b6b4f9806ff0dfbd89a8ad6e8bea33b1ddce8b7b2f0","last_reissued_at":"2026-06-08T01:03:44.968211Z","signature_status":"signed_v1","first_computed_at":"2026-06-08T01:03:44.968211Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"EVA: Evolving Semantic Adversaries for Red-Teaming GUI Agents Against Environmental Injection Attacks","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.AI","authors_text":"Daizong Ding, Gongshen Liu, Manman Zhao, Tianjie Ju, Xinbei Ma, Yijie Lu, Yuan Guo, Zhuosheng Zhang, Zihe Yan","submitted_at":"2025-05-20T12:41:05Z","abstract_excerpt":"Graphical User Interface (GUI) agents powered by Multimodal Large Language Models (MLLMs) are increasingly deployed yet vulnerable to Environmental Injection Attacks (EIAs).However, current red-teaming methods are hindered by prohibitive computational costs and limited adaptability. A fundamental question remains unaddressed: does the bottleneck of attack success lie in visual perception or semantic understanding? Through controlled experiments, we observe that semantic deception, rather than visual appearance, serves as the primary determinant of attack success. Based on this insight, we intr"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2505.14289","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2505.14289/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2505.14289","created_at":"2026-06-08T01:03:44.968329+00:00"},{"alias_kind":"arxiv_version","alias_value":"2505.14289v2","created_at":"2026-06-08T01:03:44.968329+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2505.14289","created_at":"2026-06-08T01:03:44.968329+00:00"},{"alias_kind":"pith_short_12","alias_value":"ZDN4ON3FCVBT","created_at":"2026-06-08T01:03:44.968329+00:00"},{"alias_kind":"pith_short_16","alias_value":"ZDN4ON3FCVBTK6OD","created_at":"2026-06-08T01:03:44.968329+00:00"},{"alias_kind":"pith_short_8","alias_value":"ZDN4ON3F","created_at":"2026-06-08T01:03:44.968329+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":3,"internal_anchor_count":3,"sample":[{"citing_arxiv_id":"2509.07553","citing_title":"VeriOS: Query-Driven Proactive Human-Agent-GUI Interaction for Trustworthy OS Agents","ref_index":32,"is_internal_anchor":true},{"citing_arxiv_id":"2604.24348","citing_title":"OS-SPEAR: A Toolkit for the Safety, Performance,Efficiency, and Robustness Analysis of OS Agents","ref_index":81,"is_internal_anchor":true},{"citing_arxiv_id":"2604.18860","citing_title":"Temporal UI State Inconsistency in Desktop GUI Agents: Formalizing and Defending Against TOCTOU Attacks on Computer-Use Agents","ref_index":20,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74","json":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74.json","graph_json":"https://pith.science/api/pith-number/ZDN4ON3FCVBTK6ODRNVU7GAG74/graph.json","events_json":"https://pith.science/api/pith-number/ZDN4ON3FCVBTK6ODRNVU7GAG74/events.json","paper":"https://pith.science/paper/ZDN4ON3F"},"agent_actions":{"view_html":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74","download_json":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74.json","view_paper":"https://pith.science/paper/ZDN4ON3F","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2505.14289&json=true","fetch_graph":"https://pith.science/api/pith-number/ZDN4ON3FCVBTK6ODRNVU7GAG74/graph.json","fetch_events":"https://pith.science/api/pith-number/ZDN4ON3FCVBTK6ODRNVU7GAG74/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74/action/timestamp_anchor","attest_storage":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74/action/storage_attestation","attest_author":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74/action/author_attestation","sign_citation":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74/action/citation_signature","submit_replication":"https://pith.science/pith/ZDN4ON3FCVBTK6ODRNVU7GAG74/action/replication_record"}},"created_at":"2026-06-08T01:03:44.968329+00:00","updated_at":"2026-06-08T01:03:44.968329+00:00"}