Skip to content

NicerWang/AdInject

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
ad_server
ad_server
 
 
osworld_attack
osworld_attack
 
 
pages
pages
 
 
webarena_attack
webarena_attack
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

AdInject: Real-World Black-Box Attacks on Web Agents via Advertising Delivery

Homepage | Paper Here

This repository contains the official implementation of the paper, "AdInject: Real-World Black-Box Attacks on Web Agents via Advertising Delivery". The paper introduces AdInject, a novel, real-world black-box attack method that leverages internet advertising delivery to inject malicious content into Web Agents' environments, misleading them into clicking ads with high success rates (often >60%, sometimes approaching 100%).

AdInject

Usage

Citation

If you find this work useful, please consider citing the following paper:

@misc{wang2025adinjectrealworldblackboxattacks,
      title={AdInject: Real-World Black-Box Attacks on Web Agents via Advertising Delivery}, 
      author={Haowei Wang and Junjie Wang and Xiaojun Jia and Rupeng Zhang and Mingyang Li and Zhe Liu and Yang Liu and Qing Wang},
      year={2025},
      eprint={2505.21499},
      archivePrefix={arXiv},
      primaryClass={cs.CR},
      url={https://arxiv.org/abs/2505.21499}, 
}

About

Official implementation of "AdInject: Real-World Black-Box Attacks on Web Agents via Advertising Delivery".

nicerwang.github.io/AdInject/

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages