{"id":"https://openalex.org/W4417449788","doi":"https://doi.org/10.48550/arxiv.2512.12594","title":"ceLLMate: Sandboxing Browser AI Agents","display_name":"ceLLMate: Sandboxing Browser AI Agents","publication_year":2025,"publication_date":"2025-12-14","ids":{"openalex":"https://openalex.org/W4417449788","doi":"https://doi.org/10.48550/arxiv.2512.12594"},"language":null,"primary_location":{"id":"pmh:oai:arXiv.org:2512.12594","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2512.12594","pdf_url":"https://arxiv.org/pdf/2512.12594","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2512.12594","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5105664216","display_name":"L. Meng","orcid":"https://orcid.org/0000-0002-2901-6589"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Meng, Luoxi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120840693","display_name":"Henry Feng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Feng, Henry","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120840694","display_name":"Ilia Shumailov","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shumailov, Ilia","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5060924315","display_name":"Earlence Fernandes","orcid":"https://orcid.org/0000-0001-8593-2840"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fernandes, Earlence","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5105664216"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.41359999775886536,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.41359999775886536,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.2515000104904175,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.12309999763965607,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/latency","display_name":"Latency (audio)","score":0.4165000021457672},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.39750000834465027},{"id":"https://openalex.org/keywords/security-domain","display_name":"Security domain","score":0.35749998688697815},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.33340001106262207},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.32710000872612},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.3257000148296356}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8409000039100647},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4823000133037567},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.4165000021457672},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.39750000834465027},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.35749998688697815},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.33340001106262207},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.32710000872612},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.3257000148296356},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3206000030040741},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.31049999594688416},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.30660000443458557},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.30160000920295715}],"mesh":[],"locations_count":3,"locations":[{"id":"pmh:oai:arXiv.org:2512.12594","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2512.12594","pdf_url":"https://arxiv.org/pdf/2512.12594","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:doi:10.48550/arxiv.2512.12594","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2512.12594","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.12594","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2512.12594","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2512.12594","pdf_url":"https://arxiv.org/pdf/2512.12594","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4417449788.pdf","grobid_xml":"https://content.openalex.org/works/W4417449788.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Browser-using":[0],"agents":[1,9,29],"(BUAs)":[2],"are":[3,36],"an":[4,44,139],"emerging":[5],"class":[6],"of":[7,78],"AI":[8],"that":[10,42,67,87,150],"interact":[11],"with":[12,159],"web":[13],"browsers":[14],"in":[15,128,155],"human-like":[16],"ways,":[17],"including":[18],"clicking,":[19],"scrolling,":[20],"filling":[21],"forms,":[22],"and":[23,73,94,104,108,143],"navigating":[24],"across":[25],"pages.":[26],"While":[27],"these":[28],"help":[30],"automate":[31],"repetitive":[32],"online":[33],"tasks,":[34],"they":[35],"vulnerable":[37],"to":[38,90,114,131],"prompt":[39,79,152],"injection":[40,153],"attacks":[41,154],"trick":[43],"agent":[45],"into":[46],"performing":[47],"undesired":[48],"actions,":[49],"such":[50],"as":[51,138],"leaking":[52],"private":[53],"information":[54],"or":[55],"issuing":[56],"unintended":[57],"state-changing":[58],"requests.":[59],"We":[60,81,135],"propose":[61],"ceLLMate,":[62],"a":[63],"browser-level":[64],"sandboxing":[65,116,148],"framework":[66],"restricts":[68],"the":[69,75,83,118,132,156],"agent's":[70],"ambient":[71],"authority":[72],"reduces":[74],"blast":[76],"radius":[77],"injections.":[80],"address":[82],"semantic":[84],"gap":[85],"challenge":[86],"is":[88,106,113],"fundamental":[89],"BUAs":[91],"--":[92],"writing":[93],"enforcing":[95],"security":[96],"policies":[97,149],"for":[98],"low-level":[99],"UI":[100,124],"tools":[101],"like":[102],"clicks":[103],"keystrokes":[105],"brittle":[107],"error-prone.":[109],"Our":[110],"core":[111],"insight":[112],"perform":[115],"at":[117],"HTTP":[119],"layer":[120],"because":[121],"all":[122],"side-effecting":[123],"operations":[125],"will":[126],"result":[127],"network":[129],"communication":[130],"website's":[133],"backend.":[134],"implement":[136],"ceLLMate":[137],"agent-agnostic":[140],"browser":[141],"extension":[142],"demonstrate":[144],"how":[145],"it":[146],"enables":[147],"block":[151],"WASP":[157],"benchmark":[158],"7.25--15%":[160],"latency":[161],"overhead.":[162]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-12-17T00:00:00"}