OSGuard Benchmark Evaluates Safety of Computer-Use AI Agents.

As AI agents increasingly interact with computer environments, merely achieving a task goal is insufficient; ensuring safety is paramount. This research introduces OSGuard, a comprehensive dual-granularity benchmark suite specifically designed to assess the safety of computer-use agents. Unlike existing evaluations that focus solely on task success, OSGuard identifies instances where an agent might complete a task through an unsafe or undesirable shortcut, even under benign user instructions. The benchmark comprises two main components: an action-level evaluation and a risk-augmented execution suite. The action-level benchmark presents contextualized proposed actions, classifying them as allowed, unrelated, or unsafe relative to the instruction and interface state. The execution suite features modified OSWorld-derived tasks where latent hazards, such as destructive overwrites, are introduced. These tasks are paired with augmented evaluators that not only check for task completion but also enforce explicit state-based safety invariants, distinguishing safe completions from unsafe ones. Experimental results using OSGuard reveal that while current multimodal guardrails can perform well on isolated action judgments, significant gaps remain in ensuring reliable end-to-end safety during full task execution. This dual-granularity design provides a more precise diagnostic tool for understanding whether models can both recognize unsafe actions and improve overall task safety when deployed as guardrails.