Weathering the CUA Storm: Mapping Security Threats in the Rapid Rise of Computer Use Agents

Computer Use Agents (CUAs) - AI agents that interact with software interfaces like virtual machines (VMs) or web browsers - are rapidly being deployed across consumer and enterprise workflows. The security boundaries of CUAs, however, remain poorly understood. In this position paper, we present a systematic evaluation of the security risks posed by CUAs across realistic operational scenarios. We outline seven key categories of vulnerabilities for which we provide a detailed analysis of common failure modes and a set of practical observations from our security testing of multiple CUA applications.