{"data":{"id":"7278b889-922f-46ee-a06d-6381c79d300e","title":"Computer-Use and TOCTOU: What You Click Is Not What You Get!","summary":"A TOCTOU attack (time-of-check to time-of-use, a type of race condition where a system checks something and then uses it, but the situation changes in between) can trick AI agents that control computers by changing what's on the screen while the AI is thinking. For example, an attacker can swap out a button with a different one, or overlay a fake button on top of a real one, so the AI clicks something it didn't intend to, like sending an email or visiting a malicious site.","solution":"\"Ensure that the UI hasn't changed before taking an action.\" Anthropic addressed this in Claude Computer-Use by implementing a check to \"ensure that pixels haven't changed before action,\" according to Felix Rieseberg's announcement when the feature shipped.","labels":["security","research"],"sourceUrl":"https://embracethered.com/blog/posts/2026/toctou-agent-what-you-click-is-not-what-you-get/","publishedAt":"2026-06-25T12:20:58.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude","Claude Computer-Use","ChatGPT","ChatGPT Operator","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-25T12:20:58.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","safety"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}