Computer-Use and TOCTOU: What You Click Is Not What You Get!
Summary
A TOCTOU attack (time-of-check to time-of-use, a type of race condition where a system checks something and then uses it, but the situation changes in between) can trick AI agents that control computers by changing what's on the screen while the AI is thinking. For example, an attacker can swap out a button with a different one, or overlay a fake button on top of a real one, so the AI clicks something it didn't intend to, like sending an email or visiting a malicious site.
Solution / Mitigation
"Ensure that the UI hasn't changed before taking an action." Anthropic addressed this in Claude Computer-Use by implementing a check to "ensure that pixels haven't changed before action," according to Felix Rieseberg's announcement when the feature shipped.
Classification
Affected Vendors
Related Issues
Original source: https://embracethered.com/blog/posts/2026/toctou-agent-what-you-click-is-not-what-you-get/
First tracked: June 25, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%