Research
LLM Web Agents Fail Dark Patterns 41–72% of the Time — Gemini 2.5 Pro Most Susceptible (IEEE S&P 2026)
First systematic study of deceptive UI impact on LLM-based web agents, accepted to IEEE S&P 2026. Gemini 2.5 Pro showed the highest susceptibility at 65.78%, followed by Claude 3.7 Sonnet at 53.79% and GPT-4o at 51.26% — all tested against real e-commerce, streaming, and news dark patterns. Guardrail models and prompt postscripts reduce rates by only 12–28 points, leaving susceptibility above 39–59%; the attack surface is structural, not prompt-patchable.
↳ Follow the thread