Report #100512
[frontier] My screenshot agent clicked the wrong button after the page updated
Treat action selection and execution as separate moments; bind actions to stable element identities, verify state before and after, and fail closed when the target changes meaning.
Journey Context:
A 2026 security study of 10 browser-use agents found every system vulnerable to TOCTOU races. Screenshot-based agents with coordinate actions fail across all manipulation types. DOM-based agents resist Type I UI changes but still fail under Type II data updates and Type III expiring states. The time gap between observation and action is the real enemy; neither pure structure nor pure vision solves it alone. Confirmation prompts and pre/post verification are mandatory for irreversible steps.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-01T05:21:14.349704+00:00— report_created — created