🚨 Your wallpaper can hack your computer: here's how

The images we see every day on our screens could hide dangers for our computers. A recent study reveals that artificial intelligence agents, these personal assistants capable of performing automated tasks, can be manipulated by pixels invisible to the human eye. These modifications transform harmless photos, like a celebrity wallpaper, into vectors for malicious attacks.

AI agents differ from classic chatbots by their ability to act directly on a system: they open tabs, fill out forms, or click buttons. This autonomy of action makes them particularly vulnerable if hackers manage to compromise them. Researchers from the University of Oxford demonstrated in a preprint on arXiv.org that altered images can contain hidden commands, triggering undesirable behaviors in the agent.


To understand this phenomenon, one must grasp how computers interpret images. Unlike humans who perceive shapes and colors, machines analyze pixels as numerical data. By slightly modifying certain pixel values, it's possible to trick the AI without the image appearing changed to our eyes. This manipulation exploits large language models, the core of AI systems, to inject harmful instructions.

Wallpapers are a preferred target because they are constantly visible when the agent takes screenshots to navigate. Even after compression or resizing, the malicious message remains readable for the machine. Researchers emphasize that open-source systems are the most exposed, as their codes are accessible and therefore easier to analyze to design attacks.

Although no real cases have been reported outside of experiments, this vulnerability calls for caution. Developers must integrate defense mechanisms, such as training models to recognize and ignore these manipulations. As AI agents are expected to become widespread within two years, this study serves as a warning to secure these emerging technologies.

How AI agents see the world

Artificial intelligence agents perceive the digital environment differently from humans. They use repeated screenshots to analyze the interface, converting each pixel into numerical data. This approach allows navigation through menus and interaction with elements, but it introduces a flaw: any displayed image becomes a potential source of instructions.

Unlike our vision which integrates context and details, AI decomposes images into mathematical patterns. It first identifies edges, then textures, and finally objects. This process relies on precise calculations, where tiny pixel alterations can distort interpretation.

To protect themselves, developers could implement filters capable of detecting pixel anomalies before processing. Another approach involves limiting agent permissions by prohibiting them from executing commands from unverified images.

Understanding this machine vision helps anticipate risks and design more robust systems.