With the widespread deployment of Computer-using Agents (CUAs) in complex real-world environments, prevalent long-term risks often lead to severe and irreversible consequences. Most existing guardrails for CUAs adopt a reactive approach, constraining agent behavior only within the current observation space. While these guardrails can prevent immediate short-term risks (e.g., clicking on a phishing link), they cannot proactively avoid long-term risks: seemingly reasonable actions can lead to high-risk consequences that emerge with a delay (e.g., cleaning logs leads to future audits being untraceable), which reactive guardrails cannot identify within the current observation space. To address these limitations, we propose a predictive guardrail approach, with the core idea of aligning predicted future risks with current decisions. Based on this approach, we present SafePred, a predictive guardrail framework for CUAs that establishes a risk-to-decision loop to ensure safe agent behavior. SafePred supports two key abilities: (1) Short- and long-term risk prediction: by using safety policies as the basis for risk prediction, SafePred leverages the prediction capability of the world model to generate semantic representations of both short-term and long-term risks, thereby identifying and pruning actions that lead to high-risk states; (2) Decision optimization: translating predicted risks into actionable safe decision guidances through step-level interventions and task-level re-planning. Extensive experiments show that SafePred significantly reduces high-risk behaviors, achieving over 97.6% safety performance and improving task utility by up to 21.4% compared with reactive baselines.

翻译：随着计算机使用智能体（CUAs）在复杂现实环境中的广泛部署，普遍存在的长期风险往往导致严重且不可逆的后果。现有的大多数CUA防护栏采用反应式方法，仅在当前观察空间内约束智能体行为。虽然这些防护栏能够预防即时的短期风险（例如点击钓鱼链接），但无法主动规避长期风险：看似合理的行动可能导致延迟出现的高风险后果（例如清理日志导致未来审计无法追溯），而反应式防护栏在当前观察空间内无法识别此类风险。为应对这些局限，我们提出了一种预测性防护栏方法，其核心思想是将预测的未来风险与当前决策对齐。基于此方法，我们提出了SafePred——一个面向CUAs的预测性防护栏框架，该框架建立了风险到决策的闭环以确保智能体行为安全。SafePred支持两项关键能力：（1）短期与长期风险预测：通过以安全策略作为风险预测基础，SafePred利用世界模型的预测能力生成短期与长期风险的语义表征，从而识别并剪枝导致高风险状态的行为；（2）决策优化：通过步级干预与任务级重规划，将预测风险转化为可执行的安全决策指导。大量实验表明，相较于反应式基线方法，SafePred显著减少了高风险行为，实现了超过97.6%的安全性能，并将任务效用提升最高达21.4%。