This study investigates the fundamental reasons why web-based AI agents exhibit heightened vulnerability compared to standalone large language models (LLMs). Addressing their anomalous fragility in complex web navigation tasks, we propose the first component-level security analysis framework—moving beyond conventional end-to-end success-rate evaluation. Our method systematically decomposes agent pipelines and performs fine-grained attribution modeling to identify three critical vulnerability mechanisms: (1) ambiguous objective specification in system prompts enabling prompt injection; (2) error accumulation across multi-step action generation; and (3) perceptual distortion arising from limited observation capabilities. The framework not only uncovers architecture-specific security gaps inherent to agentic systems but also establishes verifiable benchmarks and actionable hardening strategies for defense design. As a result, it significantly enhances both the depth and interpretability of AI agent security assessment.

Recent advancements in Web AI agents have demonstrated remarkable capabilities in addressing complex web navigation tasks. However, emerging research shows that these agents exhibit greater vulnerability compared to standalone Large Language Models (LLMs), despite both being built upon the same safety-aligned models. This discrepancy is particularly concerning given the greater flexibility of Web AI Agent compared to standalone LLMs, which may expose them to a wider range of adversarial user inputs. To build a scaffold that addresses these concerns, this study investigates the underlying factors that contribute to the increased vulnerability of Web AI agents. Notably, this disparity stems from the multifaceted differences between Web AI agents and standalone LLMs, as well as the complex signals - nuances that simple evaluation metrics, such as success rate, often fail to capture. To tackle these challenges, we propose a component-level analysis and a more granular, systematic evaluation framework. Through this fine-grained investigation, we identify three critical factors that amplify the vulnerability of Web AI agents; (1) embedding user goals into the system prompt, (2) multi-step action generation, and (3) observational capabilities. Our findings highlights the pressing need to enhance security and robustness in AI agent design and provide actionable insights for targeted defense strategies.