mediumexperimentalLinuxOCIT1499

Linux Agent Repeated Launch Of Browser Or Desktop Apps

Detects AI agent runtimes repeatedly spawning browser or desktop application processes, indicating a potential runaway automation loop that may exhaust system resources or trigger cascading UI-automation failures.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aicascading-failurebrowser-automationlooplinuxociowasp-asi08

Problem Statement

AI agents performing UI automation can enter runaway states where they repeatedly open browsers or applications in response to misinterpreted goals or adversarial prompts. This rapidly exhausts memory, CPU, and display server resources, degrading the OCI instance for all workloads.

Sample Logs

{"timestamp":"2025-01-10T09:00:00Z","computer_name":"oci-desktop-03","user":"agent_svc","image":"/usr/bin/google-chrome","command_line":"google-chrome --headless https://target.example.com","parent_image":"/usr/bin/python3","note":"launch 1 of 12 in 5 minutes"}

Required Fields

image

command_line

parent_image

user

computer_name

False Positives

·Web scraping or testing agents that legitimately open multiple browser instances for parallel testing

Tuning Guidance

Set the launch count threshold based on the maximum expected parallel browser instances for approved automation tasks. Headless browser launches are lower risk than headed (visible UI) launches.