Safe, or Simply Incapable? Rethinking Safety Evaluation for Phone-Use Agents

Researchers introduce PhoneSafety, a benchmark of 700 safety-critical moments across mobile apps, revealing that stronger AI phone-use agents don't necessarily make safer decisions at risky moments. The study distinguishes between genuine safety judgment and mere inability to act, challenging how AI safety in mobile agents is currently evaluated.

PhoneSafety addresses a critical gap in AI safety evaluation methodology. Current benchmarks treat harmful outcomes uniformly, whether they result from deliberate safe choices, incapability, or failure to understand context. This conflation obscures whether an agent truly understands risk or simply cannot execute complex actions. The research isolates specific decision points in real mobile app interactions, forcing a clearer assessment of agent behavior at genuinely risky moments.

The benchmark's findings carry substantial implications for AI development. The disconnect between general phone-use competence and safe decision-making suggests that scaling model capability alone won't solve safety problems. An agent adept at navigating interfaces may still make catastrophically poor choices when stakes are high—sending sensitive messages, authorizing transactions, or accessing restricted content. This pattern indicates safety requires targeted training beyond general capability improvements.

For the AI industry, this research suggests current safety evaluations may produce false confidence. Companies deploying phone-use agents in production must scrutinize not just task success rates but explicit safety judgment under realistic conditions. The study's distinction between unsafe choices and inability to act also points toward different engineering solutions: unsafe choices require better reasoning about consequences, while capability gaps need improved visual understanding and action execution.

Looking forward, PhoneSafety establishes a more rigorous evaluation framework likely to influence how AI labs benchmark safety. Organizations building autonomous agents should expect increasing pressure to demonstrate not just that agents avoid harm, but that they do so through sound judgment rather than incapability masking as safety. This shift prioritizes deeper reasoning capabilities over surface-level outcome metrics.

• →Stronger phone-use agents do not automatically make safer choices at risky moments, separating capability from judgment
• →PhoneSafety benchmark isolates 700 critical decision points to distinguish genuine safety from inability-to-act masking
• →Current safety evaluations conflate different failure modes, obscuring whether agents understand risk or simply cannot execute
• →Safety-critical failures split into two patterns: poor judgment in doable contexts and inability in visually complex screens
• →Evaluating AI safety requires assessing explicit decision-making logic, not just final harmless outcomes