"Penny Wise, Pixel Foolish": Bypassing Price Constraints in Multimodal Agents via Visual Adversarial Perturbations

Abstract

The rapid proliferation of Multimodal Large Language Models (MLLMs) has ushered in the era of the “Agentic Economy,” where Mobile Agents autonomously execute high-stakes financial transactions. While these agents demonstrate impressive operational capabilities, their adversarial robustness remains a glaring blind spot. In this paper, we identify a systemic vulnerability termed Visual Dominance Hallucination (VDH), where imperceptible adversarial visual cues can act as a “super-stimulus,” overriding textual price evidence in our evaluated screenshot-based price-constrained settings and forcing the agent into irrational economic decisions. We propose PriceBlind, a stealthy, white-box adversarial attack framework for controlled screenshot-based evaluation. Unlike prior works that rely on conspicuous artifacts like pop-ups, PriceBlind exploits the modality gap in CLIP-based encoders via a novel Semantic-Decoupling Loss. Rather than literally making a luxury item “look cheap,” this regularizer weakens the consistency between high-price text and visual value cues by aligning the image embedding with a low-cost/value-associated anchor region while preserving pixel-level fidelity. On our main E-ShopBench benchmark with clear price constraints, screenshot-based white-box evaluation yields ASRs around 80% on the evaluated agents. Under the evaluated single-turn coordinate-selection protocol in a simplified layout-aware setting, our Ensemble-DI-FGSM strategy also yields non-trivial black-box transfer, with ASR roughly 35–41% across GPT-4o, Gemini-1.5-Pro, and Claude-3.5-Sonnet. In the same screenshot-based setting, standard robust encoders reduce ASR only partially, while a Verify-then-Act stack with robust encoders lowers ASR to below 10% at some clean-accuracy cost.- Anthology ID:

- 2026.findings-acl.788
- Volume:
[Findings of the Association for Computational Linguistics: ACL 2026](/volumes/2026.findings-acl/)- Month:

• July
• Year:
• 2026
• Address:
• San Diego, California, United States

- Editors:
[Maria Liakata](/people/maria-liakata/),[Viviane P. Moreira](/people/viviane-p-moreira/unverified/),[Jiajun Zhang](/people/jiajun-zhang/unverified/),[David Jurgens](/people/david-jurgens/)- Venue:
[Findings](/venues/findings/)- SIG:
- Publisher:

• Association for Computational Linguistics

- Note:
- Pages:

• 16059–16073

- Language:
- URL:
[https://aclanthology.org/2026.findings-acl.788/](https://aclanthology.org/2026.findings-acl.788/)- DOI:
- Cite (ACL):

• Jiachen Qian and Zhaolu Kang. 2026. "Penny Wise, Pixel Foolish": Bypassing Price Constraints in Multimodal Agents via Visual Adversarial Perturbations. InFindings of the Association for Computational Linguistics: ACL 2026, pages 16059–16073, San Diego, California, United States. Association for Computational Linguistics. - Cite (Informal):

[“Penny Wise, Pixel Foolish”: Bypassing Price Constraints in Multimodal Agents via Visual Adversarial Perturbations](https://aclanthology.org/2026.findings-acl.788/)(Qian & Kang, Findings 2026)- PDF:
[https://aclanthology.org/2026.findings-acl.788.pdf](https://aclanthology.org/2026.findings-acl.788.pdf)