Unveiling Privacy Risks in LLM Agent Memory
This addresses privacy vulnerabilities for users of LLM agents, though it is incremental as it builds on known risks with a new attack method.
The paper tackles the privacy risks in LLM agents by proposing the Memory EXTRaction Attack (MEXTRA) to extract private information from memory modules, demonstrating its effectiveness in experiments on two representative agents.
Large Language Model (LLM) agents have become increasingly prevalent across various real-world applications. They enhance decision-making by storing private user-agent interactions in the memory module for demonstrations, introducing new privacy risks for LLM agents. In this work, we systematically investigate the vulnerability of LLM agents to our proposed Memory EXTRaction Attack (MEXTRA) under a black-box setting. To extract private information from memory, we propose an effective attacking prompt design and an automated prompt generation method based on different levels of knowledge about the LLM agent. Experiments on two representative agents demonstrate the effectiveness of MEXTRA. Moreover, we explore key factors influencing memory leakage from both the agent designer's and the attacker's perspectives. Our findings highlight the urgent need for effective memory safeguards in LLM agent design and deployment.