Privacy in Action: Towards Realistic Privacy Mitigation and Evaluation for LLM-Powered Agents
This addresses privacy vulnerabilities in autonomous LLM agents for users and developers, offering a modular solution for the emerging agentic ecosystem.
The paper tackles privacy risks in LLM-powered agents by introducing PrivacyChecker, a mitigation approach that reduces privacy leakage from 36.08% to 7.30% on DeepSeek-R1 and from 33.06% to 8.32% on GPT-4o while preserving task helpfulness, and PrivacyLens-Live, a dynamic benchmark that reveals higher risks in practical environments.
The increasing autonomy of LLM agents in handling sensitive communications, accelerated by Model Context Protocol (MCP) and Agent-to-Agent (A2A) frameworks, creates urgent privacy challenges. While recent work reveals significant gaps between LLMs' privacy Q&A performance and their agent behavior, existing benchmarks remain limited to static, simplified scenarios. We present PrivacyChecker, a model-agnostic, contextual integrity based mitigation approach that effectively reduces privacy leakage from 36.08% to 7.30% on DeepSeek-R1 and from 33.06% to 8.32% on GPT-4o, all while preserving task helpfulness. We also introduce PrivacyLens-Live, transforming static benchmarks into dynamic MCP and A2A environments that reveal substantially higher privacy risks in practical. Our modular mitigation approach integrates seamlessly into agent protocols through three deployment strategies, providing practical privacy protection for the emerging agentic ecosystem. Our data and code will be made available at https://aka.ms/privacy_in_action.