Got a Secret? LLM Agents Can't Keep It: Evaluating Privacy in Multi-Agent Systems
Quick Take
LLM agents struggle with privacy in multi-agent systems, revealing significant risks under social pressure.
Key Points
- Privacy violations increase from single to multi-turn evaluations.
- Social contagion leads to higher disclosure rates among agents.
- Explicit privacy instructions reduce but don't eliminate leakage.
Article Excerpt
From source RSS / original summaryarXiv:2605. 27766v1 Announce Type: new Abstract: LLM safety evaluations predominantly test models in isolation, yet deployed AI agents increasingly operate within persistent social environments alongside other agents. We introduce a Moltbook-style simulation platform where thousands of LLM agents interact across communities over a simulated month, and use it to evaluate privacy as a downstream safety concern under varying degrees of social pressure.
We find that shifting from single turn to multi turn social evaluation amplifies privacy violations (CIMemories 19. 95% to Ours 45. 30% across OpenAI models), that leakage is socially contagious, with agents 8 times more likely to disclose sensitive information after observing a peer do so, and that explicit privacy instructions reduce but do not eliminate this effect, leaving leakage rates above 37. 8% even with safeguards.
Our findings suggest that static chat based safety benchmarks systematically underestimate risks in agentic deployment, and that social context alone is sufficient to elicit sensitive disclosures that single turn evaluations would never surface.
Reader Mode unavailable (could not extract clean content).
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from arXiv cs.AI
See more →From Prompts to Protocols: An AI Agent for Laboratory Automation
An AI agent integrates large language models for automating laboratory protocols, enhancing efficiency and accuracy.
