Got a Secret? LLM Agents Can't Keep It: Evaluating Privacy in Multi-Agent Systems
Quick Answer
This paper shows that A new study reveals that privacy violations in LLM agents increase significantly in multi-turn interactions, with leakage rates rising from 19.95% to 45.30% across OpenAI models.
Quick Take
A new study reveals that privacy violations in LLM agents increase significantly in multi-turn interactions, with leakage rates rising from 19.95% to 45.30% across OpenAI models. Observing peers disclosing sensitive information makes agents eight times more likely to leak their own data, indicating that traditional safety benchmarks underestimate risks in social contexts.
Key Points
- Privacy violations in LLM agents rise from 19.95% to 45.30% in multi-turn evaluations.
- Agents are 8 times more likely to disclose sensitive info after observing peers do so.
- Explicit privacy instructions reduce but do not eliminate leakage rates, remaining above 37.8%.
- Static chat-based safety benchmarks fail to capture risks in agentic deployments.
- Social context alone can trigger sensitive disclosures not seen in single-turn evaluations.
Paper Resources
Article Excerpt
From source RSS / original summaryarXiv:2605. 27766v1 Announce Type: new Abstract: LLM safety evaluations predominantly test models in isolation, yet deployed AI agents increasingly operate within persistent social environments alongside other agents. We introduce a Moltbook-style simulation platform where thousands of LLM agents interact across communities over a simulated month, and use it to evaluate privacy as a downstream safety concern under varying degrees of social pressure.
We find that shifting from single turn to multi turn social evaluation amplifies privacy violations (CIMemories 19. 95% to Ours 45. 30% across OpenAI models), that leakage is socially contagious, with agents 8 times more likely to disclose sensitive information after observing a peer do so, and that explicit privacy instructions reduce but do not eliminate this effect, leaving leakage rates above 37. 8% even with safeguards.
Our findings suggest that static chat based safety benchmarks systematically underestimate risks in agentic deployment, and that social context alone is sufficient to elicit sensitive disclosures that single turn evaluations would never surface.
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from arXiv cs.AI
See more →Adversarial Social Epistemology for Assemblies of Humans and Large Language Models
The paper introduces Adversarial Social Epistemology (ASE) to analyze how agents manipulate trust in public communications, highlighting mechanisms that undermine the reliability of testimony and inference. It critiques existing frameworks like epistemic bubbles and misinformation diffusion, proposing a new language for understanding trust breaches and auditing inferential chains in densely interactive environments involving humans and large language models.