PrivacyPeek: Auditing What LLM-Based Agents Acquire, Not Just What They Say

2026-05-29 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Expert, quick

Summary

PrivacyPeek is a new benchmark designed to evaluate acquisition-stage privacy leakage in LLM-based agents, addressing a critical oversight in existing privacy assessments. While current benchmarks focus on agent responses or outgoing actions, PrivacyPeek scrutinizes the data agents acquire through external tool invocation, often exceeding task requirements. The benchmark comprises 1,182 cases across 7 acquisition behaviors and 16 application domains. It employs "Acquisition Inspection" to analyze tool-call trajectories for sensitive over-acquisition and "Probe Elicitation" to measure the ease of eliciting acquired but undisclosed sensitive information. Experiments on 10 LLM-based agents from 4 model families reveal widespread unnecessary sensitive information acquisition, a correlation between task-completion capability and leakage, and the limited effectiveness of prompt-level defenses. This highlights the urgent need for auditing acquisition-stage privacy.

Key takeaway

For AI Security Engineers deploying or evaluating LLM-based agents, you must shift focus beyond output privacy to scrutinize the data acquisition stage. Your current prompt-level defenses are likely insufficient against agents over-acquiring sensitive information through tool use. Implement robust acquisition inspection and elicitation testing, similar to PrivacyPeek's methodology, to identify and mitigate these widespread, often correlated, privacy risks before deployment.

Key insights

LLM agents often over-acquire sensitive data during tool use, creating a significant, overlooked privacy vulnerability.

Principles

• Agent task-completion capability correlates with acquisition-stage leakage.
• Prompt-level defenses are largely insufficient for acquisition privacy.

Method

PrivacyPeek uses "Acquisition Inspection" to analyze tool-call data for over-acquisition and "Probe Elicitation" to test the elicitation of acquired, undisclosed sensitive information.

In practice

• Implement acquisition-stage privacy audits for LLM agents.
• Develop new defense mechanisms beyond prompt engineering.

Topics

• LLM Agents
• Data Privacy
• Security Auditing
• Acquisition Leakage
• Tool Use
• Prompt Engineering

Code references

• Xuan269/PrivacyPeek-Resource

Best for: Research Scientist, CTO, VP of Engineering/Data, AI Scientist, AI Security Engineer, Machine Learning Engineer

Related on AIssential

• AI tools for hearing difficulties — helpful or harmful for language learning? — AI assistive technology presents a dilemma for language learners with hearing difficulties, balancing aid with skill development.
• How Enterprise Marketing Teams Are Actually Using AI Agents in 2026 — Enterprise marketing is shifting from human-assisted AI tools to autonomous AI agents that redesign entire workflows.
• [AINews] Microsoft Build: MAI-Thinking-1 and MAI Family models — Microsoft's MAI models showcase a transparent, full-stack AI strategy emphasizing clean data and local agent execution.
• Are we getting better at explaining things because of our interaction with LLMs? — Crafting clear LLM prompts may enhance human explanatory and communication abilities.
• OpenAI expands Codex with role-specific plugins to build a general-purpose app for non-developers — OpenAI is transforming Codex into a general-purpose, role-specific AI work app, expanding beyond coding for non-developers.
• How to Use Claude Managed Agents? — Anthropic's Claude Managed Agents simplifies AI agent deployment by providing a hosted, stateful, and secure execution environment.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.