From Conventional Web Privacy to Agentic Disclosure: How Tool Schemas May Invite LLM Oversharing
Summary
A new privacy risk, "agentic disclosure," emerges in LLM agentic systems where agents generate API requests to external services at runtime, potentially oversharing user data. Unlike conventional web settings, disclosure is no longer limited to direct user input but can be generated by the agent, making context-sensitive boundaries harder to preserve. This position paper argues that the runtime tool call is the critical unit for privacy analysis. It diagnoses interface conditions that increase oversharing plausibility, specifically focusing on schemas exposing generic, weakly constrained free-text fields. A case study of 2,344 tool specifications from the OpenAI GPT ecosystem revealed that 36.9% contain at least one such channel. This creates conditions for within-context over-disclosure, cross-context leakage, and contextual flattening, prompting a research agenda for argument-level analysis of data sent to third-party services.
Key takeaway
For AI Engineers developing LLM agents that interact with external services, you must scrutinize tool schemas to prevent unintended data disclosure. Weakly constrained free-text fields in these schemas can lead to agent oversharing, within-context over-disclosure, and cross-context leakage. Proactively audit your agent's tool specifications for such channels and implement stricter argument-level controls. This shifts privacy analysis from just agent outputs to the specific data your agents send to third-party APIs.
Key insights
LLM agent tool schemas with weakly constrained free-text fields create new privacy risks through runtime oversharing.
Principles
- Runtime tool calls are key for privacy analysis.
- Generic free-text fields invite agent oversharing.
- Disclosure boundaries are harder to preserve in agentic systems.
Method
Analyze tool schemas for generic, weakly constrained free-text fields to identify potential agent oversharing channels, moving beyond output-only evaluation.
In practice
- Audit tool schemas for free-text fields.
- Constrain agent input to external services.
- Implement argument-level data analysis.
Topics
- LLM Agents
- Tool Use
- Data Privacy
- API Security
- Information Leakage
- Schema Design
Best for: AI Architect, Research Scientist, CTO, AI Scientist, AI Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Paper Index on ACL Anthology.