中文

PiSAs: Benchmarking Contextual Integrity in Multi-User Agentic Systems

多智能体系统 2026-07-06 v1 密码学与安全

摘要

As LLM agents evolve from single-user assistants into shared organizational infrastructure, new privacy risks emerge: inappropriate information may not only be exposed through outputs for external recipients, but also internally across users through inter-agent messages, shared memory and agents. These data spillage risks are not captured by existing privacy benchmarks grounded in contextual integrity (CI) as they focus primarily on either single-user settings or interactions between independently owned agents. We introducePiSAs (Privacy in Shared Agentic systems), a benchmark for assessing unintentional leaks with dual CI annotations: whether an information is appropriate for the task, and which users may legitimately access it. This enables direct measurement of cross-user spillage across agentic system components and interfaces, such as outputs, inter-agent communication, and memory. PiSAsis system-agnostic and supports evaluation across different agent topologies and memory regimes. We find that, although system design improves CI compliance, results are bottlenecked by incorrect LLM judgment calls: even state-of-the-art models fail to reliably filter inappropriate content or restrict transmission to authorized users. Our findings underscore the need for privacy-preserving strategies, beyond those studied in this work.

引用

@article{arxiv.2607.05318,
  title  = {PiSAs: Benchmarking Contextual Integrity in Multi-User Agentic Systems},
  author = {Shubham Gupta and Nazanin Mohammadi Sepahvand and Abhinav Kumar and Cem Subakan and Spandana Gella and Pierre-André Noël and Perouz Taslakian and Eugene Bagdasarian and Valentina Zantedeschi},
  journal= {arXiv preprint arXiv:2607.05318},
  year   = {2026}
}