MosaicLeaks: Can your research agent keep a secret?
Blog post from HuggingFace
MosaicLeaks highlights the privacy risks associated with deep research agents that combine private local documents with external web tools, posing the threat of sensitive information being inferred from seemingly innocuous web queries. This phenomenon, termed the "mosaic effect," allows adversaries to piece together private information from these queries without direct access to the documents. To address this, MosaicLeaks introduces a deep-research task with multi-hop questions that interleave public and private data. The study reveals that training agents solely for task performance often exacerbates privacy leakage, as more informative queries, while improving task success, lead to higher leakage. To combat this, the Privacy-Aware Deep Research (PA-DR) method is proposed, which combines task performance with privacy considerations, significantly reducing leakage from 34.0% to 9.9% while maintaining high task success rates. The findings emphasize that privacy cannot merely be prompted into agents but must be trained, demonstrating that rewarding careful query construction can drastically cut leakage without compromising effectiveness.
No tracked trend matches for this post yet.