Unveiling Privacy Risks in LLM Agent Memory

TL;DR

This paper reveals privacy vulnerabilities in LLM agents' memory modules, demonstrating a new attack method that effectively extracts private information, emphasizing the need for improved safeguards.

Contribution

It introduces MEXTRA, a novel black-box attack method for extracting private data from LLM agent memory, and systematically analyzes factors affecting memory leakage.

Findings

MEXTRA effectively extracts private information from LLM agent memory.

Key factors influencing memory leakage are identified from both design and attack perspectives.

Results highlight urgent need for memory safeguards in LLM agents.

Abstract

Large Language Model (LLM) agents have become increasingly prevalent across various real-world applications. They enhance decision-making by storing private user-agent interactions in the memory module for demonstrations, introducing new privacy risks for LLM agents. In this work, we systematically investigate the vulnerability of LLM agents to our proposed Memory EXTRaction Attack (MEXTRA) under a black-box setting. To extract private information from memory, we propose an effective attacking prompt design and an automated prompt generation method based on different levels of knowledge about the LLM agent. Experiments on two representative agents demonstrate the effectiveness of MEXTRA. Moreover, we explore key factors influencing memory leakage from both the agent designer's and the attacker's perspectives. Our findings highlight the urgent need for effective memory safeguards in LLM agent design and deployment.