AgentCrypt: Advancing Privacy and (Secure) Computation in AI Agent Collaboration

TL;DR

AgentCrypt introduces a three-tiered framework for secure, privacy-preserving communication in AI agents, combining masking and encryption to ensure data confidentiality during reasoning and collaboration.

Contribution

It provides a novel, layered approach to privacy in AI agents, including a deterministic protection layer and a benchmark dataset for evaluation.

Findings

AgentCrypt guarantees privacy preservation even when models make errors.

It enables secure collaborative computation on sensitive data.

The framework is validated across multiple architectures using LangGraph and Google ADK.

Abstract

As AI agents increasingly operate in complex environments, ensuring reliable, context-aware privacy is critical for regulatory compliance. Traditional access controls are insufficient because privacy risks often arise after access is granted; agents may inadvertently compromise privacy during reasoning by messaging humans, leaking context to peers, or executing unsafe tool calls. Existing approaches typically treat privacy as a binary constraint, overlooking nuanced, computation-dependent requirements. Furthermore, Large Language Model (LLM) agents are inherently probabilistic, lacking formal guarantees for security-critical operations. To address this, we introduce AgentCrypt, a three-tiered framework for secure agent communication that adds a deterministic protection layer atop any AI platform. AgentCrypt spans the full spectrum of privacy needs: from unrestricted data exchange (Level 1), to context-aware masking (Level 2), up to fully encrypted computation using Homomorphic Encryption (Level 3). Unlike prompt-based defenses, our approach guarantees that tagged data privacy is strictly preserved even when the underlying model errs. Security is decoupled from the agent's probabilistic reasoning, ensuring sensitive data remains protected throughout the computational lifecycle. AgentCrypt enables collaborative computation on otherwise inaccessible data, overcoming barriers like data silos. We implemented and validated it using LangGraph and Google ADK, demonstrating versatility across architectures. Finally, we introduce a benchmark dataset simulating privacy-critical tasks to enable systematic evaluation and foster the development of trustworthy, regulatable machine learning systems.