Contextualized Privacy Defense for LLM Agents

TL;DR

This paper introduces Contextualized Defense Instructing (CDI), a proactive, context-aware privacy defense framework for LLM agents that outperforms traditional static methods in balancing privacy and helpfulness.

Contribution

The paper presents CDI, a novel reinforcement learning-based privacy defense paradigm that generates step-specific guidance, improving privacy protection in LLM agents.

Findings

CDI achieves 94.2% privacy preservation.

CDI maintains 80.6% helpfulness.

CDI shows superior robustness and generalization.

Abstract

LLM agents increasingly act on users' personal information, yet existing privacy defenses remain limited in both design and adaptability. Most prior approaches rely on static or passive defenses, such as prompting and guarding. These paradigms are insufficient for supporting contextual, proactive privacy decisions in multi-step agent execution. We propose Contextualized Defense Instructing (CDI), a new privacy defense paradigm in which an instructor model generates step-specific, context-aware privacy guidance during execution, proactively shaping actions rather than merely constraining or vetoing them. Crucially, CDI is paired with an experience-driven optimization framework that trains the instructor via reinforcement learning (RL), where we convert failure trajectories with privacy violations into learning environments. We formalize baseline defenses and CDI as distinct intervention points in a canonical agent loop, and compare their privacy-helpfulness trade-offs within a unified simulation framework. Results show that our CDI consistently achieves a better balance between privacy preservation (94.2%) and helpfulness (80.6%) than baselines, with superior robustness to adversarial conditions and generalization.