PAAC: Privacy-Aware Agentic Device-Cloud Collaboration

TL;DR

PAAC introduces a privacy-aware framework for device-cloud LLM agents, balancing reasoning capabilities with privacy preservation by aligning decomposition with privacy mechanisms, leading to significant improvements in privacy and accuracy.

Contribution

It presents a novel agentic framework that uses role specialization as a privacy mechanism, improving privacy-accuracy trade-offs in device-cloud LLM collaboration.

Findings

PAAC outperforms state-of-the-art baselines in privacy and accuracy on three benchmarks.

PAAC improves average accuracy by 15-36% and reduces leakage by 2-6 times.

Consistent improvements observed across 17 benchmarks in diverse domains.

Abstract

Large language model (LLM) agents face a structural tension: cloud agents provide strong reasoning but expose user data, while on-device agents preserve privacy at the cost of overall capability. Existing device-cloud designs treat this boundary as a compute split rather than a trust boundary suited to agentic workloads, and existing sanitizers force a choice between policy flexibility and the structural fidelity tool calls require. In this work, we develop PAAC, a privacy-aware agentic framework that aligns planner--executor decomposition with the device-cloud boundary so that role specialization itself becomes the privacy mechanism. The cloud agent reasons over typed placeholder tokens that preserve each sensitive value's reasoning role while discarding its content, while the on-device agent identifies sensitive spans and distills each step's execution outcome into compact key findings. Sanitization confines the on-device LLM to proposing which spans to mask, while a deterministic registry performs all substitution and reversal, keeping actions directly executable on device. On three agentic benchmarks under strict privacy settings, PAAC dominates the Pareto frontier of privacy and accuracy, improving average accuracy by 15-36\% and reducing average leakage by 2-6$\times$ over state-of-the-art device-cloud baselines, with the largest margins on privacy targets outside fixed entity taxonomies. We find consistent improvements on 17 additional benchmarks spanning 10 domains, including math, science, and finance.