LLM-powered AI agents are an emerging frontier with tremendous potential to increase human productivity. However, empowering AI agents to take action on their user's behalf in day-to-day tasks involves giving them access to potentially sensitive and private information, which leads to a possible risk of inadvertent privacy leakage when the agent malfunctions. In this work, we propose one way to address that potential risk, by training AI agents to better satisfy the privacy principle of data minimization. For the purposes of this benchmark, by "data minimization" we mean instances where private information is shared only when it is necessary to fulfill a specific task-relevant purpose. We develop a benchmark called AgentDAM to evaluate how well existing and future AI agents can limit processing of potentially private information that we designate "necessary" to fulfill the task. Our benchmark simulates realistic web interaction scenarios and is adaptable to all existing web navigation agents. We use AgentDAM to evaluate how well AI agents built on top of GPT-4, Llama-3 and Claude can limit processing of potentially private information when unnecessary, and show that these agents are often prone to inadvertent use of unnecessary sensitive information. We finally propose a prompting-based approach that reduces this.

本研究针对自主网络代理在日常任务中可能带来的隐私泄露风险进行了分析。我们提出了一种通过训练AI代理更好地遵循数据最小化隐私原则的方法，并开发了一个名为AgentDAM的基准，评估AI代理在处理任务相关的私人信息方面的表现。结果显示，现有一些AI代理在不必要时仍然会处理敏感信息，提出的基于提示的方法可以有效降低此风险。

AgentDAM：自主网络代理的隐私泄露评估