Need to Know: Contextual-Integrity-Grounded Query Rewriting for Privacy-Conscious LLM Delegation

Researchers introduce DelegateCI-Bench, a privacy-focused benchmark for query rewriting in LLM delegation, combined with a reinforcement learning framework that selectively redacts sensitive information while preserving task-critical content. The approach achieves superior privacy-utility tradeoffs compared to existing type-based PII redaction methods, addressing growing concerns about sensitive data exposure in cloud-hosted AI systems.

This research addresses a critical tension in LLM deployment: users sending queries to cloud services must balance privacy protection with maintaining response quality. Traditional PII redaction relies on rigid type-based rules that either strip essential context or leave unstructured sensitive information exposed. The contextual integrity framework reframes the problem—information should be retained only if functionally necessary for task completion, not simply because it lacks a recognized data type label.

The study builds on legitimate privacy concerns around LLM delegation. As language models integrate into enterprise and personal workflows, users inadvertently disclose sensitive details mixed with legitimate queries. Cloud-hosted models create data handling risks that on-device processing mitigates, yet inference quality often suffers. This research bridges that gap through intelligent rewriting rather than crude filtering.

The DelegateCI-Bench benchmark represents substantive infrastructure for privacy research. Its composition—combining synthetic data, real user queries from WildChat, and medical datasets with dense sensitive information—provides realistic testing grounds. The reinforcement learning approach converts privacy decisions into quantifiable optimization signals, allowing the model to learn nuanced distinctions between truly essential and extraneous sensitive spans.

Industry implications are significant for enterprises handling regulated data. Organizations deploying LLM APIs can reduce compliance risks and data exposure without sacrificing model utility. The +10.1 average utility improvement over baselines suggests meaningful practical gains. However, adoption requires integration into production query pipelines, and adversarial robustness against deliberately crafted privacy attacks remains unaddressed. Privacy-preserving LLM delegation will likely become a competitive differentiator for cloud providers and on-device model vendors.

• →Contextual integrity framework outperforms type-based PII redaction by learning task-specific information necessity rather than applying rigid categorization rules.
• →DelegateCI-Bench provides the first task-grounded benchmark combining synthetic, real-world, and medical datasets for privacy-conscious LLM delegation research.
• →RL-trained query rewriter achieves up to 10.1% average utility improvement over on-device baselines while suppressing unnecessary sensitive disclosure.
• →Research addresses enterprise compliance and user privacy risks in cloud-hosted LLM workflows where sensitive data mixes with task-essential content.
• →Privacy-utility tradeoff optimization signals enable models to distinguish between essential and extraneous sensitive information at scale.