Say Something Else: Rethinking Contextual Privacy as Information Sufficiency

Researchers formalize privacy-preserving communication for LLM agents by introducing Information Sufficiency (IS) as a framework and proposing free-text pseudonymization as a third privacy strategy alongside suppression and generalization. Evaluation across 792 scenarios reveals that pseudonymization offers superior privacy-utility tradeoffs, and that multi-turn conversational testing exposes significant privacy leakage missed by single-message assessments.

This research addresses a critical gap in how AI systems handle sensitive user information during message composition. As LLM agents increasingly draft communications on behalf of users, the lack of robust privacy frameworks creates real risks of unintended disclosure. The study moves beyond existing binary approaches—simply removing or abstracting sensitive data—by introducing pseudonymization, which substitutes sensitive attributes with functionally equivalent alternatives that preserve conversational meaning while protecting identity.

The broader context reflects growing concerns about AI safety and user trust in agent-based systems. Current privacy techniques are evaluated in isolation, creating a false sense of security. This research exposes that limitation through conversational evaluation, where follow-up queries in multi-turn exchanges cause generalization strategies to lose up to 16.3 percentage points of privacy protection. The gap reveals how real-world dialogue patterns stress-test privacy measures that appear sufficient in laboratory conditions.

For developers building AI agents and platforms, this work provides empirical guidance on privacy strategy selection. Pseudonymization's superior performance across discrimination risk, social cost, and boundary violation categories suggests it should become a standard component in privacy-aware LLM design. The framework also standardizes evaluation methodology, enabling more meaningful comparison of privacy approaches across systems.

The research establishes Information Sufficiency as a formal task definition, potentially becoming a benchmark for evaluating privacy mechanisms in future LLM systems. As regulations increasingly mandate privacy protections and users demand better control over agent-drafted messages, these findings directly inform both technical implementation and policy discussions around responsible AI deployment.

• →Pseudonymization outperforms suppression and generalization for maintaining both privacy and communication utility across diverse sensitivity categories.
• →Multi-turn conversational evaluation reveals that single-message privacy assessment systematically underestimates information leakage by up to 16.3 percentage points.
• →Free-text pseudonymization strategy replaces sensitive attributes with functionally equivalent alternatives, offering a new privacy-preserving approach for LLM agents.
• →The Information Sufficiency framework formalizes privacy-preserving LLM communication as a measurable task across institutional, peer, and intimate power dynamics.
• →Current frontier LLMs show significant variation in privacy preservation capabilities, highlighting the need for privacy-aware training and evaluation practices.