cs.CRcs.CL
MemPrivacy: Privacy-Preserving Personalized Memory Management for Edge-Cloud Agents
May 10, 2026(revised May 14, 2026)
MemPrivacy introduces a novel framework that protects sensitive user data in edge-cloud memory systems by replacing private spans with semantically structured placeholders, thereby minimizing data exposure without sacrificing memory utility.
As LLM-powered agents are increasingly deployed in edge-cloud environments, personalized memory has become a key enabler of long-term adaptation and user-centric interaction. However, cloud-assisted memory management exposes sensitive user information, while existing privacy protection methods typically rely on aggressive masking that removes task-relevant semantics and consequently degrades memory utility and personalization quality. To address this challenge, We propose MemPrivacy, which identifies privacy-sensitive spans on edge devices, replaces them with semantically structured type-aware placeholders for cloud-side memory processing, and restores the original values locally when needed. By decoupling privacy protection from semantic destruction, MemPrivacy minimizes sensitive data exposure while retaining the information required for effective memory formation and retrieval. We also construct MemPrivacy-Bench for systematic evaluation, a dataset covering 200 users and over 155k privacy instances, and introduce a four-level privacy taxonomy for configurable protection policies. Experiments show that MemPrivacy achieves strong performance in privacy information extraction, substantially surpassing strong general-purpose models such as GPT-5.2 and Gemini-3.1-Pro, while also reducing inference latency. Across multiple widely used memory systems, MemPrivacy limits utility loss to within 1.6%, outperforming baseline masking strategies. Overall, MemPrivacy offers an effective balance between privacy protection and personalized memory utility for edge-cloud agents, enabling secure, practical, and user-transparent deployment.
Memory poisoning and secure multi-agent systems
This paper analyzes memory poisoning attacks targeting multi-agent systems (MAS)…
ADAM: A Systematic Data Extraction Attack on Agent Memory via Adaptive Querying
The paper proposes ADAM, a novel and highly effective privacy attack that system…
Poison Once, Exploit Forever: Environment-Injected Memory Poisoning Attacks on Web Agents
The paper introduces eTAMP, a novel attack that poisons LLM web agents' memory u…
The Cognitive Firewall:Securing Browser Based AI Agents Against Indirect Prompt Injection Via Hybrid…
The Cognitive Firewall is a hybrid edge-cloud defense architecture that signific…
PlanTwin: Privacy-Preserving Planning Abstractions for Cloud-Assisted LLM Agents
PlanTwin introduces a privacy-preserving architecture that allows cloud-hosted L…
Walma: Learning to See Memory Corruption in WebAssembly
Walma is a machine learning framework that uses memory snapshot classification t…
Differential Privacy in Generative AI Agents: Analysis and Optimal Tradeoffs
This paper develops a differential privacy framework to analyze and optimize pri…
TADP-RME: A Trust-Adaptive Differential Privacy Framework for Enhancing Reliability of Data-Driven S…
TADP-RME introduces a trust-adaptive differential privacy framework that enhance…