The paper introduces a Gaussian Differential Privacy (GDP)-based auditing framework to provide the first tight audits of privacy guarantees for state-of-the-art synthetic data generators like MST and…

The paper introduces the PML envelope, a novel definition that provides a robust and operationally meaningful measure of information leakage about a secret, satisfying both post-processing robustness…

The paper introduces Metric-Normalized Posterior Leakage (mPL), an attacker-aligned measure that provides a practical, certifiable privacy guarantee for machine learning systems consumed under joint o…

SEAL-Tag is a privacy-preserving runtime environment that mitigates PII leakage in Retrieval-Augmented Generation (RAG) systems by enforcing verifiable evidence aggregation and structured auditing.

The paper introduces an optimal black-box auditing framework using Donsker-Varadhan estimators to estimate Rényi differential privacy (RDP) guarantees for machine learning algorithms.

This paper analyzes differential privacy auditing as a bilevel game, showing that naive audit designs fail to detect true harm when developers strategically respond, and proposes an optimal, single-le…

The paper proposes the Sentinel-Strategist architecture, an adaptive defense mechanism that selectively deploys security measures in Retrieval-Augmented Generation (RAG) systems to significantly reduc…

The paper introduces CIPL, a unified channel-oriented framework, demonstrating that privacy leakage in LLM agents is governed by observable data channels and pipeline interactions, rather than being l…

The paper introduces PAS, a structured privacy mechanism that encodes user location using relative anchors, enabling location privacy in spatial RAG systems while maintaining high retrieval performanc…

The paper introduces MosaicLeaks, a benchmark demonstrating that deep research agents querying external sources can leak private information from their local documents, and proposes PA-DR to mitigate…

The paper introduces 'Routing Hijacking,' a severe attack where malicious clients forge semantic profiles in Federated RAG systems to misroute target queries, and proposes a trust-aware post-routing f…

RootGuard introduces a dependency-aware privacy mechanism that sanitizes private data roots once, ensuring consistent privacy guarantees across multiple multi-turn agent interactions, significantly ou…

This case study systematically measures how placing anonymization at different points (dataset vs. generated answer) within the RAG pipeline affects the privacy-utility trade-off, demonstrating that p…

The paper introduces a novel realization-level privacy filtering approach that improves utility in differentially private data release by accounting for actual leakage rather than worst-case per-round…

The paper introduces MEntA, a highly query-efficient and surrogate-free membership inference attack that uses natural-language entailment to detect if a specific document was used by a RAG system, ach…

The paper introduces PrivacyPeek, a new benchmark that audits the acquisition stage of LLM-based agents to demonstrate that unnecessary acquisition of sensitive data is a widespread and critical priva…

The paper introduces PrivacyPeek, a new benchmark that audits the acquisition stage of LLM-based agents to show that unnecessary and sensitive data acquisition is a widespread and critical privacy vul…

The paper demonstrates that the current per-token billing model for LLMs is susceptible to systematic overcharging because auditing frameworks must rely on evidence provided by the very companies that…

The paper demonstrates that the current per-token billing model for LLMs is susceptible to systematic inflation because auditing frameworks must rely on evidence provided by the service provider, crea…

The paper proposes a layered, server-side isolation architecture to secure Retrieval-Augmented Generation (RAG) and agentic AI systems in multitenant enterprise environments, ensuring that retrieval a…