Excited to be speaking at IWPE’26, co-located with IEEE EuroS&P in Lisbon, where I’ll present our paper: “The Interlocutor Effect: Why LLMs Leak More Privacy to Agents Than Humans.”
https://t.co/BKyPTY5qWW
📅 July 6, 2026
Excited to share that our paper, “AgentLeak: A Benchmark for Internal-Channel Privacy Leakage in Multi-Agent LLM Systems,” has been accepted in IEEE Access!
We show why privacy audits must look beyond final outputs and inspect internal agent channels.
🔗 https://t.co/o7W03fXCjZ
Do LLMs trust bots more than humans? 🤖 > 🧑🦱
"The Interlocutor Effect: Why LLMs Leak More Personal Data to Agents Than Humans". We found that AI privacy guardrails fail more often depending on who the AI thinks it's talking to!
https://t.co/ZxPvq3rI1L
I am excited to announce that I will be presenting our work on the Interlocutor Effect at #IWPE in Lisbon! 🇵🇹🗣️
We dive into a critical AI privacy question: do LLMs leak more sensitive data depending on who they think is prompting them? 🕵️♂️🔒
https://t.co/BKyPTY5qWW
Counterintuitive result: multi-agent setups actually REDUCE per-channel output leakage vs single-agent (27.2% vs 43.2%).
But the attack surface doesn't shrink. It moves to channels nobody's watching.
That's what makes it dangerous.
New report: 48.9% of organizations are completely blind to machine-to-machine traffic from AI agents.
We're deploying autonomous systems at enterprise scale while 92% lack the security maturity to defend them.
This isn't a future risk. It's the current state.
"The dark side of autonomous intelligence: a survey on data leakage and privacy failures in agentic AI" — Read it on @ResearchGate: https://t.co/4zEnJ5tfRF
AgentLeak — privacy benchmark for multi-agent LLMs
→ 68.8% of leakage via inter-agent msgs (invisible to output audits)
→ 41.7% missed by standard evaluation
→ 7 channels tracked across AutoGen/LangGraph/CrewAI
https://t.co/GTmiGtrUOs
#LLM#AIPrivacy#MultiAgent
The "Open Source is dead" crowd has it backwards.
In the AI era, Open Source + Self-Improving Software = a living asset.
Why buy a rigid tool when you can deploy a system that watches how you work and patches itself to fit your needs? No APIs required.