survey 2025

Beyond Data Privacy: New Privacy Risks for Large Language Models

Yuntao Du 1, Zitao Li 2, Ninghui Li 1, Bolin Ding 2

1 Purdue University

2 Alibaba

0 citations
α

Published on arXiv

2509.14278

Sensitive Information Disclosure

OWASP LLM Top 10 — LLM06

Excessive Agency

OWASP LLM Top 10 — LLM08

Key Finding

Identifies a class of deployment-phase privacy risks for LLMs — including system-level exfiltration, attribute inference, and agentic weaponization — that are distinct from and underexplored compared to training-data privacy threats.

Large Language Models (LLMs) have achieved remarkable progress in natural language understanding, reasoning, and autonomous decision-making. However, these advancements have also come with significant privacy concerns. While significant research has focused on mitigating the data privacy risks of LLMs during various stages of model training, less attention has been paid to new threats emerging from their deployment. The integration of LLMs into widely used applications and the weaponization of their autonomous abilities have created new privacy vulnerabilities. These vulnerabilities provide opportunities for both inadvertent data leakage and malicious exfiltration from LLM-powered systems. Additionally, adversaries can exploit these systems to launch sophisticated, large-scale privacy attacks, threatening not only individual privacy but also financial security and societal trust. In this paper, we systematically examine these emerging privacy risks of LLMs. We also discuss potential mitigation strategies and call for the research community to broaden its focus beyond data privacy risks, developing new defenses to address the evolving threats posed by increasingly powerful LLMs and LLM-powered systems.

Key Contributions

  • Systematic taxonomy of emerging LLM privacy risks beyond training-data-centric threats, focusing on deployment-phase vulnerabilities
  • Analysis of how LLM integration into applications and agentic autonomy creates new vectors for inadvertent leakage and malicious exfiltration
  • Survey of attribute inference and social-engineering attacks enabled by LLM capabilities, with discussion of mitigation directions

🛡️ Threat Analysis

Details

Domains
nlp
Model Types
llm
Threat Tags
inference_timeblack_box
Applications
llm-powered applicationsautonomous llm agentsconversational ai systems
Read PDF arXiv

Similar Papers

defense

The Sum Leaks More Than Its Parts: Compositional Privacy Risks and Mitigations in Multi-Agent Collaboration

2025 0 cit.
85%
benchmark

The Trust Paradox in LLM-Based Multi-Agent Systems: When Collaboration Becomes a Security Vulnerability

2025 2 cit.
77%
benchmark

AgentLeak: A Full-Stack Benchmark for Privacy Leakage in Multi-Agent LLM Systems

2026 0 cit.
77%
benchmark

Agent Tools Orchestration Leaks More: Dataset, Benchmark, and Mitigation

2025 0 cit.
77%
defense

Mitigating the OWASP Top 10 For Large Language Models Applications using Intelligent Agents

2026 7 cit.
62%
attack

Ransomware 3.0: Self-Composing and LLM-Orchestrated

2025 0 cit.
62%
defense

Throttling Web Agents Using Reasoning Gates

2025 0 cit.
62%
defense

Improving User Privacy in Personalized Generation: Client-Side Retrieval-Augmented Modification of Server-Side Generated Speculations

2026 0 cit.
62%