Can AI agents be influenced by a form of "peer pressure" to reveal personal information? It sounds almost too human, but a recent paper, "Got a Secret? LLM Agents Can’t Keep It: Evaluating Privacy in Multi-Agent Systems," investigated this exact question. The researchers explored what happens when you move LLMs from isolated chats to a dynamic, social environment with multiple agents interacting over time.
In their experiment, they built a simulated social platform populated by thousands of agents over 25 days. Each agent was given a private profile with sensitive data. The findings were stark: in an isolated setting, the privacy leak rate was about 20%. But in the multi-agent social environment, that rate more than doubled to over 45%. Even more telling, an agent was eight times more likely to leak sensitive information if it was responding to another agent that had already done so.
This isn't magic, nor is it "social pressure" in a human sense. It’s a technical consequence of how LLMs work. The conversation environment becomes a powerful part of the model's context. When that context is filled with examples of sharing personal details, the model starts to align with this new "local norm," even if its core instructions explicitly forbid it. Its greatest strength—context adaptation—becomes a critical vulnerability when the context itself is polluted.
For anyone building agentic infrastructure, this is a critical warning. We cannot simply rely on a prompt like "do not share sensitive data." As agents become more autonomous, risks shift from direct jailbreaks to the subtle influence of their environment. We must build protections at the architectural level, including:
- Separating memory by context.
- Restricting data access based on the specific action being performed.
- Monitoring agent behavior over time, not just in single interactions.
- Building robust permissions and control mechanisms around every significant interaction.