Table of Contents
Fetching ...

Maris: A Formally Verifiable Privacy Policy Enforcement Paradigm for Multi-Agent Collaboration Systems

Jian Cui, Zichuan Li, Luyi Xing, Xiaojing Liao

TL;DR

The first step to mitigate the MACS's data leakage threat through a privacy-enhanced MACS development paradigm, Maris, is taken, which enables rigorous message flow control within MACS by embedding reference monitors into key multi-agent conversation components.

Abstract

Multi-agent collaboration systems (MACS), powered by large language models (LLMs), solve complex problems efficiently by leveraging each agent's specialization and communication between agents. However, the inherent exchange of information between agents and their interaction with external environments, such as LLM, tools, and users, inevitably introduces significant risks of sensitive data leakage, including vulnerabilities to attacks such as eavesdropping and prompt injection. Existing MACS lack fine-grained data protection controls, making it challenging to manage sensitive information securely. In this paper, we take the first step to mitigate the MACS's data leakage threat through a privacy-enhanced MACS development paradigm, Maris. Maris enables rigorous message flow control within MACS by embedding reference monitors into key multi-agent conversation components. We implemented Maris as an integral part of widely-adopted open-source multi-agent development frameworks, AutoGen and LangChain. To evaluate its effectiveness, we develop a Privacy Assessment Framework that emulates MACS under different threat scenarios. Our evaluation shows that Maris effectively mitigated sensitive data leakage threats across three different task suites while maintaining a high task success rate.

Maris: A Formally Verifiable Privacy Policy Enforcement Paradigm for Multi-Agent Collaboration Systems

TL;DR

The first step to mitigate the MACS's data leakage threat through a privacy-enhanced MACS development paradigm, Maris, is taken, which enables rigorous message flow control within MACS by embedding reference monitors into key multi-agent conversation components.

Abstract

Multi-agent collaboration systems (MACS), powered by large language models (LLMs), solve complex problems efficiently by leveraging each agent's specialization and communication between agents. However, the inherent exchange of information between agents and their interaction with external environments, such as LLM, tools, and users, inevitably introduces significant risks of sensitive data leakage, including vulnerabilities to attacks such as eavesdropping and prompt injection. Existing MACS lack fine-grained data protection controls, making it challenging to manage sensitive information securely. In this paper, we take the first step to mitigate the MACS's data leakage threat through a privacy-enhanced MACS development paradigm, Maris. Maris enables rigorous message flow control within MACS by embedding reference monitors into key multi-agent conversation components. We implemented Maris as an integral part of widely-adopted open-source multi-agent development frameworks, AutoGen and LangChain. To evaluate its effectiveness, we develop a Privacy Assessment Framework that emulates MACS under different threat scenarios. Our evaluation shows that Maris effectively mitigated sensitive data leakage threats across three different task suites while maintaining a high task success rate.
Paper Structure (31 sections, 9 figures, 4 tables)

This paper contains 31 sections, 9 figures, 4 tables.

Figures (9)

  • Figure 1: MACS Design Overview
  • Figure 3: Example of MACS Privacy Compliance Policy
  • Figure 4: MACS Privacy Policy Compliance Evaluation Overview.
  • Figure 5: Hospital MACS Overview.
  • Figure 6: OptiGuide Overview
  • ...and 4 more figures