Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AudAgent: Automated Auditing of Privacy Policy Compliance in AI Agents

Ye Zheng, Yidan Hu

TL;DR

<3-5 sentence high-level summary> Aud-Agent tackles the lack of transparency in AI agents' data practices by providing real-time auditing that compares runtime behavior against formal privacy-policy models. It combines cross-LLM voting for robust policy formalization, a Presidio-based runtime annotation layer, ontology-graph and automata-driven on-the-fly auditing, and a browser-based visualization to deliver infrastructure-agnostic transparency. The approach identifies privacy-policy gaps, demonstrates protection against highly sensitive data leaks (e.g., SSNs), and even blocks disallowed operations, thereby increasing user control and trust in AI agents. Collectively, the work offers a practical framework for privacy-aware AI deployments with real-time accountability.

Abstract

AI agents can autonomously perform tasks and, often without explicit user consent, collect or disclose users' sensitive local data, which raises serious privacy concerns. Although AI agents' privacy policies describe their intended data practices, there remains limited transparency and accountability about whether runtime behavior matches those policies. To close this gap, we introduce AudAgent, a visual tool that continuously monitors AI agents' data practices in real time and guards compliance with stated privacy policies. AudAgent consists of four components for automated privacy auditing of AI agents. (i) Policy formalization: a novel cross-LLM voting mechanism to guarantee confidence of the parsed privacy policy model. (ii) Runtime annotation: a lightweight Presidio-based analyzer detects sensitive data and annotates data practices based on the AI agent's context and the privacy policy model. (iii) Compliance auditing: ontology graphs and automata-based checking connect the privacy policy model with runtime annotations, enabling on-the-fly compliance checking. (iv) User interface: an infrastructure-independent implementation visualizes the real-time execution trace of AI agents along with potential privacy policy violations, providing user-friendly transparency and accountability. We evaluate AudAgent with AI agents built using mainstream frameworks, demonstrating its effectiveness in detecting and visualizing privacy policy violations in real time. Using AudAgent, we also find that most privacy policies omit explicit safeguards for highly sensitive data such as SSNs, whose misuse violates legal requirements, and that many agents do not refuse handling such data via third-party tools, including those controlled by Claude, Gemini, and DeepSeek. AudAgent proactively blocks operations on such data, overriding the agents' original privacy policy and behavior.

AudAgent: Automated Auditing of Privacy Policy Compliance in AI Agents

TL;DR

<3-5 sentence high-level summary> Aud-Agent tackles the lack of transparency in AI agents' data practices by providing real-time auditing that compares runtime behavior against formal privacy-policy models. It combines cross-LLM voting for robust policy formalization, a Presidio-based runtime annotation layer, ontology-graph and automata-driven on-the-fly auditing, and a browser-based visualization to deliver infrastructure-agnostic transparency. The approach identifies privacy-policy gaps, demonstrates protection against highly sensitive data leaks (e.g., SSNs), and even blocks disallowed operations, thereby increasing user control and trust in AI agents. Collectively, the work offers a practical framework for privacy-aware AI deployments with real-time accountability.

Abstract

AI agents can autonomously perform tasks and, often without explicit user consent, collect or disclose users' sensitive local data, which raises serious privacy concerns. Although AI agents' privacy policies describe their intended data practices, there remains limited transparency and accountability about whether runtime behavior matches those policies. To close this gap, we introduce AudAgent, a visual tool that continuously monitors AI agents' data practices in real time and guards compliance with stated privacy policies. AudAgent consists of four components for automated privacy auditing of AI agents. (i) Policy formalization: a novel cross-LLM voting mechanism to guarantee confidence of the parsed privacy policy model. (ii) Runtime annotation: a lightweight Presidio-based analyzer detects sensitive data and annotates data practices based on the AI agent's context and the privacy policy model. (iii) Compliance auditing: ontology graphs and automata-based checking connect the privacy policy model with runtime annotations, enabling on-the-fly compliance checking. (iv) User interface: an infrastructure-independent implementation visualizes the real-time execution trace of AI agents along with potential privacy policy violations, providing user-friendly transparency and accountability. We evaluate AudAgent with AI agents built using mainstream frameworks, demonstrating its effectiveness in detecting and visualizing privacy policy violations in real time. Using AudAgent, we also find that most privacy policies omit explicit safeguards for highly sensitive data such as SSNs, whose misuse violates legal requirements, and that many agents do not refuse handling such data via third-party tools, including those controlled by Claude, Gemini, and DeepSeek. AudAgent proactively blocks operations on such data, overriding the agents' original privacy policy and behavior.

Paper Structure

This paper contains 45 sections, 3 theorems, 4 equations, 8 figures, 5 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Assumptions and Threat Model
  4. Privacy Policies
  5. Data Interactions of AI Agents
  6. Privacy Policy Compliance
  7. Real-time Visualization
  8. Aud-Agent
  9. Voting-Based Policy Formalization
  10. LLM Voting
  11. Benefits: Accuracy and Confidence
  12. User-Defined Privacy Policies
  13. Model-Guided Data Annotation
  14. The Presidio Analyzer microsoft_presidio
  15. Data Annotation Guided by Privacy Policy Models
  16. ...and 30 more sections

Key Result

Theorem 1

Assume the ideal privacy policy model is $P^*$. Given $M$ independent LLMs each with probability $\alpha > 0.5$ judging an element $e \in P^*$ or $e \notin P^*$ correctly, when there are $m$ LLMs votes for $e \in P^*$, the probability that $e\in P^*$, i.e. actually being in the ideal policy model, i

Figures (8)

  • Figure 1: Overview of Aud-Agent, a tool for auditing an AI agent's data practices against specified privacy policies. It comprises four components: (1) Voting-based policy formalization (Section \ref{['subsec:policy_parsing']}), which performs a one-time extraction of privacy policy documents into a formal model; (2) Model-guided data annotation (Section \ref{['subsec:data_annotation']}), which continuously monitors and annotates the agent's data practices; (3) Privacy auditing (Section \ref{['subsec:privacy_auditing']}), which performs on-the-fly checks comparing the policy model with runtime annotations; and (4) Visualization via HTTP analysis and WebSocket (Section \ref{['subsec:visualization']}), which visualizes the agent's real-time execution trace and highlights potential violations detected during auditing.*
  • Figure 2: Example ontology graph of data types. Some items can share the same parent node, e.g. "IP address".
  • Figure 3: Example ontology graph of entities. Some entities can be classified into multiple categories, e.g. Google as an advertiser and search service provider.
  • Figure 4: An example auditing automata accepting the $\mathrm{dis}$ state for data type $d^{\mathrm{col}}=\mathrm{EMAIL\_ADDRESS}$. The initial state is the data-type state (pink circle); accepting states are double-circled. Transitions record collection, purpose, disclosure, and retention constraints. Retention constraints are tracked by a timer (blue clock icon).
  • Figure 5: The web frontend of Aud-Agent, visualizing an AI agent's data practices and privacy auditing results in real time. The left panel shows the agent's execution trace as a directed graph, with nodes representing the user, LLM, and third-party tools, and edges representing request/response interactions. The right panel details the data practices for each interaction and highlights any potential privacy risks detected by Aud-Agent. A live demo with more features is available at https://github.com/ZhengYeah/AudAgent.
  • ...and 3 more figures

Theorems & Definitions (12)

  • Definition 1: Privacy policy
  • Definition 2: Data interactions of an AI agent
  • Definition 3: Privacy policy compliance for an AI Agent
  • Theorem 1: Confidence boost from LLM voting
  • Example 1
  • Example 2
  • Definition 4: Ontology graph of data types
  • Definition 5: Auditing automaton
  • Example 3
  • Definition 6: Soundness of data annotation
  • ...and 2 more