Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AgentCrypt: Advancing Privacy and (Secure) Computation in AI Agent Collaboration

Harish Karthikeyan, Yue Guo, Leo de Castro, Antigoni Polychroniadou, Leo Ardon, Udari Madhushani Sehwag, Sumitra Ganesh, Manuela Veloso

TL;DR

<3-5 sentence high-level summary> AgentCrypt tackles privacy in AI-agent collaboration by introducing a four-level, cryptographic framework that enforces privacy across agent-to-agent communications and computations. It combines encryption at rest, policy-based access, and secure computation, culminating in Level 4 with Fully Homomorphic Encryption to reveal only final results. The work provides a benchmark dataset, platform-agnostic implementation, and empirical evaluation showing robust privacy preservation (100%) and substantial practical feasibility ( Level-4 accuracy >85% with measurable overhead). It also outlines future directions, including expanding supported computations, integrating differential privacy, and exploring secure multiparty approaches to enhance real-world deployment.</3-5 sentence high-level summary>

Abstract

As AI agents increasingly operate in real-world, multi-agent environments, ensuring reliable and context-aware privacy in agent communication is critical, especially to comply with evolving regulatory requirements. Traditional access controls are insufficient, as privacy risks often arise after access is granted; agents may use information in ways that compromise privacy, such as messaging humans, sharing context with other agents, making tool calls, persisting data, or generating derived private information. Existing approaches often treat privacy as a binary constraint, whether data is shareable or not, overlooking nuanced, role-specific, and computation-dependent privacy needs essential for regulatory compliance. Agents, including those based on large language models, are inherently probabilistic and heuristic. There is no formal guarantee of how an agent will behave for any query, making them ill-suited for operations critical to security. To address this, we introduce AgentCrypt, a four-tiered framework for fine-grained, encrypted agent communication that adds a protection layer atop any AI agent platform. AgentCrypt spans unrestricted data exchange (Level 1) to fully encrypted computation using techniques such as homomorphic encryption (Level 4). Crucially, it guarantees the privacy of tagged data is always maintained, prioritizing privacy above correctness. AgentCrypt ensures privacy across diverse interactions and enables computation on otherwise inaccessible data, overcoming barriers such as data silos. We implemented and tested it with Langgraph and Google ADK, demonstrating versatility across platforms. We also introduce a benchmark dataset simulating privacy-critical tasks at all privacy levels, enabling systematic evaluation and fostering the development of regulatable machine learning systems for secure agent communication and computation.

AgentCrypt: Advancing Privacy and (Secure) Computation in AI Agent Collaboration

TL;DR

<3-5 sentence high-level summary> AgentCrypt tackles privacy in AI-agent collaboration by introducing a four-level, cryptographic framework that enforces privacy across agent-to-agent communications and computations. It combines encryption at rest, policy-based access, and secure computation, culminating in Level 4 with Fully Homomorphic Encryption to reveal only final results. The work provides a benchmark dataset, platform-agnostic implementation, and empirical evaluation showing robust privacy preservation (100%) and substantial practical feasibility ( Level-4 accuracy >85% with measurable overhead). It also outlines future directions, including expanding supported computations, integrating differential privacy, and exploring secure multiparty approaches to enhance real-world deployment.</3-5 sentence high-level summary>

Abstract

As AI agents increasingly operate in real-world, multi-agent environments, ensuring reliable and context-aware privacy in agent communication is critical, especially to comply with evolving regulatory requirements. Traditional access controls are insufficient, as privacy risks often arise after access is granted; agents may use information in ways that compromise privacy, such as messaging humans, sharing context with other agents, making tool calls, persisting data, or generating derived private information. Existing approaches often treat privacy as a binary constraint, whether data is shareable or not, overlooking nuanced, role-specific, and computation-dependent privacy needs essential for regulatory compliance. Agents, including those based on large language models, are inherently probabilistic and heuristic. There is no formal guarantee of how an agent will behave for any query, making them ill-suited for operations critical to security. To address this, we introduce AgentCrypt, a four-tiered framework for fine-grained, encrypted agent communication that adds a protection layer atop any AI agent platform. AgentCrypt spans unrestricted data exchange (Level 1) to fully encrypted computation using techniques such as homomorphic encryption (Level 4). Crucially, it guarantees the privacy of tagged data is always maintained, prioritizing privacy above correctness. AgentCrypt ensures privacy across diverse interactions and enables computation on otherwise inaccessible data, overcoming barriers such as data silos. We implemented and tested it with Langgraph and Google ADK, demonstrating versatility across platforms. We also introduce a benchmark dataset simulating privacy-critical tasks at all privacy levels, enabling systematic evaluation and fostering the development of regulatable machine learning systems for secure agent communication and computation.

Paper Structure

This paper contains 68 sections, 5 equations, 14 figures, 1 table.

Table of Contents

  1. Introduction
  2. Contributions
  3. Privacy Framework:
  4. Related Work
  5. Privacy in Language Models and Agents
  6. Cryptographic Mechanisms for Privacy
  7. Norm-Based and Policy-Aware Privacy
  8. Language Model Agents Evaluation
  9. Language Model Assisted Evaluation
  10. Cryptographic Preliminaries
  11. $\mathsf{AgentCrypt}$ Framework
  12. Overview of $\mathsf{AgentCrypt}$
  13. New Benchmark Dataset and Evaluation:
  14. Cryptographic Architecture - Level 2
  15. Identity-based Encryption
  16. ...and 53 more sections

Figures (14)

  • Figure 2: Level 2 Implementation ensures end-to-end encryption throughout the data retrieval process. The database manager agent interacts with the database via the designated tool, and any information retrieved is immediately encrypted before being transmitted to the agent. This approach guarantees privacy, as the database manager agent cannot compromise the confidentiality of the encrypted data, even if it acts incorrectly or maliciously. While privacy is fully protected, correctness is not guaranteed at this stage.
  • Figure 3: Ideal functionality $\mathcal{F}_{\text{Database}}$ for simple data retrieval.
  • Figure 4: Level 3 Implementation introduces a deterministic security wrapper that enforces privacy during both data retrieval and computation. When the database manager agent performs computations on requested data, the wrapper automatically applies the intersection of all relevant data policies and encrypts the computed result before transmission. This ensures that privacy is strictly maintained, regardless of the agent’s actions, while correctness of the computation is not guaranteed.
  • Figure 5: Level 4 Implementation operates on a fully encrypted database, enabling computations to be performed directly on encrypted data using FHE. The security wrapper ensures that all results remain encrypted throughout the process, strictly maintaining privacy regardless of the agent’s actions. As with previous levels, correctness of the computation is not guaranteed, but privacy is protected at every stage.
  • Figure 6: Level 4 Two-Agent Protocol: In this protocol, one agent interfaces directly with the human user, while the other agent manages interactions with the encrypted dataset. The numbered steps in the figure illustrate the sequential order of communication between agents.
  • ...and 9 more figures

Theorems & Definitions (2)

  • Definition 4.1: Identity-based Encryption
  • Definition 4.2: Level 2 Privacy