CI-Work: Benchmarking Contextual Integrity in Enterprise LLM Agents
Wenjie Fu, Xiaoting Qin, Jue Zhang, Qingwei Lin, Lukas Wutschitz + 3 more
TLDR
CI-Work introduces a benchmark to evaluate enterprise LLM agents' ability to handle sensitive information, revealing high privacy violation rates and a utility-privacy trade-off.
Key contributions
- Introduces CI-Work, a benchmark for evaluating enterprise LLM agents' sensitive data handling.
- Reveals high privacy violation rates (15.8-50.9%) and significant data leakage in frontier models.
- Uncovers a critical utility-privacy trade-off: higher task utility often increases violations.
- Advocates for context-centric architectures to secure enterprise LLM workflows.
Why it matters
Enterprise LLM agents risk sensitive information leakage, posing a major challenge for industrial deployment. This paper highlights prevalent privacy failures and a critical utility-privacy trade-off, showing that current scaling methods are insufficient. It calls for a paradigm shift to context-centric architectures to truly safeguard enterprise workflows.
Original Abstract
Enterprise LLM agents can dramatically improve workplace productivity, but their core capability, retrieving and using internal context to act on a user's behalf, also creates new risks for sensitive information leakage. We introduce CI-Work, a Contextual Integrity (CI)-grounded benchmark that simulates enterprise workflows across five information-flow directions and evaluates whether agents can convey essential content while withholding sensitive context in dense retrieval settings. Our evaluation of frontier models reveals that privacy failures are prevalent (violation rates range from 15.8%-50.9%, with leakage reaching up to 26.7%) and uncovers a counterintuitive trade-off critical for industrial deployment: higher task utility often correlates with increased privacy violations. Moreover, the massive scale of enterprise data and potential user behavior further amplify this vulnerability. Simply increasing model size or reasoning depth fails to address the problem. We conclude that safeguarding enterprise workflows requires a paradigm shift, moving beyond model-centric scaling toward context-centric architectures.
📬 Weekly AI Paper Digest
Get the top 10 AI/ML arXiv papers from the week — summarized, scored, and delivered to your inbox every Monday.