This work presents the first systematic evaluation of privacy leakage risks posed by embodied multimodal large language models (e.g., ChatGPT-o3) in image geolocation—specifically, the unintended disclosure of individuals’ precise locations and identities in real-world scenarios. Method: We construct the first benchmark dataset comprising 50 privacy-sensitive images and employ controlled visual prompting to identify critical localization cues (e.g., street layout, front-yard design). We further propose an explainable defense based on targeted occlusion of salient visual regions identified via interpretability analysis. Contribution/Results: Experiments show that ChatGPT-o3 achieves street-level geolocation accuracy (≤1 mile) for 60% of test samples; occluding model-identified key regions significantly degrades localization performance, demonstrating the vulnerability’s mitigability. This study uncovers a novel geographic privacy threat inherent in multimodal reasoning models and provides the first explainable, image-grounded defense framework for real-world photographic data.

The increasing capabilities of agentic multi-modal large reasoning models, such as ChatGPT o3, have raised critical concerns regarding privacy leakage through inadvertent image geolocation. In this paper, we conduct the first systematic and controlled study on the potential privacy risks associated with visual reasoning abilities of ChatGPT o3. We manually collect and construct a dataset comprising 50 real-world images that feature individuals alongside privacy-relevant environmental elements, capturing realistic and sensitive scenarios for analysis. Our experimental evaluation reveals that ChatGPT o3 can predict user locations with high precision, achieving street-level accuracy (within one mile) in 60% of cases. Through analysis, we identify key visual cues, including street layout and front yard design, that significantly contribute to the model inference success. Additionally, targeted occlusion experiments demonstrate that masking critical features effectively mitigates geolocation accuracy, providing insights into potential defense mechanisms. Our findings highlight an urgent need for privacy-aware development for agentic multi-modal large reasoning models, particularly in applications involving private imagery.