Privacy-Preserving Text Sanitization for Distributed Agents Collaboration via Disentangled Representations

πŸ“… 2026-06-13
πŸ“ˆ Citations: 0
✨ Influential: 0
πŸ“„ PDF
πŸ€– AI Summary
This work addresses the privacy risks in cross-organizational textual exchanges among distributed agents, where distributional characteristics such as formatting and lexical choices can inadvertently leak sensitive information. Conventional anonymization methods struggle to simultaneously preserve semantic utility and ensure privacy. To overcome this limitation, the authors propose DiSan, a novel framework that introduces disentangled representation learning into distributed text sanitization. DiSan employs a dual-stream encoder to separate task-relevant semantics from local stylistic features and enables joint training without centralizing raw texts through federated prototype alignment and adversarial regularization. Integrated as a core component of the Intern-Shannon system, DiSan reduces answer-level personally identifiable information (PII) exposure by 20Γ— on a multi-agent RAG benchmark while retaining 83% answer faithfulness. On the Enron dataset, it decreases style-attribution accuracy by 73.2% (TF-IDF probe) and 70.6% (neural probe), respectively.
πŸ“ Abstract
When distributed agents exchange text across organizational boundaries, privacy leakage arises not only from explicit identifiers but also from distributional signatures such as formatting conventions, vocabulary choices, and syntactic patterns. We propose DiSan(Disentangled Sanitization), a privacy-preserving sanitization framework and a built-in component of Intern-Shannon for multi-agent collaboration. DiSan uses a two-stream encoder to factorize text into a source-invariant role subspace that preserves task semantics and a source-identifying style subspace that remains local. Federated proto-type alignment and adversarial regularization enable joint training without centralizing raw text. Experiments show that identifier-level masking is insufficient: masking 19.2% of tokens reduces TF-IDF stylometric attribution by only 18.6%. By contrast, DiSan reduces answer-level PII exposure by 20 times while maintaining 83% answer faithfulness on a distributed multi-agent RAG benchmark, and lowers Enron stylometric attribution by 73.2% under TF-IDF and 70.6% under a neural probe.
Problem

Research questions and friction points this paper is trying to address.

privacy leakage
text sanitization
distributed agents
stylometric attribution
PII exposure
Innovation

Methods, ideas, or system contributions that make the work stand out.

disentangled representation
privacy-preserving sanitization
federated learning
stylometric attribution
multi-agent collaboration