Large language models (LLMs) suffer from prohibitively low inference efficiency and poor scalability—especially beyond billion-parameter scales—in privacy-preserving machine learning (PPML), primarily due to the computational overhead of performing encrypted inference directly within massive general-purpose models. Method: We propose Agentic-PPML, a novel framework that decouples intent understanding (handled by a general-purpose LLM operating on plaintext user queries) from encrypted inference (executed exclusively by lightweight, domain-specific models). Sensitive data never enters the LLM; instead, cryptographic primitives—including secure multi-party computation and homomorphic encryption—are integrated modularly, alongside domain-adaptive training. Contribution/Results: Agentic-PPML achieves 10–100× speedup in PPML inference over state-of-the-art baselines, eliminates performance degradation caused by increasing context length, and enables, for the first time, scalable, high-security, and high-efficiency LLM-based privacy-preserving inference services at billion-parameter scale.

Privacy-preserving machine learning (PPML) is critical to ensure data privacy in AI. Over the past few years, the community has proposed a wide range of provably secure PPML schemes that rely on various cryptography primitives. However, when it comes to large language models (LLMs) with billions of parameters, the efficiency of PPML is everything but acceptable. For instance, the state-of-the-art solution for confidential LLM inference represents at least 10,000-fold slower performance compared to plaintext inference. The performance gap is even larger when the context length increases. In this position paper, we propose a novel framework named Agentic-PPML to make PPML in LLMs practical. Our key insight is to employ a general-purpose LLM for intent understanding and delegate cryptographically secure inference to specialized models trained on vertical domains. By modularly separating language intent parsing - which typically involves little or no sensitive information - from privacy-critical computation, Agentic-PPML completely eliminates the need for the LLMs to process the encrypted prompts, enabling practical deployment of privacy-preserving LLM-centric services.