To address the dual challenges of high personalization costs and privacy leakage risks in large language model (LLM) cloud services, this paper proposes a bidirectionally privacy-preserving localized soft prompt customization framework. The method operates in two stages: (1) on the server side, a prompt generator extracts domain-invariant features to produce an initial soft prompt; (2) on the client side, users perform task-specific adaptation via a gradient-free optimization algorithm—leveraging only query-response feedback, without accessing model weights or uploading raw data, and using merely a single learnable vector. The framework is task-agnostic and deployment-lightweight. Extensive experiments across diverse domains—including commonsense reasoning, healthcare, and finance—demonstrate its superior performance over existing baselines, strong cross-domain adaptability, and rigorous end-to-end privacy guarantees.

The high costs of customizing large language models (LLMs) fundamentally limit their adaptability to user-specific needs. Consequently, LLMs are increasingly offered as cloud-based services, a paradigm that introduces critical limitations: providers struggle to support personalized customization at scale, while users face privacy risks when exposing sensitive data. To address this dual challenge, we propose Customized Black-box Prompt Tuning (CBP-Tuning), a novel framework that facilitates efficient local customization while preserving bidirectional privacy. Specifically, we design a two-stage framework: (1) a prompt generator trained on the server-side to capture domain-specific and task-agnostic capabilities, and (2) user-side gradient-free optimization that tailors soft prompts for individual tasks. This approach eliminates the need for users to access model weights or upload private data, requiring only a single customized vector per task while achieving effective adaptation. Furthermore, the evaluation of CBP-Tuning in the commonsense reasoning, medical and financial domain settings demonstrates superior performance compared to baselines, showcasing its advantages in task-agnostic processing and privacy preservation.