This study addresses the privacy risks posed by enterprise large language model (LLM) agents, which, while enhancing operational efficiency, are prone to leaking sensitive information through internal contextual cues. For the first time, the paper introduces the Contextual Integrity (CI) theory to evaluate privacy in enterprise LLM agents and constructs CI-Work, a benchmark simulating five canonical enterprise information-flow scenarios. Using dense retrieval and multi-directional workflow modeling, the authors systematically assess mainstream LLMs, revealing a counterintuitive trade-off between task utility and privacy preservation. Results show that privacy violation rates range from 15.8% to 50.9%, with information leakage reaching up to 26.7%. Notably, merely scaling model size or increasing reasoning depth fails to mitigate these issues, underscoring the need for context-centric privacy-preserving architectures.

Enterprise LLM agents can dramatically improve workplace productivity, but their core capability, retrieving and using internal context to act on a user's behalf, also creates new risks for sensitive information leakage. We introduce CI-Work, a Contextual Integrity (CI)-grounded benchmark that simulates enterprise workflows across five information-flow directions and evaluates whether agents can convey essential content while withholding sensitive context in dense retrieval settings. Our evaluation of frontier models reveals that privacy failures are prevalent (violation rates range from 15.8%-50.9%, with leakage reaching up to 26.7%) and uncovers a counterintuitive trade-off critical for industrial deployment: higher task utility often correlates with increased privacy violations. Moreover, the massive scale of enterprise data and potential user behavior further amplify this vulnerability. Simply increasing model size or reasoning depth fails to address the problem. We conclude that safeguarding enterprise workflows requires a paradigm shift, moving beyond model-centric scaling toward context-centric architectures.