Exposing LLM User Privacy via Traffic Fingerprint Analysis: A Study of Privacy Risks in LLM Agent Interactions

📅 2025-10-08
📈 Citations: 0
Influential: 0
📄 PDF

career value

233K/year
🤖 AI Summary
This work identifies a novel privacy threat: large language model (LLM)-based agents leak identifiable interaction fingerprints in their encrypted network traffic, enabling adversaries to recognize specific agents, infer agent behavior, and deduce sensitive user attributes (e.g., occupation, education level). To quantify this vulnerability, the authors propose AgentPrint—a systematic framework that jointly models temporal traffic features and employs lightweight machine learning classifiers. Experiments demonstrate that AgentPrint achieves an F1-score of 0.866 for agent identification and attains top-3 accuracy of 73.9% and 69.1% for user attribute inference in simulated and real-world settings, respectively. This is the first study to empirically reveal that the interactive nature of LLM agents—while enhancing functionality—introduces substantial privacy risks. The findings provide critical evidence for designing privacy-preserving LLM agent systems and underscore the need for traffic obfuscation mechanisms in AI service deployments.

Technology Category

Application Category

📝 Abstract
Large Language Models (LLMs) are increasingly deployed as agents that orchestrate tasks and integrate external tools to execute complex workflows. We demonstrate that these interactive behaviors leave distinctive fingerprints in encrypted traffic exchanged between users and LLM agents. By analyzing traffic patterns associated with agent workflows and tool invocations, adversaries can infer agent activities, distinguish specific agents, and even profile sensitive user attributes. To highlight this risk, we develop AgentPrint, which achieves an F1-score of 0.866 in agent identification and attains 73.9% and 69.1% top-3 accuracy in user attribute inference for simulated- and real-user settings, respectively. These results uncover an overlooked risk: the very interactivity that empowers LLM agents also exposes user privacy, underscoring the urgent need for technical countermeasures alongside regulatory and policy safeguards.
Problem

Research questions and friction points this paper is trying to address.

LLM agent interactions create distinctive encrypted traffic fingerprints
Adversaries can infer activities and profile sensitive user attributes
Agent identification and user attribute inference reveal privacy risks
Innovation

Methods, ideas, or system contributions that make the work stand out.

Analyzing encrypted traffic patterns for agent identification
Developing AgentPrint system for fingerprint-based inference
Achieving high accuracy in user attribute profiling