MemPrivacy limits memory utility loss to 1.6% while masking sensitive user data in edge-cloud agents
A new privacy framework replaces private user data with type-aware placeholders before cloud processing, then restores originals locally—limiting utility loss to 1.6% across memory systems.
MemPrivacy is a privacy-preserving memory framework that lets edge-cloud LLM agents protect sensitive user data without sacrificing the personalization that long-term memory enables. The system identifies privacy-sensitive spans on the user's device, swaps them for semantically structured placeholders before sending anything to the cloud, and restores the original values locally when the agent needs them. The approach outperforms GPT-5.2 and Gemini-3.1-Pro on privacy extraction and cuts inference latency while keeping memory utility loss under 1.6 percent across multiple memory systems.
The framework introduces MemPrivacy-Bench, a dataset covering 200 users and over 52,000 privacy instances, along with a four-level taxonomy that lets users configure protection policies. Traditional masking methods aggressively redact sensitive text, which removes the semantic context cloud-side memory modules need to form useful long-term representations. MemPrivacy's placeholder scheme preserves type information (names, locations, dates, account numbers) so the cloud can still build coherent memory structures, then the edge device re-injects the actual values when retrieving or acting on that memory.
What stands out
- 01Privacy extraction accuracy — MemPrivacy substantially beats GPT-5.2 and Gemini-3.1-Pro at identifying sensitive spans on the benchmark dataset.
- 02Utility preservation — Across widely used memory systems, MemPrivacy limits performance degradation to within 1.6%, far better than baseline masking strategies that strip semantic context.
- 03Latency reduction — The framework reduces inference latency compared to sending full plaintext or using heavy encryption, because the cloud processes structured placeholders rather than raw sensitive strings.
- 04Configurable privacy levels — The four-level taxonomy lets users dial protection up or down—strict masking for high-risk data, lighter placeholders for lower-sensitivity fields—without retraining the agent.