Saved in:
Bibliographic Details
Main Authors: Lin, Yixi, Wu, Jiangrong, Nan, Yuhong, Wang, Xueqiang, Zhang, Xinyuan, Zheng, Zibin
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2603.07557
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915843200253952
author Lin, Yixi
Wu, Jiangrong
Nan, Yuhong
Wang, Xueqiang
Zhang, Xinyuan
Zheng, Zibin
author_facet Lin, Yixi
Wu, Jiangrong
Nan, Yuhong
Wang, Xueqiang
Zhang, Xinyuan
Zheng, Zibin
contents The rapid integration of Large Language Model (LLM) agents into autonomous task execution has introduced significant privacy concerns within cross-tool data flows. In this paper, we systematically investigate and define a novel risk termed Data Over-Exposure (DOE) in LLM Agent, where an Agent inadvertently transmits sensitive data beyond the scope of user intent and functional necessity. We identify that DOE is primarily driven by the broad data paradigms in tool design and the coarse-grained data processing inherent in LLMs. In this paper, we present AgentRaft, the first automated framework for detecting DOE risks in LLM agents. AgentRaft combines program analysis with semantic reasoning through three synergistic modules: (1) it constructs a Cross-Tool Function Call Graph (FCG) to model the interaction landscape of heterogeneous tools; (2) it traverses the FCG to synthesize high-quality testing user prompts that act as deterministic triggers for deep-layer tool execution; and (3) it performs runtime taint tracking and employs a multi-LLM voting committee grounded in global privacy regulations (e.g., GDPR, CCPA, PIPL) to accurately identify privacy violations. We evaluate AgentRaft on a testing environment of 6,675 real-world agent tools. Our findings reveal that DOE is indeed a systemic risk, prevalent in 57.07% of potential tool interaction paths. AgentRaft achieves a high detection accuracy and effectiveness, outperforming baselines by 87.24%. Furthermore, AgentRaft reaches near-total DOE coverage (99%) within only 150 prompts while reducing per-chain verification costs by 88.6%. Our work provides a practical foundation for building auditable and privacy-compliant LLM agent systems.
format Preprint
id arxiv_https___arxiv_org_abs_2603_07557
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle AgentRaft: Automated Detection of Data Over-Exposure in LLM Agents
Lin, Yixi
Wu, Jiangrong
Nan, Yuhong
Wang, Xueqiang
Zhang, Xinyuan
Zheng, Zibin
Software Engineering
The rapid integration of Large Language Model (LLM) agents into autonomous task execution has introduced significant privacy concerns within cross-tool data flows. In this paper, we systematically investigate and define a novel risk termed Data Over-Exposure (DOE) in LLM Agent, where an Agent inadvertently transmits sensitive data beyond the scope of user intent and functional necessity. We identify that DOE is primarily driven by the broad data paradigms in tool design and the coarse-grained data processing inherent in LLMs. In this paper, we present AgentRaft, the first automated framework for detecting DOE risks in LLM agents. AgentRaft combines program analysis with semantic reasoning through three synergistic modules: (1) it constructs a Cross-Tool Function Call Graph (FCG) to model the interaction landscape of heterogeneous tools; (2) it traverses the FCG to synthesize high-quality testing user prompts that act as deterministic triggers for deep-layer tool execution; and (3) it performs runtime taint tracking and employs a multi-LLM voting committee grounded in global privacy regulations (e.g., GDPR, CCPA, PIPL) to accurately identify privacy violations. We evaluate AgentRaft on a testing environment of 6,675 real-world agent tools. Our findings reveal that DOE is indeed a systemic risk, prevalent in 57.07% of potential tool interaction paths. AgentRaft achieves a high detection accuracy and effectiveness, outperforming baselines by 87.24%. Furthermore, AgentRaft reaches near-total DOE coverage (99%) within only 150 prompts while reducing per-chain verification costs by 88.6%. Our work provides a practical foundation for building auditable and privacy-compliant LLM agent systems.
title AgentRaft: Automated Detection of Data Over-Exposure in LLM Agents
topic Software Engineering
url https://arxiv.org/abs/2603.07557