Do you think your AI assistant understands privacy?

A new study suggests it might be missing the bigger picture.

Researchers have developed PrivacyLens, a framework that evaluates how well language models (LMs) grasp privacy norms in action.

At its core is a 5-part model of contextual privacy:

1. Data Type: What kind of information is being shared?

2. Data Subject: Who is the information about?

3. Data Sender: Who is sharing the information?

4. Data Recipient: Who is receiving the information?

5. Transmission Principle: How is the information being shared?

These elements define whether sharing information is appropriate in a given context.

However, the study found that even advanced LMs like GPT-4 need help with this nuanced understanding.

When acting as AI agents, these models leaked sensitive information in over 25% of cases despite privacy-enhancing prompts. This reveals a significant gap between an AI’s ability to answer privacy-related questions and its actual behavior when assisting with tasks.

For security professionals, this highlights the need for more comprehensive testing of AI systems, especially those handling sensitive data. How might you incorporate this contextual privacy model into your AI risk assessments?

Cheers, Craig