pith. machine review for the scientific record. sign in

arxiv: 2605.09530 · v3 · submitted 2026-05-10 · 💻 cs.CR · cs.CL

Recognition: unknown

MemPrivacy: Privacy-Preserving Personalized Memory Management for Edge-Cloud Agents

Yining Chen , Jihao Zhao , Bo Tang , Haofen Wang , Feiyu Xiong , Zhiyu Li
Authors on Pith no claims yet

Pith reviewed 2026-05-15 05:40 UTC · model grok-4.3

classification 💻 cs.CR cs.CL
keywords memorymemprivacyprivacyprotectionagentsedge-cloudinformationpersonalized
0
0 comments X

The pith

MemPrivacy uses edge-side privacy span detection and semantic placeholders to enable cloud memory management for LLM agents while limiting utility loss to 1.6% and outperforming masking baselines.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The system runs a privacy detector on the user's device to find sensitive pieces of information such as names, locations, or personal facts. Instead of deleting or heavily masking these spans, it replaces them with structured placeholders that carry type information like 'person' or 'date'. The cloud side can then build and search long-term memories using these placeholders without seeing the real values. When the agent needs to use the memory for the user, the original data is restored on the edge device. The authors also built a benchmark dataset covering 200 users and more than 155,000 privacy examples along with a four-level taxonomy that lets users choose how strict the protection should be. Experiments claim the approach extracts private information more accurately than large models like GPT-5.2 and reduces latency while keeping memory system performance nearly intact.

Core claim

MemPrivacy limits utility loss to within 1.6%, outperforming baseline masking strategies while achieving strong performance in privacy information extraction, substantially surpassing GPT-5.2 and Gemini-3.1-Pro.

Load-bearing premise

That type-aware placeholders retain sufficient semantic information for effective memory formation, retrieval, and personalization even after sensitive spans are removed from cloud-side processing.

read the original abstract

As LLM-powered agents are increasingly deployed in edge-cloud environments, personalized memory has become a key enabler of long-term adaptation and user-centric interaction. However, cloud-assisted memory management exposes sensitive user information, while existing privacy protection methods typically rely on aggressive masking that removes task-relevant semantics and consequently degrades memory utility and personalization quality. To address this challenge, We propose MemPrivacy, which identifies privacy-sensitive spans on edge devices, replaces them with semantically structured type-aware placeholders for cloud-side memory processing, and restores the original values locally when needed. By decoupling privacy protection from semantic destruction, MemPrivacy minimizes sensitive data exposure while retaining the information required for effective memory formation and retrieval. We also construct MemPrivacy-Bench for systematic evaluation, a dataset covering 200 users and over 155k privacy instances, and introduce a four-level privacy taxonomy for configurable protection policies. Experiments show that MemPrivacy achieves strong performance in privacy information extraction, substantially surpassing strong general-purpose models such as GPT-5.2 and Gemini-3.1-Pro, while also reducing inference latency. Across multiple widely used memory systems, MemPrivacy limits utility loss to within 1.6%, outperforming baseline masking strategies. Overall, MemPrivacy offers an effective balance between privacy protection and personalized memory utility for edge-cloud agents, enabling secure, practical, and user-transparent deployment.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

Review performed on abstract only; full paper would be needed to identify all free parameters and assumptions. The central claim rests on the unstated premise that placeholders preserve enough semantics for memory tasks.

axioms (2)
  • domain assumption Privacy-sensitive spans can be reliably identified on edge devices using local models without access to full cloud context.
    Required for the first step of the pipeline described in the abstract.
  • domain assumption Type-aware placeholders retain sufficient semantic type information for downstream memory formation and retrieval.
    Central to the claim that utility loss remains low.
invented entities (1)
  • type-aware placeholders no independent evidence
    purpose: Replace sensitive spans while conveying semantic category to cloud memory systems
    New construct introduced to decouple privacy from semantic destruction.

pith-pipeline@v0.9.0 · 5549 in / 1390 out tokens · 47581 ms · 2026-05-15T05:40:29.192123+00:00 · methodology

Review history (3 revisions) →

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.