Privacy risks of agentic oversharing on the Web | Brave

AI agents found to be far more public about data that users expect to remain private

You’ve probably heard of LLM-based agents that can act on our behalf online, automating tasks like booking flights or filling out forms by navigating live websites with your credentials and personal data. It sounds incredibly powerful, almost like finally having the digital assistant we always dreamed of. But the moment these agents begin operating across real systems, with access to sensitive information, important questions surface: How do web agents handle your data while accomplishing tasks on your behalf? If you carry certain privacy expectations, are those expectations actually respected? Or are web agents blind to distinguishing which user information is inappropriate to disclose in their interactions with websites? More provocatively: is privacy merely a design consideration, or a fundamental requirement for trustworthy agentic task completion?

These are the questions we set out to answer in SPILLAGE: Agentic Oversharing on the Web, a new research project conducted as part of the Brave internship program.

The case for Web agents

Agents powered by Large Language Models (LLMs) fulfill a deeply human desire: having an assistant to handle tasks of daily life and act on one’s behalf, now extended into the digital realm. Agents allow users to automate tasks through a natural language interface, receiving and executing instructions much like a human assistant would, or as Maes (1994) put it, “a personal assistant who is collaborating with the user in the same work environment.” Unlike controlled chatbot settings that are limited to answering questions, agents autonomously plan and execute sequences of actions to accomplish user goals, performing delegated tasks on a user’s behalf or as part of the user’s extended mind (Clark & Chalmers, 1998).