Go to ICML 2026 Workshop AIWILD homepageHow Should Your Agent Talk to Mine? Measuring the Utility–Security Frontier of Cross-Boundary Agentic Delegation
Keywords: Multi-Agent Systems, Privacy, Security, LLM Agents
Abstract: Personal agents can now be delegates: systems that hold private data, wield tools, and act on behalf of their owners. When two delegates interact across an ownership boundary, every exchange becomes a permission decision about what to share, what to withhold, and what to refuse. There must be a trade-off between how much an agent shares (utility) and how much it protects (security), but few have mapped this frontier under controlled, deployment-motivated conditions. We introduce SharedOS, a multi-agent shared delegation system, and use it to systematically chart the security–utility frontier. We ask three questions. What moves the frontier? Only category-specific policies do; generic privacy instructions are statistically inert. Is the frontier stable over time? No: multi-turn interaction erodes it through adaptive retry strategies and incidental disclosure channels invisible to single-turn evaluation. Is the frontier the same for everyone? No: relationship context reshapes it in category-specific ways, and over-refusal, not leakage, becomes the dominant failure mode. Across six models spanning three providers, we find that the frontier is shaped by forces the policy author does not control: the model's implicit social norms, the semantic properties of the data, and the requester's conversational framing. These findings, as well as SharedOS that supports the investigation, pave the way for the community to explore cross-boundary agentic delegation further.
Track: Regular Paper (9 pages)
Email Sharing: We authorize the sharing of all author emails with Program Chairs.
Data Release: We authorize the release of our submission and author names to the public in the event of acceptance.
Submission Number: 176
Loading