Go to ICLR 2026 Conference homepageSPILLage: Agentic Oversharing on the Web
Keywords: Web Agent, Privacy, Oversharing, Contextual Integrity
Abstract: We present SPILLAGE, a novel framework for analyzing how web agents handle user resources when accomplishing tasks on their behalf across real-world websites. SPILLAGE introduces the problem of Natural Oversharing–the inappropriate disclosure of user information to external parties–and characterizes such disclosures along two axes based on user privacy expectations and agent capabilities: directness (explicit vs. implicit) and mode (textual vs. non-textual actions). While prior work has mostly focused on explicit textual data leakage in
synthetic environments, we study four distinct oversharing categories of agents in the wild: Explicit Content, Implicit Content, Explicit Behavioral, and Implicit Behavioral oversharing. Building on this taxonomy, we introduce the first real-world benchmark for oversharing, evaluated on live e-commerce sites. Our tasks grant agents access to user resources containing a natural blend of information essential
for task completion with inappropriate information. We deploy agents on these real websites and measure oversharing at every execution step using structured, step-level annotations. Our experiments show that agents are much more public about what users expect to be private. Agents overemphasis on task utility leave them blind to distinguishing which information is inappropriate to disclose in their
interactions with websites. For instance, a gpt-4o-based agent produces 1,151 cases of explicit behavioral oversharing on a single site. More interestingly, various categories of oversharing often co-occur within a single agentic step. Finally, we find that oversharing can be substantially reduced without a utility loss, suggesting practical mitigation opportunities.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 14145
Loading