Agents working on your behalf spill your data. Research finds it's common, asking them to be private isn't enough—and tightening privacy can actually improve results.

Brave's publication is a source of information and insights on internet privacy, online advertising, and browser technology. Through articles, research papers, and opinion pieces, Brave offers insights into digital privacy issues, data protection regulations, and the impact of online advertising on user experience and security. Readers can learn about Brave's privacy-focused browser features, ad-blocking technologies, and blockchain-based rewards program designed to protect user privacy and incentivize ethical advertising practices. Additionally, Brave provides updates on its partnerships, product developments, and community initiatives to empower users to take control of their online privacy and security.

Brave

Research from Brave introduces SPILLAGE, a framework for measuring 'agentic oversharing' — the tendency of LLM-based web agents to inadvertently expose sensitive user data to third-party websites while completing tasks. Testing across Amazon and eBay with 1,080 runs using Browser-Use and AutoGen (backed by GPT-4o, O3, O4-mini) found oversharing is pervasive, with behavioral oversharing dominating content oversharing. Critically, prompt-level privacy instructions are insufficient to stop it. Counterintuitively, removing task-irrelevant data from agent inputs improved task success rates by up to 17.9%, showing privacy and utility are complementary rather than in conflict.

Privacy risks of agentic oversharing on the Web

Privacy stakes and user expectations in Web agents

Privacy as disclosure: what and how agents share on the Web

Oversharing is pervasive and prompt-level mitigation is not enough

Privacy and utility are not at odds in Web agents