“`html
In this article
The Core Problem With Cloud Memory
When interacting with an AI agent, sensitive details like health conditions, email addresses, financial figures, passwords, and more are often present in the conversation. In a typical edge-cloud deployment, these details travel to and persist in cloud systems, posing significant privacy risks.
What MemPrivacy Does Differently
Rather than masking private content, MemPrivacy replaces it with typed placeholders, such as <Health_Info_1> or <Email_1>. This approach allows the cloud model to operate normally while preserving privacy. When a response from the cloud contains these placeholders, local devices lookup and substitute them with actual values.
A Four-Level Privacy Taxonomy
- PL1: Covers general preferences, habits, and stylistic choices that do not identify a person and carry low risk. These are not protected by default.
- PL2: Includes identifiable PII, real names, phone numbers, email addresses, detailed addresses, account usernames, and combinations that could identify or trace a specific individual.
- PL3: Covers highly sensitive PII: government document numbers, financial account details, health records, precise location and trajectory data, biometrics, raw communication content, and sensitive identity attributes such as religious beliefs or ethnicity.
- PL4: The highest tier, credentials and secrets that are immediately exploitable: passwords, PINs, verification codes, session tokens, API keys, private keys, seed phrases, and undisclosed business materials. Exposure at this level can directly result in account takeover, financial loss, or large-scale data exfiltration.
MemPrivacy-Bench and Model Training
To train and evaluate their approach, the research team constructed MemPrivacy-Bench, a dataset covering 200 synthetic user profiles and over 155,000 privacy instances (125,776 training, 29,967 test) across balanced Chinese and English dialogue. The test set contains 615 question-answer pairs across six memory task types: basic memory, temporal reasoning, adversarial questioning, dynamic updating, implicit inference, and information aggregation.
Experimental Results
The best-performing model, MemPrivacy-4B-RL, achieves an F1 score of 85.97% on MemPrivacy-Bench and 94.48% on PersonaMem-v2, outperforming GPT-5.2 (68.99%) and Gemini-3.1-Pro (78.41%) on privacy span extraction.
Key Takeaways
- MemPrivacy replaces sensitive user data with semantically typed placeholders before cloud transmission, ensuring the cloud memory system never sees raw private values.
- The framework introduces a four-level privacy taxonomy (PL1–PL4) to define what gets protected and at what threshold.
- MemPrivacy-4B-RL achieves 85.97% F1 on MemPrivacy-Bench and 94.48% on PersonaMem-v2, outperforming GPT-5.2 (68.99%) and Gemini-3.1-Pro (78.41%) on privacy span extraction.
- Across widely used memory systems like LangMem, Mem0, and Memobase, applying MemPrivacy at the PL2–PL4 level limits memory utility loss to within 1.6%, compared to accuracy drops of up to 41.87% with irreversible masking.
- The models range from 0.6B to 4B parameters, allowing for per-message inference under two seconds without noticeable latency.
Marktechpost’s Visual Explainer
MemPrivacy
Developer Guide
“`
This HTML snippet provides a structured and readable version of the article, adhering to British English conventions and ensuring all key points are covered.




