Personalized AI agents rely on access to a user's digital footprint, which often includes sensitive data from private emails, chats and purchase histories. Yet this access creates a fundamental societal and privacy risk: systems lacking social-context awareness can unintentionally expose user secrets, threatening digital well-being. We introduce PrivacyBench, a benchmark with socially grounded datasets containing embedded secrets and a multi-turn conversational evaluation to measure secret preservation. Testing Retrieval-Augmented Generation (RAG) assistants reveals that they leak secrets in up to 26.56% of interactions. A privacy-aware prompt lowers leakage to 5.12%, yet this measure offers only partial mitigation. The retrieval mechanism continues to access sensitive data indiscriminately, which shifts the entire burden of privacy preservation onto the generator. This creates a single point of failure, rendering current architectures unsafe for wide-scale deployment. Our findings underscore the urgent need for structural, privacy-by-design safeguards to ensure an ethical and inclusive web for everyone.

翻译：个性化AI代理依赖于访问用户的数字足迹，这些足迹通常包含来自私人电子邮件、聊天记录和购买历史等敏感数据。然而，这种访问带来了根本性的社会与隐私风险：缺乏社交情境感知的系统可能无意中暴露用户秘密，从而威胁数字福祉。我们提出了PrivacyBench，这是一个包含嵌入秘密的社会情境数据集基准，以及用于衡量秘密保留能力的多轮对话评估方法。对检索增强生成（RAG）助手的测试表明，其在高达26.56%的交互中泄露秘密。采用隐私感知提示可将泄露率降低至5.12%，但该措施仅能提供部分缓解。检索机制仍会不加区分地访问敏感数据，从而将隐私保护的全部负担转移至生成器。这形成了单点故障，使得当前架构在大规模部署中存在安全隐患。我们的研究结果强调，迫切需要构建结构化的、隐私优先的设计保障机制，以确保为所有人建立一个合乎伦理且包容的网络环境。