[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-83357-en":3,"doc-seo-83357-105":29,"detail-sidebar-cat-0-en-105":91},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},83357,1099514068365,"Aurelia","https://ap-avatar.wpscdn.com/avatar/10000253d8d9f28188e?_k=1776742907772140068",8,"Research & Report","Multi-Agent Firewall Architecture for Privacy Protection of Sensitive Data in Interactions with Language Models","Large Language Models (LLMs) have become essential productivity tools, yet integrating them into workflows without safeguards creates serious privacy risks. The paper presents an open-source, privacy-first, user-facing firewall that protects both browser-based and programmatic LLM interactions. A browser extension plus a proxy intercepts all traffic across HTTP(S) and WebSocket channels. A multi-agent pipeline prevents data leakage using deterministic detection with LLM-driven semantic analysis, including code-leakage defenses and extensible components for future prompt-security enhancements. Layered deployment supports heterogeneous environments and balances cost, depth, and latency.","MULTI-AGENT FIREWALL ARCHITECTURE FOR PRIVACY PROTECTION OF SENSITIVE DATA IN INTERACTIONS WITH  \nLANGUAGE MODELS  \nHugo García Cuesta  \nUniversidad Carlos III de Madrid Madrid, Spain  \n[100428954@alumnos.uc3m.es](100428954@alumnos.uc3m.es)  \n Pablo Mateo Torrejón  \nUniversidad Carlos III de Madrid Madrid, Spain [pmateo@pa.uc3m.es](pmateo@pa.uc3m.es)  \n Alfonso Sánchez-Macián  \nUniversidad Carlos III de Madrid Madrid, Spain [alfonsan@it.uc3m.es](alfonsan@it.uc3m.es)  \narXiv :2607 .08282v 1 [ cs .CR] 9 Jul 2026  \nJuly 10, 2026  \nABSTRACT  \nWhile Large Language Models (LLMs) have become essential productivity tools, their integration into workflows without adequate safeguards creates significant risks. This paper proposes an open-source, privacy-focused, user-facing firewall designed to secure both web-based and programmatic LLM interactions. The architecture combines a browser extension and a proxy for total traffic interception across both [HTTP](HTTP)(S) and WebSocket communications. At its core, a flexible multi-agent pipeline delivers data leakage prevention through a hybrid approach combining deterministic detectors with LLM-driven semantic analysis, proprietary code leakage prevention, and extensible components designed for future security enhancements such as prompt injection evasion. The framework’slayered architecture enables deployment across heterogeneous environments, allowing organizations to balance computational cost, detection depth and latency. Evaluation results demonstrate it achieves F1 scores of up to 94.93% on optimal configurations.  \nKeywords Large Language Models · Prompt Security · Data Leakage Prevention · Named Entity Recognition · Privacy-Preserving Detection · Local Inference  \n1 Introduction  \nGenerative Artificial Intelligence has fundamentally shifted how we interact with information, offering a powerful shortcut for complex tasks that previously required hours of human effort. However, this huge leap in capability has outpaced our ability to secure it. As individuals and institutions race to balance these tools, a critical study field has emerged between the immediate appeal of high speed output and the necessity of protecting private information.  \nWhile some businesses ban LLMs entirely and others allow unrestricted access, many are stuck in a difficult middle ground. Some attempt to bridge this gap by deploying their own local AI models. However, these internal systems often lack the intelligence of industry leading tools, forcing a choice between cutting-edge power and total data privacy.  \nEmployee behavior remains a critical vector in corporate data security, as professional workflows often prioritize immediate utility and efficiency over security guidelines. This productivity bias is particularly evident among power users who, despite awareness of systemic risks, frequently bypass traditional safeguards to maintain operational speed. Not only do manual policies and static warnings fail to discourage the input of sensitive data, but they also frequently devolve into a source of alert fatigue [1]; consequently, human behavior constitutes one of the biggest risks for company security [2] .  \nThis vulnerability is not confined to the corporate perimeter, it extends into the personal domain. Individual users increasingly rely on LLMs for financial planning, legal advice, and health inquiries, often unaware that they are feeding sensitive data into public models. Unlike organizations, which may have dedicated security teams, the average user lacks accessible tools to audit their own AI interactions. This is especially relevant in domestic environments, where a  \nsingle protective layer could help reduce exposure for all household members, from children using AI for schoolwork to adults handling personal or financial matters.  \nWhile existing security strategies are robust for legacy environments, LLMs introduce new challenges. Current approaches each present distinct trade-offs: they either re","cbCaicZTkxr28HaJ","https://ap.wps.com/l/cbCaicZTkxr28HaJ","pdf",311732,1,20,"English","en",105,"# Introduction\n## Problem Context and Motivation\n## Limitations of Existing Approaches\n## Proposed Modular Local-First Framework\n# Architecture and Core Mechanisms\n## Dual Layered Interception\n## Browser Platform Adapters\n## Multimodal Analysis\n## Deeply Customizable Detection Engine\n## Code Leakage Prevention\n## Granular Risk Enforcement","[{\"question\":\"What problem does the proposed system address for LLM usage?\",\"answer\":\"It addresses privacy risks caused by using LLMs in workflows without adequate safeguards, especially the leakage of sensitive data through both web and programmatic interactions.\"},{\"question\":\"How does the architecture monitor LLM traffic?\",\"answer\":\"It combines a browser extension for web monitoring with a transparent man-in-the-middle proxy that intercepts API traffic over HTTP(S) and WebSocket (WSS) channels.\"},{\"question\":\"How does the system detect sensitive information and prevent leakage?\",\"answer\":\"It uses a hybrid multi-agent pipeline that combines deterministic detectors with LLM-driven semantic analysis, supports multimodal inspection (text prompts and file uploads), and includes dedicated code leakage detection using fuzzy matching.\"}]",1784186975,50,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":86,"head_meta":88,"extra_data":90,"updated_unix":27},"multi-agent-firewall-architecture-for-privacy-protection-of-sensitive-data-in-interactions-with-language-models","",{"@graph":35,"@context":85},[36,53,68],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/research-report/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/multi-agent-firewall-architecture-for-privacy-protection-of-sensitive-data-in-interactions-with-language-models/83357/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-17","2026-07-16",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81],{"name":72,"@type":73,"acceptedAnswer":74},"What problem does the proposed system address for LLM usage?","Question",{"text":75,"@type":76},"It addresses privacy risks caused by using LLMs in workflows without adequate safeguards, especially the leakage of sensitive data through both web and programmatic interactions.","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"How does the architecture monitor LLM traffic?",{"text":80,"@type":76},"It combines a browser extension for web monitoring with a transparent man-in-the-middle proxy that intercepts API traffic over HTTP(S) and WebSocket (WSS) channels.",{"name":82,"@type":73,"acceptedAnswer":83},"How does the system detect sensitive information and prevent leakage?",{"text":84,"@type":76},"It uses a hybrid multi-agent pipeline that combines deterministic detectors with LLM-driven semantic analysis, supports multimodal inspection (text prompts and file uploads), and includes dedicated code leakage detection using fuzzy matching.","https://schema.org",{"og:url":51,"og:type":87,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":89,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":92},[93,97,101,105,110,114,119,122,126,129,133],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":94,"show_sort_weight":95,"slug":96},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":98,"show_sort_weight":99,"slug":100},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":102,"show_sort_weight":103,"slug":104},"Exam",70,"exam",{"id":106,"doc_module":4,"doc_module_name":45,"category_name":107,"show_sort_weight":108,"slug":109},5,"Comic",60,"comic",{"id":111,"doc_module":4,"doc_module_name":45,"category_name":112,"show_sort_weight":28,"slug":113},6,"Technology","technology",{"id":115,"doc_module":4,"doc_module_name":45,"category_name":116,"show_sort_weight":117,"slug":118},7,"Healthcare",40,"healthcare",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":120,"slug":121},30,"research-report",{"id":123,"doc_module":4,"doc_module_name":45,"category_name":124,"show_sort_weight":21,"slug":125},9,"Religion & Spirituality","religion-spirituality",{"id":21,"doc_module":4,"doc_module_name":45,"category_name":127,"show_sort_weight":21,"slug":128},"World Cup","world-cup",{"id":130,"doc_module":4,"doc_module_name":45,"category_name":131,"show_sort_weight":130,"slug":132},10,"Lifestyle","lifestyle",{"id":134,"doc_module":4,"doc_module_name":45,"category_name":135,"show_sort_weight":106,"slug":136},19,"General","general"]