CMSC 463 – Silent Leaks: Measuring and Reducing Prompt Sensitivity in LLM-Driven IoT Agents
In support of CMSC 463
Professor: Dr. Roberto Yus, Department of Computer Science and Electrical Engineering.
Max Breitmeyer, Phillip Henry, Jaspreet Gill, Grayer Warren.
LLM-based IoT assistants (smart home agents, home security copilots, elder-care monitoring assistants, etc.) don’t just handle user text—they ingest device telemetry and event history (locks, cameras, motion sensors, geofencing, thermostats, voice assistants). Even when explicit PII is absent, this context can reveal high-impact private facts such as occupancy patterns, sleep routines, relationship/children presence, and security posture. Most privacy work in LLM applications focuses on detecting and redacting direct identifiers (names, emails, SSNs). But IoT workflows introduce a harder problem: inference leakage. A prompt can be “PII-clean” and still reveal “home is empty every weekday 9–5” or “child wakes at 2am,” which is actionable and sensitive. These risks are amplified by agent pipelines that:
summarize long histories into prompts,
plan multi-step actions using rich context,
call external tools/APIs, and
log intermediate prompts and tool-call arguments.
This project asks: Where and how do “silent leaks” emerge in IoT agent workflows, how can we quantify them, and what lightweight mitigations reduce leakage without breaking automation quality?