Multi-Agent AI Systems and Privacy: When Your AI Agents Start Sharing Secrets

Single-agent AI privacy is hard enough. You send a message, it hits one LLM provider, that provider logs it, stores it, and subjects it to their DPA. You can reason about that chain. Multi-agent systems break that model entirely. When agents talk to each other — when your AI assistant calls a tool, which calls another agent, which queries a third API — user data flows through a chain of systems, each with different privacy policies, different jurisdictions, and different security postures. The user has no visibility into any of it. This is the multi-agent privacy problem, and it's getting urgent fast. The Architecture Creates the Problem Modern AI assistant platforms work like this: User → Primary Agent → Tool 1 (search) → Third-party API → Tool 2 (email) → Email provider → Tool 3 (skill) → External skill server ↓ Sub-agent (planning) → Another LLM provider ↓ Sub-agent (execution) → External service At each arrow, the following may happen: The receiving system logs the request (includi