Beyond Refusal: Probing the Limits of Agentic Self-Correction for Semantic Sensitive Information

Umid Suleymanov, Zaur Rajabov, Emil Mirzazada, Murat Kantarcioglu · Feb 25, 2026 · Citations: 0

Open arXiv Find Implementation RSS feed Shortlist (0)

How to use this paper page

Coverage: Stale

Use this page to decide whether the paper is strong enough to influence an eval design. It summarizes the abstract plus available structured metadata. If the signal is thin, use it as background context and compare it against stronger hub pages before making protocol choices.

Best use

Secondary protocol comparison source

Metadata: Stale

Trust level

Moderate

Signals: Stale

What still needs checking

No benchmark/dataset or metric anchors were extracted.

Signal confidence: 0.65

Abstract

While defenses for structured PII are mature, Large Language Models (LLMs) pose a new threat: Semantic Sensitive Information (SemSI), where models infer sensitive identity attributes, generate reputation-harmful content, or hallucinate potentially wrong information. The capacity of LLMs to self-regulate these complex, context-dependent sensitive information leaks without destroying utility remains an open scientific question. To address this, we introduce SemSIEdit, an inference-time framework where an agentic "Editor" iteratively critiques and rewrites sensitive spans to preserve narrative flow rather than simply refusing to answer. Our analysis reveals a Privacy-Utility Pareto Frontier, where this agentic rewriting reduces leakage by 34.6% across all three SemSI categories while incurring a marginal utility loss of 9.8%. We also uncover a Scale-Dependent Safety Divergence: large reasoning models (e.g., GPT-5) achieve safety through constructive expansion (adding nuance), whereas capacity-constrained models revert to destructive truncation (deleting text). Finally, we identify a Reasoning Paradox: while inference-time reasoning increases baseline risk by enabling the model to make deeper sensitive inferences, it simultaneously empowers the defense to execute safe rewrites.

Use caution before copying this protocol

Use this page for context, then validate protocol choices against stronger HFEPX references before implementation decisions.

No benchmark/dataset or metric anchors were extracted.

Human Eval Hub LLM-as-Judge Hub Pairwise Preference Hub

HFEPX Relevance Assessment

This paper has useful evaluation signal, but protocol completeness is partial; pair it with related papers before deciding implementation strategy.

Best use

Secondary protocol comparison source

Use if you need

A secondary eval reference to pair with stronger protocol papers.

Main weakness

No benchmark/dataset or metric anchors were extracted.

Trust level

Moderate

Eval-Fit Score

55/100 • Medium

Useful as a secondary reference; validate protocol details against neighboring papers.

Human Feedback Signal

Detected

Evaluation Signal

Detected

HFEPX Fit

Moderate-confidence candidate

Extraction confidence: Moderate

If you are doing eval pipeline work, start here:

Human Eval Hub LLM-as-Judge Hub Pairwise Preference Hub Tool-Use Eval Hub

What This Page Found In The Paper

Each field below shows whether the signal looked explicit, partial, or missing in the available metadata. Use this to judge what is safe to trust directly and what still needs full-paper validation.

Human Feedback Types

strong

Critique Edit

Confidence: Moderate Direct evidence

Directly usable for protocol triage.

Evidence snippet: While defenses for structured PII are mature, Large Language Models (LLMs) pose a new threat: Semantic Sensitive Information (SemSI), where models infer sensitive identity attributes, generate reputation-harmful content, or hallucinate potentially wrong information.

Evaluation Modes

strong

Automatic Metrics

Confidence: Moderate Direct evidence

Includes extracted eval setup.

Quality Controls

missing

Not reported

Confidence: Low Not found

No explicit QC controls found.

Benchmarks / Datasets

missing

Not extracted

Confidence: Low Not found

No benchmark anchors detected.

Reported Metrics

missing

Not extracted

Confidence: Low Not found

No metric anchors detected.

Rater Population

missing

Unknown

Confidence: Low Not found

Rater source not explicitly reported.

Human Data Lens

Uses human feedback: Yes
Feedback types: Critique Edit
Rater population: Unknown
Unit of annotation: Unknown
Expertise required: General
Signal basis: Structured extraction plus abstract evidence.

Evaluation Lens

Evaluation modes: Automatic Metrics
Agentic eval: None
Quality controls: Not reported
Signal confidence: 0.65
Known cautions: None surfaced in extraction.

Protocol And Measurement Signals

Benchmarks / Datasets

No benchmark or dataset names were extracted from the available abstract.

Reported Metrics

No metric terms were extracted from the available abstract.

Research Brief

Metadata summary

Based on abstract + metadata only. Check the source paper before making high-confidence protocol decisions.

Key Takeaways

While defenses for structured PII are mature, Large Language Models (LLMs) pose a new threat: Semantic Sensitive Information (SemSI), where models infer sensitive identity attributes, generate reputation-harmful content, or hallucinate potentially wrong information.
The capacity of LLMs to self-regulate these complex, context-dependent sensitive information leaks without destroying utility remains an open scientific question.
To address this, we introduce SemSIEdit, an inference-time framework where an agentic "Editor" iteratively critiques and rewrites sensitive spans to preserve narrative flow rather than simply refusing to answer.

Researcher Actions

Compare this paper against nearby papers in the same arXiv category before using it for protocol decisions.
Check the full text for explicit evaluation design choices (raters, protocol, and metrics).
Use related-paper links to find stronger protocol-specific references.

Caveats

Generated from abstract + metadata only; no PDF parsing.
Signals below are heuristic and may miss details reported outside the abstract.

Recommended Queries

Research Summary

Contribution Summary

While defenses for structured PII are mature, Large Language Models (LLMs) pose a new threat: Semantic Sensitive Information (SemSI), where models infer sensitive identity attributes, generate reputation-harmful content, or hallucinate pote
The capacity of LLMs to self-regulate these complex, context-dependent sensitive information leaks without destroying utility remains an open scientific question.
To address this, we introduce SemSIEdit, an inference-time framework where an agentic "Editor" iteratively critiques and rewrites sensitive spans to preserve narrative flow rather than simply refusing to answer.

Why It Matters For Eval

To address this, we introduce SemSIEdit, an inference-time framework where an agentic "Editor" iteratively critiques and rewrites sensitive spans to preserve narrative flow rather than simply refusing to answer.
Our analysis reveals a Privacy-Utility Pareto Frontier, where this agentic rewriting reduces leakage by 34.6% across all three SemSI categories while incurring a marginal utility loss of 9.8%.

Researcher Checklist

Pass: Human feedback protocol is explicit

Detected: Critique Edit
Pass: Evaluation mode is explicit

Detected: Automatic Metrics
Gap: Quality control reporting appears

No calibration/adjudication/IAA control explicitly detected.
Gap: Benchmark or dataset anchors are present

No benchmark/dataset anchor extracted from abstract.
Gap: Metric reporting is present

No metric terms extracted.

Join the #1 Platform for AI Training Talent

Where top AI builders and expert AI Trainers connect to build the future of AI.

Self-Service

Post a Job

Post your project and get a shortlist of qualified AI Trainers and Data Labelers. Hire and manage your team in the tools you already use.

Create Account & Post a Job

Managed Service

For Large Projects

Done-for-You

We recruit, onboard, and manage a dedicated team inside your tools. End-to-end operations for large or complex projects.

Learn About Managed Service

For Freelancers

Join as an AI Trainer

Find AI training and data labeling projects across platforms, all in one place. One profile, one application process, more opportunities.

Join Now

Beyond Refusal: Probing the Limits of Agentic Self-Correction for Semantic Sensitive Information

How to use this paper page

Abstract

HFEPX Relevance Assessment

What This Page Found In The Paper

Human Feedback Types

Evaluation Modes

Quality Controls

Benchmarks / Datasets

Reported Metrics

Rater Population

Human Data Lens

Evaluation Lens

Protocol And Measurement Signals

Benchmarks / Datasets

Reported Metrics

Research Brief

Key Takeaways

Researcher Actions

Caveats

Recommended Queries

Research Summary

Contribution Summary

Why It Matters For Eval

Researcher Checklist

Related Papers

Join the #1 Platform for AI Training Talent