Privacy Risks of Agentic Inferential Capabilities in Data Linkage Attacks

We present a systematic study and a benchmark of inference-driven linkage risk in LLM-based agents, where identities are reconstructed by aggregating fragmented, individually non-identifying signals. Historically, data linkage attacks required substantial domain expertise and bespoke feature engineering, but agentic reasoning can collapse this barrier, expanding privacy risk beyond memorization or direct leakage. We evaluate this risk across three settings: reproducing classical Netflix and AOL linkage attacks with agents, introducing a controlled de-anonymization benchmark that varies fingerprint structure and task intent, and analyzing real-world unstructured traces. Agents re-identify 79.2\% of users on the Netflix dataset (vs. 56.0\% for the classical heuristic), and on our benchmark, identity hypotheses emerge even under benign task framing and rise sharply under explicit re-identification requests. A privacy-aware system prompt can reduce leakage dramatically for some models (e.g., from 19/20 to 1/20 cases) but incurs utility loss, showing that mitigating inference-driven linkage often comes at a measurable utility cost.