Automating R&D with AI agents is turning into an uncontrolled broadcast of corporate secrets to the open internet. According to a report by Alexander Gurung and Rafael Pardinas of ServiceNow, the so-called "mosaic effect" occurs when an agent, while solving complex multi-step tasks, blends private internal documents with external web queries. Each individual fragment in a search string might look harmless, but in aggregate, the outgoing traffic logs allow any outside observer to reconstruct the full picture of a sensitive project. If your agent is researching cloud migration and refines its search with details about "hitting the 70% mark by January 2025"—congratulations, figures that only existed in an internal report have just become the property of Google and anyone monitoring the channel.

ServiceNow's testing revealed a mocking performance paradox: the better an agent does its job, the higher the risk of a leak. Models are trained to be precise, and in their pursuit of relevance, they helpfully pull specific details from private context directly into search queries.

The MosaicLeaks benchmark showed that full information leakage occurs in 34% of cases. This is a clear diagnosis of the modern industry: for developers, privacy remains a tedious elective rather than a fundamental architectural constraint.

PA-DR: Security Baked into Decision Logic

As a "cure," researchers propose the Privacy-Aware Deep Research (PA-DR) method, based on reinforcement learning. This approach doesn't just slap a filter on top; it embeds security logic into the agent's decision-making process. According to ServiceNow, implementing PA-DR yielded the following results:

The success rate for complex tasks rose from 48.7% to 58.7%. Leakage rates dropped from a catastrophic 34.0% to a more manageable 9.9%. The system learned to achieve research goals without revealing "bridge entities"—the key details that link private context to the public world.

Bottom Line

Your research agents are likely leaking strategic intentions and company metrics with every search query. It is time to admit that external filters and "blacklists" are useless here—security must be embedded into the model weights during training. Until there is a shift to architectures like PA-DR, any agent with simultaneous access to your R&D archives and a browser remains a gaping hole in your security perimeter.

AI AgentsCybersecurityAI SafetyAI in BusinessServiceNow