@inproceedings{hemmat-etal-2025-vague,
    title = "{VAGUE}{-}{G}ate: {P}lug{-}and{-}{P}lay {L}ocal{-}{P}rivacy Shield for {R}etrieval{-}{A}ugmented Generation",
    author = "Hemmat, Arshia  and
      Moqadas, Matin  and
      Mamanpoosh, Ali  and
      Rismanchian, Amirmasoud  and
      Fatemi, Afsaneh",
    editor = "Inui, Kentaro  and
      Sakti, Sakriani  and
      Wang, Haofen  and
      Wong, Derek F.  and
      Bhattacharyya, Pushpak  and
      Banerjee, Biplab  and
      Ekbal, Asif  and
      Chakraborty, Tanmoy  and
      Singh, Dhirendra Pratap",
    booktitle = "Proceedings of the 14th International Joint Conference on Natural Language Processing and the 4th Conference of the Asia-Pacific Chapter of the Association for Computational Linguistics",
    month = dec,
    year = "2025",
    address = "Mumbai, India",
    publisher = "The Asian Federation of Natural Language Processing and The Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/ingest-ijcnlp-aacl/2025.ijcnlp-long.194/",
    pages = "3715--3730",
    ISBN = "979-8-89176-298-5",
    abstract = "Retrieval-augmented generation (RAG) still *forwards* raw passages to large-language models, so private facts slip through. Prior defenses are either (i) **heavyweight**{---}full DP training that is impractical for today{'}s 70B-parameter models{---}or (ii) **over-zealous**{---}blanket redaction of every named entity, which slashes answer quality.We introduce **VAGUE-Gate**, a lightweight, *locally* differentially-private gate deployable in front of *any* RAG system. A precision pass drops low-utility tokens under a user budget {\ensuremath{\varepsilon}}, then up to k({\ensuremath{\varepsilon}}) high-temperature paraphrase passes further cloud residual cues; post-processing guarantees preserve the same {\ensuremath{\varepsilon}}-LDP bound.To measure both privacy and utility, we release **BlendPriv** (3k blended-sensitivity QA pairs) and two new metrics: a lexical Information-Leakage Score and an LLM-as-Judge score. Across eight pipelines and four SOTA LLMs, **VAGUE-Gate** at {\ensuremath{\varepsilon}} = 0.3 lowers lexical leakage by **70{\%}** and semantic leakage by **1.8** points (1{--}5 scale) while retaining **91{\%}** of Plain-RAG faithfulness with only a **240 ms** latency overhead.All code, data, and prompts are publicly released:- Code: {\ensuremath{<}} https://github.com/arshiahemmat/LDP{\_}RAG {\ensuremath{>}} - Dataset: {\ensuremath{<}}https://huggingface.co/datasets/AliMnp/BlendPriv{\ensuremath{>}}"
}