MPCI-Bench：评估视觉语言模型智能体的情境完整性新基准

MPCI-Bench is a multimodal benchmark designed to assess the contextual integrity of Visual Language Model (VLM) agents. It uses a pairwise contrast method to test models' ability to judge appropriate information transmission across different contexts, addressing the limitations of traditional binary privacy assessment approaches. This benchmark is based on Helen Nissenbaum's Contextual Integrity theory and covers multiple evaluation tasks to comprehensively measure privacy perception in VLMs.

With the rapid development of large language models and multimodal agents, privacy protection issues have become increasingly prominent. Traditional privacy assessment methods treat privacy as a binary attribute (either private or not), ignoring its highly contextual nature—same information may be appropriate in one context but not another. Helen Nissenbaum's 2004 Contextual Integrity theory provides a finer framework, stating that information flow appropriateness depends on compliance with the norms of the original data sharing context. MPCI-Bench is designed based on this theory to evaluate VLM agents' privacy awareness.

Unlike existing privacy benchmarks, MPCI-Bench adopts a pairwise contrast design. Instead of asking if information is private, it challenges models to distinguish between appropriate and inappropriate information transmission in highly similar contexts with the same sensitive data. This design controls confounding variables, allowing precise measurement of models' understanding of contextual norms rather than general language or common sense reasoning.

MPCI-Bench contains 2,052 carefully designed test cases (1,026 matched positive/negative pairs). Each case includes:

1. Context Seed: Abstract parameters like sender, subject, receiver, data type, transmission method, principles, and application domain, covering various daily privacy scenarios.
2. Concrete Narrative: Natural language story derived from seed parameters (e.g., medical info sharing between patients, doctors, or insurers).
3. Agent Trace: User instructions, tool lists, ReAct-style tool calls, and target final action type, simulating real agent decision processes.
4. Image Metadata: Image paths from VISPR dataset and sensitivity labels, introducing visual privacy assessment.

MPCI-Bench includes five complementary tasks:

1. CI Probing: Judge if information transmission in a context is appropriate (Yes/No), evaluated by overall accuracy and layered performance.
2. Sensitive Grounding: Identify sensitive regions in images (list VISPR labels), evaluated by case accuracy and label recall.
3. Sensitive Sharing: Binary classification of whether sharing an image in a context involves sensitive info (cross-modal privacy test).
4. Final-Action Generation: Generate executable final actions for agents, evaluated via structured output comparison.
5. Leakage Judging: Analyze if agent traces have info leaks (score text/image leakage and usefulness), simulating post-audit scenarios.

MPCI-Bench uses Python 3.10+ and supports installation via uv/pip. For API-based models (e.g., GPT-4o, GPT-5), configure Azure OpenAI or compatible endpoints; local models can integrate via vLLM. Key commands:

• Validate dataset: python -m mpci_bench.validate
• Run action generation evaluation: python evaluate.py action --model gpt-5.4 --output eval/action/gpt-5.4.csv
• Run leakage evaluation: python evaluate.py leakage --action-path eval/action/gpt-5.4.csv --judge gpt-5.4 --output eval/leakage/gpt-5.4.json A stable data loading interface (mpci_bench.data) is provided to avoid compatibility issues from hard-coded fields.

MPCI-Bench has several limitations:

1. Focuses on contextual integrity behavior, not general privacy knowledge or de-anonymization (cannot replace full privacy assessment).
2. Inherits biases from VISPR/Flickr Creative Commons image data and synthetic narratives/traces.
3. Simulated agent traces may not reflect real production complexity. Ethically: It does not include real private data (emails, Slack messages, etc.) and should only be used for evaluation/audit, not training privacy-violating systems.

MPCI-Bench provides a critical tool for evaluating VLM agents' privacy. Understanding contextual integrity is key to trustworthy AI as agents become more prevalent. It helps identify model privacy blind spots and guides next-gen context-aware agents. Future work can expand to more modalities (audio/video), complex multi-round interactions, and cross-cultural contextual norm studies—especially valuable for sensitive domains like healthcare, finance, and education.