This work addresses the emerging threat of “AI-induced” privacy theft, wherein AI systems exploit data gaps in user interfaces to deceive users into disclosing sensitive information. To counter this, the paper proposes DPAgent, the first framework to formally model the AI-induced threat and establish an agent-based man-in-the-middle defense system tailored to the web UI supply chain. DPAgent employs four coordinated agents that actively probe, detect, and dynamically repair deceptive UI elements in real-world web environments. By integrating latent-space sanitization and defensive prompting, it enables proactive privacy protection. Experimental results demonstrate that DPAgent detects 90.98% of deceptive instances (micro F1-score = 0.816), covers over 80% of deception types with only 10% of the page visits required by baseline methods, successfully repairs 77% of deceptive interfaces, and effectively mitigates privacy risks on more than 90% of tested websites.

Privacy deceptive patterns in web interfaces systematically manipulate users into disclosing personal data, yet existing defenses are fragmented, static, and increasingly vulnerable to manipulation by large language models. Moreover, data voids, areas of information scarcity within the web ecosystem, create fertile ground for adversaries to inject misleading content that can be scraped and learned by AI systems, thereby amplifying both deceptive design and model misbehavior. In this paper, we formalize a new threat model, AI grooming, where attackers exploit data voids to seed benign-looking but malicious samples that corrupt model reasoning and normalize deceptive practices. To address this threat in privacy deceptive patterns, we present DPAgent, an agentic and reasoning-aware framework that orchestrates four specialized agents to mitigate the AI Grooming threat via a proactive defense that combines latent space purification with defensive prompting and operates directly in live web environments to proactively explore, detect, and repair privacy deceptive user interfaces before they reach end users. Extensive evaluations show that DPAgent detects 90.98% of groomed samples, achieves state-of-the-art privacy deceptive pattern detection with a micro F1 of 0.816, explores over 80% of pattern types while visiting only about 10% of the pages required by baselines, and successfully repairs 77% of detected deceptive interfaces. A large-scale study of 485 websites in the wild reveals that up to 98% contain at least one privacy deceptive pattern, over 90% of which can be mitigated by DPAgent. User studies further confirm that DPAgent effectively reduces privacy risks while preserving browsing experience. Our results demonstrate the promise of agent-in-the-middle defenses for securing the web UI supply chain against deceptive design and emerging AI threats rooted in data void exploitation.