Interactive use of large language models (LLMs) exacerbates user privacy risks—particularly when cloud providers operate in jurisdictions with weak privacy regulations, stringent government surveillance, or inadequate data security practices—rendering client-side mitigations (e.g., “disable training”) insufficient for protecting sensitive information such as personally identifiable information (PII). To address this, we propose the “LLM Gatekeeper”: a lightweight, locally deployed model that performs real-time, fine-grained detection and filtering of sensitive content prior to input upload. This approach enables trustless, on-device privacy enforcement without relying on cloud provider integrity. To our knowledge, this is the first work to integrate a localized privacy gatekeeper into the LLM interaction pipeline while preserving response quality. Experiments demonstrate substantial improvements in privacy protection, zero degradation in output quality, and negligible computational overhead.

The interactive nature of Large Language Models (LLMs), which closely track user data and context, has prompted users to share personal and private information in unprecedented ways. Even when users opt out of allowing their data to be used for training, these privacy settings offer limited protection when LLM providers operate in jurisdictions with weak privacy laws, invasive government surveillance, or poor data security practices. In such cases, the risk of sensitive information, including Personally Identifiable Information (PII), being mishandled or exposed remains high. To address this, we propose the concept of an "LLM gatekeeper", a lightweight, locally run model that filters out sensitive information from user queries before they are sent to the potentially untrustworthy, though highly capable, cloud-based LLM. Through experiments with human subjects, we demonstrate that this dual-model approach introduces minimal overhead while significantly enhancing user privacy, without compromising the quality of LLM responses.