This work addresses the lack of effective defenses against novel social engineering attacks in augmented reality–large language model (AR-LLM) integrated systems by proposing, for the first time, a cross-layer collaborative defense framework. The framework holistically integrates identity-aware access control at the AR endpoint, a selective forgetting mechanism for large models based on F-RMU, and runtime agent interaction guardrails. Moving beyond conventional privacy-preserving paradigms, it establishes end-to-end protection spanning devices, models, and interactive behaviors. Evaluation through an IRB-approved user study involving 60 participants and a dataset of 360 annotated dialogues demonstrates that the proposed approach significantly suppresses the generation of sensitive user profiles and effectively disrupts the social engineering attack chain.

Emerging AR-LLM-based Social Engineering attack (e.g., SEAR) is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR (Augmented Reality) glass to capture the image and vocal information of the target, using the LLM to identify the target and generate the social profile, using the LLM agents to apply social engineering strategies for conversation suggestion to win the target trust and perform phishing afterwards. Current defensive approaches, such as role-based access control or data flow tracking, are not directly applicable to the convergent AR-LLM ecosystem (considering embedded AR device and opaque LLM inference), leaving an emerging and potent social engineering threat that existing privacy paradigms are ill-equipped to address. This necessitates a shift beyond solely human-centric measures like legislation and user education toward enforceable vendor policies and platform-level restrictions. Realizing this vision, however, faces significant technical challenges: securing resource-constrained AR-embedded devices, implementing fine-grained access control within opaque LLM inferences, and governing adaptive interactive agents. To address these challenges, we present UNSEEN, a coordinated cross-stack defense that combines an AR ACL (Access Control Layer) for identity-gated sensing, F-RMU-based LLM unlearning for sensitive profile suppression, and runtime agent guardrails for adaptive interaction control. We evaluate UNSEEN in an IRB-approved user study with 60 participants and a dataset of 360 annotated conversations across realistic social scenarios.