[2603.18377] PlanTwin: Privacy-Preserving Planning Abstractions for Cloud-Assisted LLM Agents

Computer Science > Cryptography and Security arXiv:2603.18377 (cs) [Submitted on 19 Mar 2026 (v1), last revised 20 Mar 2026 (this version, v2)] Title:PlanTwin: Privacy-Preserving Planning Abstractions for Cloud-Assisted LLM Agents Authors:Guangsheng Yu, Qin Wang, Rui Lang, Shuai Su, Xu Wang View a PDF of the paper titled PlanTwin: Privacy-Preserving Planning Abstractions for Cloud-Assisted LLM Agents, by Guangsheng Yu and 4 other authors View PDF HTML (experimental) Abstract:Cloud-hosted large language models (LLMs) have become the de facto planners in agentic systems, coordinating tools and guiding execution over local environments. In many deployments, however, the environment being planned over is private, containing source code, files, credentials, and metadata that cannot be exposed to the cloud. Existing solutions address adjacent concerns, such as execution isolation, access control, or confidential inference, but they do not control what cloud planners observe during planning: within the permitted scope, \textit{raw environment state is still exposed}. We introduce PlanTwin, a privacy-preserving architecture for cloud-assisted planning without exposing raw local context. The key idea is to project the real environment into a \textit{planning-oriented digital twin}: a schema-constrained and de-identified abstract graph that preserves planning-relevant structure while removing reconstructable details. The cloud planner operates solely on this sanitized twin through a...