AI Agents Collaborate Without Sharing Data

In a world where data privacy is paramount, organizations often struggle to collaborate because they cannot share sensitive information. A new proof-of-concept demonstration reveals how artificial intelligence agents can work together across independent systems without ever exchanging raw data, using only natural-language messages and pseudonymous tokens. This approach, detailed in a recent paper, models a realistic scenario involving a clinic, an insurer, and a specialist network, showing that AI-driven coordination is possible even under strict data locality constraints. The system highlights a practical solution for industries like healthcare and finance, where regulatory and privacy concerns typically hinder seamless cooperation.

The researchers found that agents deployed on separate Orpius platforms can communicate effectively through concise natural-language summaries, avoiding the need for shared identifiers or structured schemas. In the prototype, the Clinic Agent generates a pseudonymous token using an HMAC-based computation to represent a patient without revealing identity, then sends a coverage inquiry to the Insurer Agent. The Insurer Agent matches this token to local enrollment data, checks coverage rules, and, if needed, consults the Specialist Agent for clinical appropriateness—all without transmitting any identifying information. This process enables a three-node distributed reasoning loop, as illustrated in Figure 2, where each agent operates solely on its local data, such as synthetic clinic records or insurance tables, ensuring no cross-entity access to internal records.

Ology relies on the Orpius platform, which provides node-level isolation, tool-calling orchestration, and a cross-node OperationRelay mechanism. Each organization runs its own Orpius node with isolated storage and secrets, enforcing strict data locality. Agents use tools like file access and the OperationRelay to interact, but all data remain local; for example, the Clinic Agent reads only its clinical_observations.csv file, while the Specialist Agent accesses only osteoarthritis guidance extracts. The system follows principles of data minimization and pseudonymous linking, where the Clinic computes a patient token via HMACSHA256 with a secret key, allowing the Insurer to link cases without re-identification. This architecture, shown in Figure 1, ensures that coordination occurs through natural-language messages rather than shared schemas, reducing coupling and preserving organizational autonomy.

From the prototype demonstrate that meaningful multi-step reasoning can occur without data sharing, as agents exchange only high-level clinical or administrative descriptors. In an example interaction flow, the Clinic Agent constructs a summary including symptoms like moderate knee pain and prior management, then sends it to the Insurer Agent, which evaluates coverage and may call the Specialist Agent for a recommendation. The Specialist Agent responds with appropriateness assessments based on local guidelines, such as whether conservative management is appropriate now, without ever receiving identifiers. The data shows that this approach supports federated decision support, where each organization contributes domain-specific reasoning while maintaining strict data separation, as formalized in the paper's mathematical model of cross-node information flow.

Of this work are significant for real-world applications where data cannot be pooled due to regulatory or operational constraints. By enabling AI agents to collaborate through natural language and pseudonymous tokens, the system offers a model for privacy-preserving coordination in healthcare, finance, and public services. It addresses a practical gap in existing multi-agent frameworks, which often assume shared environments, by demonstrating that interoperability is possible without centralization. This could lead to more secure and efficient inter-organizational workflows, though the paper emphasizes that the prototype is exploratory and not clinically validated.

However, the study acknowledges several limitations. The system lacks clinical validation, using only synthetic data and non-validated guideline extracts for illustrative purposes. No formal evaluation was conducted on accuracy, latency, cost, or robustness, with only manual test runs to verify functional behavior. The natural-language variability means system behavior depends on LLM phrasing, and the prototype does not assess security risks like adversarial attacks or identifier leakage. Additionally, the workflow is limited to coverage clarification, and more complex scenarios might reveal new constraints. Future work could involve expanded clinical scenarios, robust evaluation frameworks, and formal security analysis to enhance privacy guarantees and support distributed Orpius meshes.