A System-Level Framework for Evaluating Privacy in Hybrid LLM Deployments

LLM privacy risks arise across different lifecycle stages and architectural boundaries, and existing protection mechanisms provide only partial coverage. This paper analyzes the main families of privacy-preserving approaches for LLM systems through a two-axis structure that crosses lifecycle stages with system architecture layers. Some safeguards are operationally mature; others, such as confidential computing, have moved into production practice; stronger cryptographic methods, while most promising in principle, remain research-heavy in practice. No single mechanism provides complete end-to-end protection: different methods protect different assets, operate at different lifecycle stages, span distinct system layers, and carry distinct trust, performance, and deployment trade-offs. Practical LLM privacy is therefore a problem of layered system design rather than the search for a universal primitive, and hybrid architectures are emerging as the most realistic deployable pattern. Building on this analysis, we propose a six-dimensional evaluation framework for privacy in hybrid LLM deployments (a 0–5 ordinal scoring rubric designed for reproducible application, with explicit anchor language and per-score evidence requirements) and apply it to five representative confidential AI deployments, deriving the scores in full for two of them. The framework feeds a three-tier gap-closure roadmap and design principles for architecture-time use, connecting what privacy technologies promise, what they actually protect, and what is realistically deployable in modern LLM systems.