Challenge: Experience-driven self-evolution has emerged as a promising paradigm for improving the autonomy of large language model agents, yet its reliance on self-curated experience introduces underexplored safety risks.
Approach: They investigate how experience accumulation and utilization in self-evolving agents affect safety performance across web-based and embodied environments.
Outcome: The findings expose inherent limitations of current self-evolving agents and call for more principled strategies to ensure safe and reliable adaptation.

Similar Papers

AgenticEval: Toward Agentic and Self-Evolving Safety Evaluation of Large Language Models (2026.findings-acl)

Copied to clipboard

Challenge: Existing static safety evaluation methods are ill-equipped to address dynamic nature of AI risks and evolving regulations, creating a critical safety gap.
Approach: They propose a new paradigm of agentic safety evaluation reframing evaluation as a continuous and self-evolving process rather than a one-time audit.
Outcome: The proposed framework shows a consistent decline in model safety as the evaluation hardens.
PerMemSafe: Benchmarking Implicit Personalized Safety of Long Horizon Self-Evolving Agents (2026.findings-acl)

Copied to clipboard

Challenge: Existing self-evolving agents have a low safety rate in long-horizon interactions . however, this reliance on context-independent safety evaluations is insufficient .
Approach: They propose a framework that explicitly models personalized risk inference and memory evolution.
Outcome: The proposed framework improves implicit personalized safety by 23.8% over prior frameworks while maintaining helpfulness in long-horizon interactions.
When Personalization Legitimizes Risks: Uncovering Safety Vulnerabilities in Personalized Dialogue Agents (2026.acl-long)

Copied to clipboard

Challenge: Existing research on personalized LLM agents focuses on the effectiveness of personalized responses.
Approach: They propose a benchmark to quantify intent legitimation in personalized interactions . they propose 'detection-reflection' method that detects intent legititimation from internal representation space .
Outcome: The proposed method reduces safety degradation by using internal representation space.
JARVIS or Ultron? A Survey on the Safety and Security Threats of Computer-Using Agents (2026.acl-long)

Copied to clipboard

Challenge: Recent advances in computer-using agents have created new safety and security risks . despite the impressive capabilities of CUAs, there are still significant security risks.
Approach: They propose a systematization of knowledge on the safety and security threats of Computer-Using Agents.
Outcome: The proposed framework provides a framework for assessing the safety and security risks of computer-using agents.
SafeAgent: Safeguarding LLM Agents via an Automated Risk Simulator (2026.acl-long)

Copied to clipboard

Challenge: SafeAgent improves agent safety through fully automated synthetic data generation.
Approach: They propose a framework that improves agent safety through fully automated synthetic data generation.
Outcome: The proposed framework outperforms closed-source models on two safety benchmarks and one real-world task.
A Self-Evolving LLM Agent Framework for Role-Based Norm Compliance in Healthcare (2026.findings-acl)

Copied to clipboard

Challenge: Existing systems treat roles as static prompts and rely on one-shot safety filters . a self-evolving LLM agent is proposed that learns from role-based social experience .
Approach: They propose a self-evolving LLM agent that learns from role-based social experience and explicitly models communicator-level individual traits informed by prior communication questionnaires and clinical literature.
Outcome: The proposed agent learns from role-based social experience and models communicator-level individual traits informed by prior communication questionnaires and clinical literature.
Is Safety Standard Same for Everyone? User-Specific Safety Evaluation of Large Language Models (2025.findings-emnlp)

Copied to clipboard

Challenge: Extensive benchmarks evaluate LLM safety relying heavily on general standards . no benchmark datasets exist to evaluate the user-specific safety of LLMs .
Approach: a new benchmark is designed to assess user-specific aspect of LLM safety . authors propose a simple remedy based on chain-of-thought to improve user-specified safety.
Outcome: a new benchmark assesses the user-specific aspect of LLM safety . the proposed solution improves user-specified safety by chain-of-thought .
ReCreate: Reasoning and Creating Domain Agents Driven by Experience (2026.acl-long)

Copied to clipboard

Challenge: Large Language Model (LLM) agents are reshaping the industrial landscape, but tasks differ widely, making them labor-intensive to build.
Approach: They propose an experience-driven framework for the automatic creation of domain agents . they leverage agent interaction histories to provide rich concrete signals on success or failure .
Outcome: The proposed framework outperforms human-designed agents and existing methods in experiments across diverse domains.
Breaking Agents: Compromising Autonomous LLM Agents Through Malfunction Amplification (2025.emnlp-main)

Copied to clipboard

Challenge: Recent advances in large language models (LLMs) have increased the vulnerability of LLMs, but they can cause more severe damage than standalone systems if compromised.
Approach: They propose a new type of attack that induces malfunctions by misleading the agent into executing repetitive or irrelevant actions.
Outcome: The proposed attacks induce failure rates exceeding 80% in multiple scenarios, highlighting the substantial risks associated with this vulnerability.
Towards large language model-based personal agents in the enterprise: Current trends and open problems (2023.findings-emnlp)

Copied to clipboard

Challenge: Existing large language models (LLMs) are brittle to input changes and can produce inconsistent results for the same inputs.
Approach: They propose to use large language models to reason about complex goals and orchestrate a set of pluggable tools or APIs to accomplish a goal.
Outcome: The proposed use cases have many open problems in an exciting area of NLP research, such as trust and explainability, consistency and reproducibility, and the need for new metrics and benchmarks.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations