Weixiang Zhao, Yichen Zhang, Yingshuo Wang, Yang Deng, Yanyan Zhao, Xuda Zhi, Yongbo Huang, Hao He, Wanxiang Che, Bing Qin, Ting Liu
| Challenge: | Experience-driven self-evolution has emerged as a promising paradigm for improving the autonomy of large language model agents, yet its reliance on self-curated experience introduces underexplored safety risks. |
| Approach: | They investigate how experience accumulation and utilization in self-evolving agents affect safety performance across web-based and embodied environments. |
| Outcome: | The findings expose inherent limitations of current self-evolving agents and call for more principled strategies to ensure safe and reliable adaptation. |
Similar Papers
AgenticEval: Toward Agentic and Self-Evolving Safety Evaluation of Large Language Models (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing static safety evaluation methods are ill-equipped to address dynamic nature of AI risks and evolving regulations, creating a critical safety gap. |
| Approach: | They propose a new paradigm of agentic safety evaluation reframing evaluation as a continuous and self-evolving process rather than a one-time audit. |
| Outcome: | The proposed framework shows a consistent decline in model safety as the evaluation hardens. |
PerMemSafe: Benchmarking Implicit Personalized Safety of Long Horizon Self-Evolving Agents (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing self-evolving agents have a low safety rate in long-horizon interactions . however, this reliance on context-independent safety evaluations is insufficient . |
| Approach: | They propose a framework that explicitly models personalized risk inference and memory evolution. |
| Outcome: | The proposed framework improves implicit personalized safety by 23.8% over prior frameworks while maintaining helpfulness in long-horizon interactions. |
When Personalization Legitimizes Risks: Uncovering Safety Vulnerabilities in Personalized Dialogue Agents (2026.acl-long)
Copied to clipboard
Jiahe Guo, Xiangran Guo, Yulin Hu, Zimo Long, Xingyu Sui, Xuda Zhi, Yongbo Huang, Hao He, Weixiang Zhao, Yanyan Zhao, Bing Qin
| Challenge: | Existing research on personalized LLM agents focuses on the effectiveness of personalized responses. |
| Approach: | They propose a benchmark to quantify intent legitimation in personalized interactions . they propose 'detection-reflection' method that detects intent legititimation from internal representation space . |
| Outcome: | The proposed method reduces safety degradation by using internal representation space. |
JARVIS or Ultron? A Survey on the Safety and Security Threats of Computer-Using Agents (2026.acl-long)
Copied to clipboard
Ada Chen, Yongjiang Wu, Junyuan Zhang, Jingyu Xiao, Shu Yang, Jen-tse Huang, Kun Wang, Wenxuan Wang, Shuai Wang
| Challenge: | Recent advances in computer-using agents have created new safety and security risks . despite the impressive capabilities of CUAs, there are still significant security risks. |
| Approach: | They propose a systematization of knowledge on the safety and security threats of Computer-Using Agents. |
| Outcome: | The proposed framework provides a framework for assessing the safety and security risks of computer-using agents. |
SafeAgent: Safeguarding LLM Agents via an Automated Risk Simulator (2026.acl-long)
Copied to clipboard
Xueyang Zhou, Weidong Wang, Lin Lu, Jiawen Shi, Guiyao Tie, Xu Yongtian, Lixing Chen, Pan Zhou, Neil Zhenqiang Gong, Lichao Sun
| Challenge: | SafeAgent improves agent safety through fully automated synthetic data generation. |
| Approach: | They propose a framework that improves agent safety through fully automated synthetic data generation. |
| Outcome: | The proposed framework outperforms closed-source models on two safety benchmarks and one real-world task. |
A Self-Evolving LLM Agent Framework for Role-Based Norm Compliance in Healthcare (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing systems treat roles as static prompts and rely on one-shot safety filters . a self-evolving LLM agent is proposed that learns from role-based social experience . |
| Approach: | They propose a self-evolving LLM agent that learns from role-based social experience and explicitly models communicator-level individual traits informed by prior communication questionnaires and clinical literature. |
| Outcome: | The proposed agent learns from role-based social experience and models communicator-level individual traits informed by prior communication questionnaires and clinical literature. |
Is Safety Standard Same for Everyone? User-Specific Safety Evaluation of Large Language Models (2025.findings-emnlp)
Copied to clipboard
Yeonjun In, Wonjoong Kim, Kanghoon Yoon, Sungchul Kim, Mehrab Tanjim, Sangwu Park, Kibum Kim, Chanyoung Park
| Challenge: | Extensive benchmarks evaluate LLM safety relying heavily on general standards . no benchmark datasets exist to evaluate the user-specific safety of LLMs . |
| Approach: | a new benchmark is designed to assess user-specific aspect of LLM safety . authors propose a simple remedy based on chain-of-thought to improve user-specified safety. |
| Outcome: | a new benchmark assesses the user-specific aspect of LLM safety . the proposed solution improves user-specified safety by chain-of-thought . |
ReCreate: Reasoning and Creating Domain Agents Driven by Experience (2026.acl-long)
Copied to clipboard
Zhezheng Hao, Hong Wang, Jian Luo, Jianqing Zhang, Yuyan Zhou, Qiang Lin, Can Wang, Hande Dong, Jiawei Chen
| Challenge: | Large Language Model (LLM) agents are reshaping the industrial landscape, but tasks differ widely, making them labor-intensive to build. |
| Approach: | They propose an experience-driven framework for the automatic creation of domain agents . they leverage agent interaction histories to provide rich concrete signals on success or failure . |
| Outcome: | The proposed framework outperforms human-designed agents and existing methods in experiments across diverse domains. |
Breaking Agents: Compromising Autonomous LLM Agents Through Malfunction Amplification (2025.emnlp-main)
Copied to clipboard
| Challenge: | Recent advances in large language models (LLMs) have increased the vulnerability of LLMs, but they can cause more severe damage than standalone systems if compromised. |
| Approach: | They propose a new type of attack that induces malfunctions by misleading the agent into executing repetitive or irrelevant actions. |
| Outcome: | The proposed attacks induce failure rates exceeding 80% in multiple scenarios, highlighting the substantial risks associated with this vulnerability. |
Towards large language model-based personal agents in the enterprise: Current trends and open problems (2023.findings-emnlp)
Copied to clipboard
Vinod Muthusamy, Yara Rizk, Kiran Kate, Praveen Venkateswaran, Vatche Isahagian, Ashu Gulati, Parijat Dube
| Challenge: | Existing large language models (LLMs) are brittle to input changes and can produce inconsistent results for the same inputs. |
| Approach: | They propose to use large language models to reason about complex goals and orchestrate a set of pluggable tools or APIs to accomplish a goal. |
| Outcome: | The proposed use cases have many open problems in an exciting area of NLP research, such as trust and explainability, consistency and reproducibility, and the need for new metrics and benchmarks. |