← Back to Library

From Biased Chatbots to Biased Agents: Examining Role Assignment Effects on LLM Agent Robustness

Authors: Linbo Cao, Lihao Sun, Yang Yue

Published: 2026-01-21

arXiv ID: 2602.12285v1

Added to Library: 2026-02-16 03:00 UTC

πŸ“„ Abstract

Large Language Models (LLMs) are increasingly deployed as autonomous agents capable of actions with real-world impacts beyond text generation. While persona-induced biases in text generation are well documented, their effects on agent task performance remain largely unexplored, even though such effects pose more direct operational risks. In this work, we present the first systematic case study showing that demographic-based persona assignments can alter LLM agents' behavior and degrade performance across diverse domains. Evaluating widely deployed models on agentic benchmarks spanning strategic reasoning, planning, and technical operations, we uncover substantial performance variations - up to 26.2% degradation, driven by task-irrelevant persona cues. These shifts appear across task types and model architectures, indicating that persona conditioning and simple prompt injections can distort an agent's decision-making reliability. Our findings reveal an overlooked vulnerability in current LLM agentic systems: persona assignments can introduce implicit biases and increase behavioral volatility, raising concerns for the safe and robust deployment of LLM agents.

πŸ” Key Points

  • Introduction of Context-Conditioned Delta Steering (CC-Delta) that uses Sparse Autoencoders (SAEs) to effectively mitigate jailbreak attacks on large language models.
  • CC-Delta demonstrates improved safety-utility trade-offs when compared to existing baseline defenses operating in dense latent space, outperforming dense activation steering methods especially on out-of-distribution attacks.
  • A novel statistical feature selection method identifies jailbreak-relevant features by analyzing changes in token-level representations without needing model generations for training.
  • Experimental results across multiple instruction-tuned models show that CC-Delta provides superior generalization against unseen jailbreak attack types, indicating more robust defense mechanisms.
  • The research highlights the potential of off-the-shelf SAEs trained for interpretability in practical jailbreak defense applications.

πŸ’‘ Why This Paper Matters

This paper presents a significant advancement in the field of AI safety by introducing a novel method (CC-Delta) for mitigating jailbreak attacks on large language models. The findings indicate that steering mechanisms operating in sparse latent spaces can achieve better performance and more robust defenses compared to traditional methods. Such advancements are crucial as AI models become increasingly adopted in sensitive applications, emphasizing the importance of maintaining safety and utility in their operations.

🎯 Why It's Interesting for AI Security Researchers

This paper is of great interest to AI security researchers because it addresses a critical vulnerability in large language modelsβ€”the potential for malicious jailbreak attacks. By proposing a novel defense mechanism using SAEs, it provides a new approach to enhance the safety of AI systems in real-world applications. The implications of better safety-utility trade-offs are vital for researchers who are looking to develop more resilient AI systems and to explore the effectiveness of sparse representations in adversarial conditions.

πŸ“š Read the Full Paper

πŸ“„ View on arXiv πŸ“Ž Download PDF