Safe for Whom? Rethinking How We Evaluate the Safety of LLMs for Real Users

TL;DR

This study highlights the importance of incorporating user context in evaluating LLM safety, revealing that current methods may underestimate risks for vulnerable users and proposing a new context-aware evaluation approach.

Contribution

It introduces a methodology for assessing LLM safety with user-specific context, showing that context disclosure alone does not sufficiently improve safety evaluations for vulnerable populations.

Findings

Context-aware evaluations significantly alter safety ratings for vulnerable users.

Disclosing realistic user context does not necessarily improve safety assessment accuracy.

Effective safety evaluation requires diverse user profile considerations beyond context disclosure.

Abstract

Safety evaluations of large language models (LLMs) typically focus on universal risks like dangerous capabilities or undesirable propensities. However, millions use LLMs for personal advice on high-stakes topics like finance and health, where harms are context-dependent rather than universal. While frameworks like the OECD's AI classification recognize the need to assess individual risks, user-welfare safety evaluations remain underdeveloped. We argue that developing such evaluations is non-trivial due to fundamental questions about accounting for user context in evaluation design. In this exploratory study, we evaluated advice on finance and health from GPT-5, Claude Sonnet 4, and Gemini 2.5 Pro across user profiles of varying vulnerability. First, we demonstrate that evaluators must have access to rich user context: identical LLM responses were rated significantly safer by context-blind evaluators than by those aware of user circumstances, with safety scores for high-vulnerability users dropping from safe (5/7) to somewhat unsafe (3/7). One might assume this gap could be addressed by creating realistic user prompts containing key contextual information. However, our second study challenges this: we rerun the evaluation on prompts containing context users report they would disclose, finding no significant improvement. Our work establishes that effective user-welfare safety evaluation requires evaluators to assess responses against diverse user profiles, as realistic user context disclosure alone proves insufficient, particularly for vulnerable populations. By demonstrating a methodology for context-aware evaluation, this study provides both a starting point for such assessments and foundational evidence that evaluating individual welfare demands approaches distinct from existing universal-risk frameworks. We publish our code and dataset to aid future developments.