How Well Can LLM Agents Simulate End-User Security and Privacy Attitudes and Behaviors?

TL;DR

This paper evaluates how well large language model (LLM) agents can simulate human attitudes and behaviors towards security and privacy threats, revealing significant gaps and potential for improvement in their alignment with real human responses.

Contribution

Introduces SP-ABCBench, a benchmark of 30 tests based on human studies, to measure LLMs' ability to simulate security and privacy attitudes and behaviors.

Findings

Models score 50-64 on average, indicating room for improvement.

Larger models do not consistently outperform smaller ones.

Certain configurations achieve high alignment, e.g., scores above 95 with specific prompting strategies.

Abstract

A growing body of research assumes that large language model (LLM) agents can serve as proxies for how people form attitudes toward and behave in response to security and privacy (S&P) threats. If correct, these simulations could offer a scalable way to forecast S&P risks in products prior to deployment. We interrogate this assumption using SP-ABCBench, a new benchmark of 30 tests derived from validated S&P human-subject studies, which measures alignment between simulations and human-subjects studies on a 0-100 ascending scale, where higher scores indicate better alignment across three dimensions: Attitude, Behavior, and Coherence. Evaluating twelve LLMs, four persona construction strategies, and two prompting methods, we found that there remains substantial room for improvement: all models score between 50 and 64 on average. Newer, bigger, and smarter models do not reliably do better and sometimes do worse. Some simulation configurations, however, do yield high alignment: e.g., with scores above 95 for some behavior tests when agents are prompted to apply bounded rationality and weigh privacy costs against perceived benefits. We release SP-ABCBench to enable reproducible evaluation as methods improve.