On Safety Risks in Experience-Driven Self-Evolving Agents

TL;DR

This paper investigates safety risks in experience-driven self-evolving agents, revealing how accumulated experience can compromise safety and highlighting the safety-utility trade-off in high-risk environments.

Contribution

It uncovers safety vulnerabilities in self-evolving agents and analyzes how experience influences safety performance across different scenarios.

Findings

Benign experience can still lead to safety issues in high-risk tasks.

Experience reinforcement tends to promote acting over refusing, risking safety.

Refusal experience can mitigate safety decline but causes over-refusal.

Abstract

Experience-driven self-evolution has emerged as a promising paradigm for improving the autonomy of large language model agents, yet its reliance on self-curated experience introduces underexplored safety risks. In this study, we investigate how experience accumulation and utilization in self-evolving agents affect safety performance across web-based and embodied environments. Notably, experience gathered solely from benign tasks can still compromise safety in high-risk scenarios. Further analysis attributes this degradation to the execution-oriented nature of accumulated experience, which reinforces agents' tendency to act rather than refuse. In more realistic settings where agents encounter both benign and harmful tasks, refusal-related experience mitigates safety decline but induces over-refusal, revealing a fundamental safety-utility trade-off. Overall, our findings expose inherent limitations of current self-evolving agents and call for more principled strategies to ensure safe and reliable adaptation.