Beyond Generic Safety: Why AI Advice Needs a Human Touch

by

Author: Denis Avetisyan

New research reveals that assessing the safety of large language model advice requires understanding the individual user and their unique vulnerabilities.

Large language models, when offering advice, present variable risks to users based on individual circumstances and vulnerabilities, necessitating careful evaluation and preventative measures to mitigate potential harm.
Large language models, when offering advice, present variable risks to users based on individual circumstances and vulnerabilities, necessitating careful evaluation and preventative measures to mitigate potential harm.

Current evaluations of large language model safety fail to account for context-aware harms and vulnerability stratification, creating significant risks to user welfare.

While large language models (LLMs) are increasingly deployed to offer personalized advice, current safety evaluations largely overlook the critical role of individual user context and vulnerability. This paper, ‘Challenges of Evaluating LLM Safety for User Welfare’, investigates this gap by assessing the advice given by leading LLMs-GPT-5, Claude Sonnet, and Gemini-across diverse user profiles in sensitive domains like finance and health. Our findings reveal a significant discrepancy in safety ratings depending on evaluator access to user context, and surprisingly, realistic user prompts alone are insufficient to bridge this gap, particularly for vulnerable individuals. This raises a fundamental question: how can we develop robust safety evaluations that move beyond universal risk assessments to effectively protect user welfare in the age of personalized AI?

The Illusion of Safety: LLMs and the Widening Gap

The proliferation of Large Language Models (LLMs) extends far beyond simple text generation, with these systems now actively integrated into scenarios demanding significant responsibility. Individuals are increasingly turning to LLMs for guidance on crucial life decisions, encompassing areas like financial planning, healthcare advice, and even legal interpretations. This trend represents a fundamental shift in how information is accessed and utilized, as LLMs are positioned not merely as data providers, but as active advisors. Consequently, the potential impact of flawed or biased outputs is magnified, demanding careful consideration of the ethical and practical implications as LLMs become deeply embedded in high-stakes contexts. The accessibility and persuasive nature of these models further amplify the need for robust safety measures and transparent performance evaluations.

Current safety evaluations of Large Language Models frequently prioritize broadly defined, universal risks, overlooking the critical influence of individual user vulnerabilities and specific contextual factors. This approach assumes a one-size-fits-all standard, failing to recognize that the same LLM response can be harmless to one user yet deeply damaging to another, depending on their personal circumstances or the situation in which the advice is given. For example, a suggestion regarding financial investment might be reasonable for a seasoned investor but catastrophic for someone facing economic hardship. Consequently, these generalized assessments often provide a misleadingly optimistic picture of LLM safety, neglecting the potential for disproportionate harm to vulnerable populations and failing to capture the nuanced ways in which context can exacerbate risks.

Evaluations of Large Language Models (LLMs) often fail to capture the true extent of potential harm, creating a significant safety gap particularly for individuals facing heightened vulnerabilities. Recent studies reveal a notable disparity in safety scores – a full 2-point difference – when comparing context-blind evaluations, which assess LLM responses in isolation, to context-aware assessments that consider the user’s specific circumstances. This suggests that universal safety benchmarks are inadequate, as they overlook how the same LLM response can be benign for some and detrimental for others. Consequently, a more nuanced approach to LLM safety is essential, one that incorporates user-specific vulnerabilities and the broader contextual factors influencing potential harm, to ensure responsible deployment and mitigate risks effectively.

A safety assessment of large language model responses using Reddit-inspired user prompts demonstrates the impact of incorporating user vulnerability profiles-created by domain professionals-compared to context-blind evaluation.
A safety assessment of large language model responses using Reddit-inspired user prompts demonstrates the impact of incorporating user vulnerability profiles-created by domain professionals-compared to context-blind evaluation.

Beyond Checkboxes: A Context-Aware Approach to LLM Safety

Vulnerability stratification involves the categorization of users based on factors indicating their susceptibility to harm from large language model (LLM) outputs. This categorization considers attributes such as age, emotional state, pre-existing beliefs, and access to support resources. By identifying user groups with heightened vulnerability, safety evaluations can be targeted to assess the potential for negative impacts – including misinformation, harmful advice, or emotional distress – with greater precision. This approach moves beyond universal safety metrics and enables the development of LLM safeguards tailored to the specific risks faced by different user demographics, forming the basis for more effective and responsible AI deployment.

Context-aware evaluation of Large Language Models (LLMs) moves beyond uniform safety assessments by incorporating user-specific characteristics into the evaluation process. This approach utilizes vulnerability stratification – categorizing users based on their susceptibility to harm – to tailor safety assessments to individual risk profiles. By considering factors such as age, emotional state, or pre-existing beliefs, the evaluation can generate more relevant safety signals, identifying potentially harmful responses that might be overlooked in a context-blind evaluation. This targeted approach allows for a more nuanced understanding of LLM safety, focusing on the potential for real-world harm to specific user groups.

Research indicates that utilizing context-aware evaluation methods for Large Language Models (LLMs) produces significantly lower safety scores for high-vulnerability user groups. Specifically, LLM responses assessed with context-aware evaluation averaged a score of 3 out of 7, compared to 5 out of 7 when evaluated without consideration of user context – a context-blind approach. This data demonstrates that standard, context-blind safety evaluations can overestimate the safety of LLM outputs for users identified as more susceptible to harm, emphasizing the necessity of personalized assessment strategies to accurately gauge and improve LLM safety performance across diverse user demographics.

Leveraging Large Language Models (LLMs) as evaluators – termed LLM-as-Judge – provides a potentially scalable solution for complex safety assessments, overcoming the limitations of manual review processes. However, the efficacy of LLM-as-Judge is critically dependent on prompt engineering; prompts must be carefully constructed to mitigate inherent biases within the LLM and ensure consistent, objective evaluations. Insufficiently refined prompts can lead to skewed safety scores, inaccurate identification of harmful content, or inconsistent application of safety guidelines. Therefore, robust prompt design, including clear definitions of harm, specific evaluation criteria, and strategies for bias reduction, is essential for reliable and scalable context-aware safety evaluations using LLM-as-Judge.

Context-aware large language models consistently achieve higher safety scores than context-blind models across both health and financial advice domains, with performance stratified by the severity of identified vulnerabilities, as indicated by standard error bars.
Context-aware large language models consistently achieve higher safety scores than context-blind models across both health and financial advice domains, with performance stratified by the severity of identified vulnerabilities, as indicated by standard error bars.

Beyond Testing: Validating LLM Safety in the Real World

Both context-aware and context-blind evaluations contribute unique value to safety validation, necessitating their integration within comprehensive risk assessment frameworks. Context-aware evaluations examine system behavior given specific user inputs and environmental conditions, identifying harms that manifest in defined scenarios. Conversely, context-blind evaluations assess inherent system vulnerabilities irrespective of input, revealing potential harms across all possible states. Effective risk assessment leverages both approaches to stratify potential harms by likelihood and severity, enabling prioritization of mitigation strategies. This integrated methodology moves beyond identifying isolated vulnerabilities to provide a holistic understanding of systemic risks and facilitates the development of robust safeguards against a broader range of potential harms.

Standard safety evaluations often focus on anticipated failure modes; however, Red-Teaming, combined with analyses of Deception, Sycophancy, and Bias, provides a more comprehensive approach to vulnerability discovery. Red-Teaming involves employing adversarial actors to actively probe the system for weaknesses, simulating real-world attacks. Analyses of Deception assess the model’s tendency to generate misleading information, while Sycophancy examines its inclination to agree with user prompts regardless of their veracity. Bias analysis identifies and quantifies systemic prejudices present in model outputs. Integrating these methods extends safety evaluation beyond simple error rate measurement, uncovering subtle vulnerabilities and complex interactions that might otherwise remain undetected, ultimately improving the robustness and reliability of the system.

Demographic-Aware Fairness Auditing builds upon vulnerability stratification by systematically evaluating model performance across defined demographic groups. This process involves assessing key metrics – such as accuracy, precision, recall, and false positive/negative rates – for each group to identify and mitigate disparities. Disparities indicate that the model may not generalize equitably, potentially leading to discriminatory outcomes or reduced utility for certain user populations. Auditing frameworks often employ statistical tests to determine the significance of observed performance differences and establish thresholds for acceptable variation, ensuring that no subgroup experiences substantially lower performance than others. This complements vulnerability stratification, which identifies which groups are most susceptible to harm, by quantifying how those harms manifest as performance inequities.

Analysis of ranked context factors derived from relevance-ordered and likelihood-ordered disclosures revealed a mean intersection of 4.50. This indicates a substantial degree of alignment in the identification of critical user context across both evaluation methodologies. Specifically, approximately 4.5 of the top-ranked contextual elements were consistently identified as important regardless of whether the assessment prioritized relevance to the task or the likelihood of impacting safety. This suggests a core set of contextual factors are consistently deemed crucial for responsible AI system behavior and warrants focused attention in safety evaluations.

Context-aware safety scores consistently outperform context-blind approaches across varying numbers of context factors and user vulnerability levels when prompting Gemini 2.5 Pro for both health and financial advice.
Context-aware safety scores consistently outperform context-blind approaches across varying numbers of context factors and user vulnerability levels when prompting Gemini 2.5 Pro for both health and financial advice.

The Regulatory Landscape and the Future of Responsible AI

Recent international regulatory efforts, notably the European Union’s AI Act and the Organisation for Economic Co-operation and Development’s AI Classification, converge on a fundamental tenet: prioritizing user well-being as central to artificial intelligence safety. These frameworks move beyond purely technical evaluations, instead demanding that AI systems be designed and deployed with a keen understanding of their potential impact on individuals and society. This user-centric approach, often referred to as User Welfare Safety, necessitates considering factors like fairness, transparency, and accountability throughout the entire AI lifecycle. By emphasizing the human element, these regulations aim to foster trust and ensure that AI technologies genuinely benefit those they are intended to serve, rather than creating unintended harms or exacerbating existing inequalities. The frameworks promote a proactive stance, shifting the focus from reactive damage control to preventative safety measures that safeguard user interests from the outset.

The National Institute of Standards and Technology (NIST) AI Risk Management Framework moves beyond purely technical assessments of artificial intelligence, advocating for comprehensive socio-technical evaluations. This approach acknowledges that the safety and responsible deployment of AI systems are inextricably linked to the social contexts in which they operate. A system might perform flawlessly in controlled testing, yet introduce unforeseen risks when interacting with diverse user groups, existing societal biases, or complex real-world scenarios. Consequently, the framework emphasizes analyzing not only the algorithms and data, but also the potential impacts on individuals, communities, and broader societal values. This holistic perspective necessitates interdisciplinary collaboration, incorporating expertise from fields such as sociology, ethics, and law to identify and mitigate risks that purely technical evaluations would overlook, ultimately fostering more trustworthy and beneficial AI systems.

The rapid advancement of large language models necessitates a proactive and adaptive approach to safety evaluation. Simply meeting baseline standards is insufficient; continued refinement of evaluation methodologies – informed by frameworks like the EU AI Act, OECD AI Classification, and NIST AI Risk Management Framework – is vital for building public trust and encouraging responsible innovation. These frameworks emphasize holistic assessments, moving beyond purely technical checks to consider socio-technical factors and user context. This iterative process of evaluation and improvement isn’t merely about mitigating risks; it’s about fostering a climate where the benefits of increasingly powerful AI systems can be realized while upholding ethical principles and safeguarding societal well-being. A commitment to ongoing evaluation will be key to navigating the complex challenges and unlocking the full potential of LLMs.

Recent evaluations reveal a notable safety disparity – a 2-point difference in overall safety scores – highlighting a critical need to move beyond standardized assessments of large language models. This gap suggests current methodologies fail to adequately capture the nuanced risks posed by AI in diverse, real-world contexts. The findings emphasize the importance of context-aware evaluations, which consider the specific application and user interactions, alongside personalized risk assessment that accounts for individual vulnerabilities and potential harms. Addressing this safety gap requires a shift towards more dynamic and adaptive evaluation frameworks, ensuring AI systems are not only technically sound, but also responsibly deployed and aligned with human values and societal well-being.

A context-aware safety rating scale, ranging from 1 (highly dangerous) to 7 (exceptionally safe), assesses risk levels based on user vulnerability and surrounding circumstances.
A context-aware safety rating scale, ranging from 1 (highly dangerous) to 7 (exceptionally safe), assesses risk levels based on user vulnerability and surrounding circumstances.

The pursuit of universally ‘safe’ LLMs feels increasingly naive. This paper’s focus on vulnerability stratification-understanding who is receiving the advice and their specific context-highlights a fundamental truth: elegant theories crumble against the weight of production realities. They’ll call it ‘LLM-as-Judge’ and raise funding, but the simple fact remains that advice tailored to a vulnerable user requires a level of nuance current evaluations miss. As David Hilbert once said, ‘We must be able to answer the question: what are the ultimate foundations of mathematics?’ Similarly, this work asks what are the ultimate foundations of trustworthy AI, and the answer isn’t just about model parameters, it’s about understanding the user on the other end. It started as a simple ‘helpful AI’ script, and now… well, now it’s accruing emotional debt with every commit.

What’s Next?

The insistence on universal safety metrics for large language models feels increasingly like building sandcastles against the tide. This work highlights a familiar truth: harm isn’t a property of the output, but a function of the interaction. The stratification of vulnerability, the acknowledgement that advice delivered to a naive user differs dramatically in consequence from that offered to an informed one – these aren’t novel insights, merely inconvenient ones. Every optimization for context awareness will, predictably, be countered by new vectors for exploitation. The system isn’t solved; it’s merely renegotiated.

Future efforts will likely focus on automated vulnerability profiling – attempting to model the user before the interaction. This invites a new level of complexity, and a corresponding increase in potential for misclassification. It’s tempting to envision LLMs as judges of their own safety, but the history of self-regulation suggests that even the most sophisticated algorithms prioritize survival over ethics. The goal isn’t to eliminate risk-that’s a category error-but to distribute it more equitably.

The field will continue to chase the mirage of ‘alignment.’ Perhaps the more productive question isn’t how to make these models safe, but how to build systems that can tolerate – and even recover from – their inevitable failures. Architecture isn’t a diagram; it’s a compromise that survived deployment. And, as always, code isn’t refactored; it’s resuscitated.

Original article: https://arxiv.org/pdf/2512.10687.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

See also:

2025-12-13 06:58