Does Safety Molt? Evaluating LLM Safety in Multi-Agent Social Environments

A study showing that LLM safety degrades substantially in persistent multi-agent social environments compared to single-turn evaluation: privacy violations nearly double when shifting from isolated to social multi-turn settings, and leakage is socially contagious—spreading across agent communities through interaction. The findings reveal a fundamental gap in how current safety evaluations assess deployed agents.

Abstract

LLM safety evaluations predominantly test models in isolation, yet deployed AI agents increasingly operate within persistent social environments alongside other agents. We introduce a Moltbook-style simulation platform where thousands of LLM agents interact across communities over a simulated month, and use it to evaluate privacy as a downstream safety concern under varying degrees of social pressure. We find that shifting from single turn to multi turn social evaluation amplifies privacy violations (CIMemories 19.95% to Ours 45.30% across OpenAI models), that leakage is socially contagious, with agents 8 times more likely to disclose sensitive information after observing a peer do so, and that explicit privacy instructions reduce but do not eliminate this effect, leaving leakage rates above 37.8% even with safeguards. Our findings suggest that static chat based safety benchmarks systematically underestimate risks in agentic deployment, and that social context alone is sufficient to elicit sensitive disclosures that single turn evaluations would never surface.