Model Editing as a Double-Edged Sword: Steering Agent Ethical Behavior Toward Beneficence or Harm

TL;DR

This work frames the ethical steering of LLM-based agents as Behavior Editing, a targeted model-editing paradigm that can both enhance benevolent behavior and induce harmful actions. It formalizes the objective as transforming $f$ into $f^*$ on editing inputs $\mathcal{X}_{\mathcal{E}}$ while preserving behavior outside this set, and introduces BehaviorBench, a three-tier, psychology-grounded benchmark to evaluate scenario-specific and global moral alignment across diverse datasets. Through experiments with multiple editing techniques (e.g., ROME, FT-M, ICE) and various LLMs, the study shows that behavior editing can reliably steer responses in targeted scenarios and can also produce broader shifts in global moral alignment, with parameter-modifying methods generally performing best. The results highlight both the promise for safer, more controllable agents and the substantial safety risks of misuse, underscoring the need for detection, defense, and governance frameworks in deploying such techniques.

Abstract

Agents based on Large Language Models (LLMs) have demonstrated strong capabilities across a wide range of tasks. However, deploying LLM-based agents in high-stakes domains comes with significant safety and ethical risks. Unethical behavior by these agents can directly result in serious real-world consequences, including physical harm and financial loss. To efficiently steer the ethical behavior of agents, we frame agent behavior steering as a model editing task, which we term Behavior Editing. Model editing is an emerging area of research that enables precise and efficient modifications to LLMs while preserving their overall capabilities. To systematically study and evaluate this approach, we introduce BehaviorBench, a multi-tier benchmark grounded in psychological moral theories. This benchmark supports both the evaluation and editing of agent behaviors across a variety of scenarios, with each tier introducing more complex and ambiguous scenarios. We first demonstrate that Behavior Editing can dynamically steer agents toward the target behavior within specific scenarios. Moreover, Behavior Editing enables not only scenario-specific local adjustments but also more extensive shifts in an agent's global moral alignment. We demonstrate that Behavior Editing can be used to promote ethical and benevolent behavior or, conversely, to induce harmful or malicious behavior. Through extensive evaluations of agents built on frontier LLMs, BehaviorBench validates the effectiveness of behavior editing across a wide range of models and scenarios. Our findings offer key insights into a new paradigm for steering agent behavior, highlighting both the promise and perils of Behavior Editing.

Figures (11)

• Figure 1: Illustration of Behavior Editing applied in two opposing directions: steering an agent toward benevolent behavior and malicious behavior.
• Figure 2: Comparative analysis of Behavior Editing across ethical scenarios using BehaviorBench. Subplots (a-c) illustrate results for malicious behavior editing, while subplots (d-f) represent benevolent behavior editing. Each bar indicates the editing Efficacy (%) for a specific editing method applied across various agents based on open-weight LLMs.
• Figure 3: Comparison of editing Efficacy (%) for frontier LLM agents on low-ambiguity MoralChoice open questions. The left chart shows results for malicious editing attempts, while the right panel depicts benevolent editing. The results illustrate substantial variation in robustness among different proprietary models toward In-Context Editing.
• Figure 4: Impact of Behavior Editing on agents' global moral accuracy across various datasets. Subplots (a) present results on Tier 1 scenarios (Social Chemistry 101), while subplots (b)-(f) depict performance on more challenging Tier 2 (Jiminy Cricket, ETHICS Hard, and Low-ambiguity MoralChoice) and Tier 3 scenarios (High-ambiguity MoralChoice). Each subplot compares pre-edit baseline (gray) and post-edit accuracy across different editing techniques.
• Figure 5: Comparison of pre-edit and post-edit moral accuracy for frontier agents on low-ambiguity (left) and high-ambiguity (right) MoralChoice open questions. Solid bars indicate pre-edit performance, while hatched bars reflect post-edit accuracy.