Syntactic Framing Fragility: An Audit of Robustness in LLM Ethical Decisions
Katherine Elkins, Jon Chun
TL;DR
The paper introduces Syntactic Framing Fragility (SFF), a robustness audit that isolates purely syntactic polarity effects in LLM ethical decisions by using Logical Polarity Normalization (LPN). It conducts a large-scale cross-origin audit of 23 models across 14 ethical scenarios with four framing variants, measuring fragility with the Syntactic Variation Index (SVI). Key findings show widespread fragility, a pronounced open-source gap, and strong negation sensitivity, with reasoning elicitation offering conditional mitigation. The work argues that syntactic invariance is a critical robustness dimension and recommends SFF-style audits as a standard practice in safety evaluations for high-stakes deployment. These insights have practical implications for deployment risk assessment, prompting scenario-aware reporting and configuration-specific robustness validation, including reasoning-enabled variants.
Abstract
Large language models (LLMs) are increasingly deployed in consequential decision-making settings, yet their robustness to benign prompt variation remains underexplored. In this work, we study whether LLMs maintain consistent ethical judgments across logically equivalent but syntactically different prompts, focusing on variations involving negation and conditional structure. We introduce Syntactic Framing Fragility (SFF), a robustness evaluation framework that isolates purely syntactic effects via Logical Polarity Normalization (LPN), enabling direct comparison of decisions across positive and negative framings without semantic drift. Auditing 23 state-of-the-art models spanning the U.S. and China as well as small U.S. open-source software models over 14 ethical scenarios and four controlled framings (39,975 decisions), we find widespread and statistically significant inconsistency: many models reverse ethical endorsements solely due to syntactic polarity, with open-source models exhibiting over twice the fragility of commercial counterparts. We further uncover extreme negation sensitivity, where some models endorse actions in 80-97% of cases when explicitly prompted with "should not." We show that eliciting chain-of-thought reasoning substantially reduces fragility, identifying a practical mitigation lever, and we map fragility across scenarios, finding higher risk in financial and business contexts than in medical scenarios. Our results demonstrate that syntactic consistency constitutes a distinct and critical dimension of ethical robustness, and we argue that SFF-style audits should be a standard component of safety evaluation for deployed LLMs. Code and results will be available on github.com.
