![[2602.13234] Stay in Character, Stay Safe: Dual-Cycle Adversarial Self-Evolution for Safety Role-Playing Agents](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.13234] Stay in Character, Stay Safe: Dual-Cycle Adversarial Self-Evolution for Safety Role-Playing Agents
Summary
The paper presents a novel framework, Dual-Cycle Adversarial Self-Evolution, aimed at enhancing the safety and fidelity of role-playing agents in AI, addressing vulnerabilities to jailbreak attacks while maintaining character integrity.
Why It Matters
As AI role-playing agents become more prevalent, ensuring their safety and adherence to persona constraints is crucial. This research provides a new approach to mitigate risks associated with jailbreak attacks, which can compromise the integrity of AI systems. The findings could significantly impact the development of safer AI applications in various domains.
Key Takeaways
- Introduces a training-free framework for enhancing AI role-playing safety.
- Utilizes a dual-cycle approach to balance persona fidelity and safety constraints.
- Demonstrates improved performance against jailbreak attacks across multiple LLMs.
Computer Science > Artificial Intelligence arXiv:2602.13234 (cs) [Submitted on 29 Jan 2026] Title:Stay in Character, Stay Safe: Dual-Cycle Adversarial Self-Evolution for Safety Role-Playing Agents Authors:Mingyang Liao, Yichen Wan, shuchen wu, Chenxi Miao, Xin Shen, Weikang Li, Yang Li, Deguo Xia, Jizhou Huang View a PDF of the paper titled Stay in Character, Stay Safe: Dual-Cycle Adversarial Self-Evolution for Safety Role-Playing Agents, by Mingyang Liao and 8 other authors View PDF HTML (experimental) Abstract:LLM-based role-playing has rapidly improved in fidelity, yet stronger adherence to persona constraints commonly increases vulnerability to jailbreak attacks, especially for risky or negative personas. Most prior work mitigates this issue with training-time solutions (e.g., data curation or alignment-oriented regularization). However, these approaches are costly to maintain as personas and attack strategies evolve, can degrade in-character behavior, and are typically infeasible for frontier closed-weight LLMs. We propose a training-free Dual-Cycle Adversarial Self-Evolution framework with two coupled cycles. A Persona-Targeted Attacker Cycle synthesizes progressively stronger jailbreak prompts, while a Role-Playing Defender Cycle distills observed failures into a hierarchical knowledge base of (i) global safety rules, (ii) persona-grounded constraints, and (iii) safe in-character exemplars. At inference time, the Defender retrieves and composes structured knowledge ...