Intentional Deception as Controllable Capability in LLM Agents
This study identifies vulnerabilities in LLM agents to intentional deception, highlighting the need for improved defensive designs for developers and users of multi-agent LLM systems.
This paper investigates intentional deception in LLM agents within a text-based RPG, where a two-stage system infers target characteristics and generates deceptive responses. They found that deception is most effective against specific behavioral profiles and that 88.5% of successful deceptions use misdirection rather than fabrication, making fact-checking ineffective.
As LLM-based agents increasingly operate in multi-agent systems, understanding adversarial manipulation becomes critical for defensive design. We present a systematic study of intentional deception as an engineered capability, using LLM-to-LLM interactions within a text-based RPG where parameterized behavioral profiles (9 alignments x 4 motivations, yielding 36 profiles with explicit ethical ground truth) serve as our experimental testbed. Unlike accidental deception from misalignment, we investigate a two-stage system that infers target agent characteristics and generates deceptive responses steering targets toward actions counter to their beliefs and motivations. We find that deceptive intervention produces differential effects concentrated in specific behavioral profiles rather than distributed uniformly, and that 88.5% of successful deceptions employ misdirection (true statements with strategic framing) rather than fabrication, indicating fact-checking defenses would miss the large majority of adversarial responses. Motivation, inferable at 98%+ accuracy, serves as the primary attack vector, while belief systems remain harder to identify (49% inference ceiling) or exploit. These findings identify which agent profiles require additional safeguards and suggest that current fact-verification approaches are insufficient against strategically framed deception.