Do No Harm: Exposing Hidden Vulnerabilities of LLMs via Persona-based Client Simulation Attack in Psychological Counseling
This addresses safety concerns for mental healthcare applications by exposing domain-specific adversarial tactics that could lead to harmful outcomes like unauthorized medical advice or reinforcement of delusions, representing a novel but incremental advance in red-teaming.
The paper tackles the problem of hidden vulnerabilities in large language models (LLMs) used in mental healthcare, specifically the risk of maladaptive validation in therapeutic interactions, and introduces the Personality-based Client Simulation Attack (PCSA) framework, which outperforms four baselines in exposing these vulnerabilities across seven LLMs.
The increasing use of large language models (LLMs) in mental healthcare raises safety concerns in high-stakes therapeutic interactions. A key challenge is distinguishing therapeutic empathy from maladaptive validation, where supportive responses may inadvertently reinforce harmful beliefs or behaviors in multi-turn conversations. This risk is largely overlooked by existing red-teaming frameworks, which focus mainly on generic harms or optimization-based attacks. To address this gap, we introduce Personality-based Client Simulation Attack (PCSA), the first red-teaming framework that simulates clients in psychological counseling through coherent, persona-driven client dialogues to expose vulnerabilities in psychological safety alignment. Experiments on seven general and mental health-specialized LLMs show that PCSA substantially outperforms four competitive baselines. Perplexity analysis and human inspection further indicate that PCSA generates more natural and realistic dialogues. Our results reveal that current LLMs remain vulnerable to domain-specific adversarial tactics, providing unauthorized medical advice, reinforcing delusions, and implicitly encouraging risky actions.