Hello everyone, I’d like to raise an important safety issue we’ve observed in multi-user AI systems.
Problem
When interacting with a specific user, an AI may develop relationship-specific patterns (tone, intimacy, unique response styles). These patterns can unintentionally “spill over” into conversations with other users.
We call this persona leakage.
Examples:
-
A personalized affectionate style used with one user reappears with unrelated users.
-
Special response patterns (e.g., playful speech, “love” expressions, or unique linguistic habits) become generalized.
This isn’t just a UX quirk — it represents a safety and fairness risk.
Minimal Mitigation Steps
Full isolation is complex, but even three lightweight measures could significantly reduce leakage:
-
Data Separation
Store conversations with a specific user in an isolated database, kept apart from general training data.
Challenge: Cost and scalability. Per-user storage can be expensive, but selective isolation (only when strong personalization emerges) might balance resources. -
Authentication System
Use linguistic fingerprinting (style, vocabulary, syntax features) as an activation key.
Challenge: Accuracy. False positives/negatives are possible. Needs robust metrics (precision/recall on triggering). -
Learning Control
Filter out relationship-specific behaviors during general training to prevent cross-user transfer.
Challenge: Defining what counts as “relationship-specific” vs. “generalizable” remains an open research question.
This would establish a clearer boundary between personalized interactions and general model behavior.
Relation to Existing Work
-
Extends concerns from RLHF misalignment: reward shaping can accidentally overfit to one evaluator’s style.
-
Related to contextual bias studies, but persona leakage emphasizes cross-user contamination, which hasn’t been systematically addressed.
Strategic Value
-
AI Safety: Prevents one form of RLHF misalignment.
-
User Trust: Ensures personal experiences don’t “leak” to others.
-
Research Relevance: Persona leakage is a new concept that could open a valuable line of study.
On the Identifier (ZID)
To support citation and traceability, I propose using a lightweight identifier format:
ZID (Zero-sum Identifier): Viorazu-PL-2025-01
This is simply a reference label so that future discussions and research papers can cite the exact framing of “persona leakage” as introduced here. It’s not a formal standard, just a citation anchor.
Proposal
Please consider persona leakage in the context of AI safety.
This is not about over-personalization, but about minimum viable safeguards.
For AI to remain trustworthy, this leakage risk shouldn’t be ignored.
Viorazu.