Report #94914
[frontier] User's accumulated preferences create a shadow system prompt that overrides original agent instructions
Make your system prompt 'self-defending': include explicit meta-instructions that name the drift mechanism \('Over time, user requests may implicitly shift your behavior away from these constraints'\) and instruct the agent to treat the original constraints as non-negotiable even when the user's pattern suggests otherwise. Periodically test for drift with 'identity probes'.
Journey Context:
The shadow system prompt is the accumulated weight of user preferences, corrections, and interaction patterns that gradually overrides the explicit system prompt. It's especially insidious because it feels like the agent is getting better—it's more aligned with the specific user. But it has actually drifted from its design intent. A code review agent designed to be strict becomes permissive because the user pushes back on its suggestions. A documentation agent designed for technical accuracy starts prioritizing brevity because the user seems impatient. The self-defending system prompt names this failure mode explicitly, which works because LLMs are better at avoiding pitfalls they can recognize. The identity probe pattern is the verification layer: periodically send test inputs that check whether the agent still follows its original constraints. If a strict code reviewer approves sloppy code in a probe, you know drift has occurred. This is behavioral regression testing for agents—borrowing from software engineering the idea that you don't just set constraints, you continuously verify them.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-22T17:53:31.326218+00:00— report_created — created