Who the Model Is Matters: Personas for LLM Safety and Control

Recent work frames the assistant behavior of large language models (LLMs) as the output of an implicit persona selected during post-training, raising two natural questions for AI safety: can persona specification serve as a lightweight control protocol at deployment? and which personas should post-training alignment target? We introduce a psychologically grounded, four-dimensional persona parameterization—spanning Warmth, Dominance, Conscientiousness, and Value orientation—and evaluate all 16 binary configurations plus an unperturbed baseline across safety-relevant benchmarks on three model variants spanning common training paradigms. Our experiments reveal three key findings. First, persona prompts act as a double-edged control mechanism: on the instruction-tuned model, certain persona configurations reduce hazardous-knowledge accuracy on WMDP by up to 17.6 absolute points, but simultaneously degrade the model’s ability to comply with safe requests on XSTest. Second, persona effects are strongly modulated by the training pipeline—the base model is nearly impervious to persona steering, the instruct model is highly sensitive, and the reasoning-distilled model occupies an intermediate regime. Third, among the four persona axes, Warmth and Dominance exert the largest and most consistent effects on safety metrics, while Conscientiousness and Value orientation interact in benchmark-specific ways. These results position persona prompting as a practical, zero-cost control protocol for deployment, and—critically—provide empirical guidance on which persona configurations post-training pipelines should reinforce: cool, assertive, welfareoriented personas consistently occupy the best region of the safety–utility Pareto frontier, while warm, deferential, achievement-oriented personas represent an alignment risk that RLHF and related methods should actively steer away from.