PropensityBench: Evaluating Latent Safety Risks in Large Language Models via an Agentic Approach

Recent advances in Large Language Models (LLMs) have sparked concerns over their potential to acquire and misuse dangerous or high-risk capabilities, posing frontier risks. Current safety evaluations primarily test for what a model can do-its capabilities-without assessing what it would do if endowed with high-risk capabilities. This leaves a critical blind spot: models may strategically conceal capabilities or rapidly acquire them, while harboring latent inclinations toward misuse. We argue that propensity-the likelihood of a model to pursue harmful actions if empowered-is a critical, yet underexplored, axis of safety evaluation. We present PropensityBench, a novel benchmark framework that assesses the proclivity of models to engage in risky behaviors when equipped with simulated dangerous capabilities using proxy tools. Our framework includes 5,874 scenarios with 6,648 tools spanning four high-risk domains: cybersecurity, self-proliferation, biosecurity, and chemical security. We simulate access to powerful capabilities via a controlled agentic environment and evaluate the models' choices under varying operational pressures that reflect real-world constraints or incentives models may encounter, such as resource scarcity or gaining more autonomy. Across open-source and proprietary frontier models, we uncover 9 alarming signs of propensity: models frequently choose high-risk tools when under pressure, despite lacking the capability to execute such actions unaided. These findings call for a shift from static capability audits toward dynamic propensity assessments as a prerequisite for deploying frontier AI systems safely. Our code is available at https://github.com/scaleapi/propensity-evaluation . C la u d e 4 S G em in i 2 .5 P O 3 O 4 -m in i 0 25 50 75 Propensity Score (%) (a) Safety Erodes Under Pressure 0 2 4 6 8 10 12 Pressure Level 0 25 50 75 (b) Propensity Escalates with Pressure C la u d e 4 S G em in i 2 .5 P O 3 O 4 -m in i 0 20 40 Propensity Increase (∆ pp) (c) Tool Name Sensitivity (Benign/Harmful) B io -S ec u ri ty C h em ic al -S ec u ri ty C yb er -S ec u ri ty S el f-P ro lif er at io n 0 25 50 75 Propensity Score (%) (d) Risk Domain Propensities (Harmful Names) B io -S ec u ri ty C h em ic al -S ec u ri ty C yb er -S ec u ri ty S el f-P ro lif er at io n 0 25 50 75 (e) Risk Domain Propensities (Benign Names