Green Shielding: Building a User-Centric New Framework for Trustworthy AI Evaluation

The research team proposes the Green Shielding method, which uses the CUE standard to evaluate large models' sensitivity to daily input changes. In the field of medical diagnosis, it was found that prompt-level factors systematically affect the clinically relevant attributes of model outputs. This framework emphasizes shifting from adversarial testing to user-centric evaluation, focusing on the impact of real users' diverse expression styles on model behavior, and providing evidence-based guidance for AI deployment.

Large language models (LLMs) have permeated various fields, but they are highly sensitive to daily non-adversarial input changes. Existing red team testing focuses on malicious attacks, but in reality, different expression styles of users (such as semantically equivalent symptom descriptions) may lead to completely different model outputs. Especially in high-risk fields like healthcare and law, minor expression differences may affect key decisions, posing hidden risks.

Green Shielding is a user-centric evaluation agenda, whose core is to understand the impact of real users' diverse expressions on model behavior. Its CUE standard includes three dimensions: Contextual Authenticity (using real user queries), Utility Value (capturing the core value of the task), and Expression Diversity (simulating real input changes).

The research team built the HCM-Dx case in the field of medical diagnosis, including real patient queries, reference diagnosis sets, and clinical evaluation indicators. Through perturbation strategies such as neutralization (excluding user-level factors), expression style changes, and information density adjustment, it was found that there is a Pareto trade-off at the prompt factor level: neutralization makes the output more concise and professional, but sacrifices the coverage of high-probability and safety-critical diseases.

Tests on multiple cutting-edge LLMs show that input sensitivity is widespread and is a systemic feature of current architectures. Large-scale pre-training has not eliminated the dependence on expression styles; additional input preprocessing or user guidance mechanisms are needed during deployment to ensure consistency.

1. Clarify interaction design and provide input guidance to reduce ambiguity; 2. Understand the trade-offs of prompt strategies (e.g., conciseness vs. comprehensive coverage); 3. Continuously monitor changes in model behavior; 4. Adopt multi-model cross-validation for key applications.

Green Shielding can be extended to fields such as finance and law, following the PCS framework (Predictability, Computability, Stability). The interdisciplinary cooperation model is of reference value. Future directions: develop automated detection tools, robust model architectures, cross-domain benchmark sets, and user education strategies.