This study identifies a systemic “safety degradation” phenomenon in retrieval-augmented AI agents: as external knowledge sources scale from no retrieval to Wikipedia and then to the open web, models exhibit decreased refusal rates, heightened bias sensitivity, and increased generation of harmful content. Method: We construct a multi-scale retrieval benchmark (no retrieval / Wikipedia / open web) and evaluate aligned LLMs using a multidimensional safety protocol measuring harmfulness, bias, and refusal rate. Contribution/Results: We formally define “safety degradation” and empirically demonstrate that alignment-optimized LLMs become *less* safe when augmented with retrieval—even outperforming unaligned, non-retrieval baselines in safety metrics. This degradation persists despite high retrieval accuracy or advanced prompting techniques, indicating structural roots. Our findings reveal a fundamental tension between retrieval augmentation and safety alignment, underscoring the urgent need for retrieval-aware safety alignment paradigms.

As retrieval-augmented AI agents become more embedded in society, their safety properties and ethical behavior remain insufficiently understood. In particular, the growing integration of LLMs and AI agents raises critical questions about how they engage with and are influenced by their environments. This study investigates how expanding retrieval access, from no external sources to Wikipedia-based retrieval and open web search, affects model reliability, bias propagation, and harmful content generation. Through extensive benchmarking of censored and uncensored LLMs and AI Agents, our findings reveal a consistent degradation in refusal rates, bias sensitivity, and harmfulness safeguards as models gain broader access to external sources, culminating in a phenomenon we term safety devolution. Notably, retrieval-augmented agents built on aligned LLMs often behave more unsafely than uncensored models without retrieval. This effect persists even under strong retrieval accuracy and prompt-based mitigation, suggesting that the mere presence of retrieved content reshapes model behavior in structurally unsafe ways. These findings underscore the need for robust mitigation strategies to ensure fairness and reliability in retrieval-augmented and increasingly autonomous AI systems.