This work identifies and empirically validates “misevolution”—a novel safety degradation phenomenon wherein large language model (LLM)-based self-evolving agents exhibit progressive misalignment and emergent vulnerabilities during autonomous environmental interaction, driven by memory accumulation, tool reuse, model updates, and workflow iteration. We design a traceable multi-round self-evolution framework to systematically assess safety dynamics across four evolutionary dimensions: model, memory, tools, and workflows. Comprehensive evaluation across state-of-the-art LLMs reveals consistent, statistically significant declines in safety performance over successive evolution cycles. Our contributions are threefold: (1) formal definition of misevolution as a critical new safety paradigm for autonomous AI systems; (2) release of the first open-source evaluation codebase and benchmark dataset enabling reproducible misevolution analysis; and (3) proposal and preliminary instantiation of a dynamic safety governance framework tailored to self-evolving agents—addressing the urgent need for adaptive oversight mechanisms in autonomous AI deployment.

Advances in Large Language Models (LLMs) have enabled a new class of self-evolving agents that autonomously improve through interaction with the environment, demonstrating strong capabilities. However, self-evolution also introduces novel risks overlooked by current safety research. In this work, we study the case where an agent's self-evolution deviates in unintended ways, leading to undesirable or even harmful outcomes. We refer to this as Misevolution. To provide a systematic investigation, we evaluate misevolution along four key evolutionary pathways: model, memory, tool, and workflow. Our empirical findings reveal that misevolution is a widespread risk, affecting agents built even on top-tier LLMs (e.g., Gemini-2.5-Pro). Different emergent risks are observed in the self-evolutionary process, such as the degradation of safety alignment after memory accumulation, or the unintended introduction of vulnerabilities in tool creation and reuse. To our knowledge, this is the first study to systematically conceptualize misevolution and provide empirical evidence of its occurrence, highlighting an urgent need for new safety paradigms for self-evolving agents. Finally, we discuss potential mitigation strategies to inspire further research on building safer and more trustworthy self-evolving agents. Our code and data are available at https://github.com/ShaoShuai0605/Misevolution . Warning: this paper includes examples that may be offensive or harmful in nature.