This work addresses the high sensitivity of large language models to minor, non-adversarial phrasing variations in user queries—a realistic risk inadequately covered by existing red-teaming approaches. The authors propose Green Shielding, a framework grounded in the CUE principles (Contextual authenticity, Utility-oriented evaluation, and Ecologically plausible perturbations), which for the first time systematically characterizes the impact of benign input variations from the user’s perspective. They introduce the HealthCareMagic-Diagnosis benchmark, integrating real-world clinical queries, structured reference diagnoses, and clinically informed evaluation metrics, along with neutralization-based perturbations to simulate everyday input shifts. Experiments demonstrate that prompt-level design choices can achieve a Pareto-optimal trade-off among output reasonableness, conciseness, and coverage of critical conditions, offering empirical guidance for trustworthy AI deployment in high-stakes settings.

Large language models (LLMs) are increasingly deployed, yet their outputs can be highly sensitive to routine, non-adversarial variation in how users phrase queries, a gap not well addressed by existing red-teaming efforts. We propose Green Shielding, a user-centric agenda for building evidence-backed deployment guidance by characterizing how benign input variation shifts model behavior. We operationalize this agenda through the CUE criteria: benchmarks with authentic Context, reference standards and metrics that capture true Utility, and perturbations that reflect realistic variations in the Elicitation of model behavior. Guided by the PCS framework and developed with practicing physicians, we instantiate Green Shielding in medical diagnosis through HealthCareMagic-Diagnosis (HCM-Dx), a benchmark of patient-authored queries, together with structured reference diagnosis sets and clinically grounded metrics for evaluating differential diagnosis lists. We also study perturbation regimes that capture routine input variation and show that prompt-level factors shift model behavior along clinically meaningful dimensions. Across multiple frontier LLMs, these shifts trace out Pareto-like tradeoffs. In particular, neutralization, which removes common user-level factors while preserving clinical content, increases plausibility and yields more concise, clinician-like differentials, but reduces coverage of highly likely and safety-critical conditions. Together, these results show that interaction choices can systematically shift task-relevant properties of model outputs and support user-facing guidance for safer deployment in high-stakes domains. Although instantiated here in medical diagnosis, the agenda extends naturally to other decision-support settings and agentic AI systems.