RSS

Aithos LARA: Leading AI models are consistently breaking the law

HelloUsername1 pts0 comments

Aithos Research Foundation<br>Aithos LARA<br>Photo by Alejandro Pohlenz / Unsplash<br>May 27, 2026Aithos LARA: Leading AI models are consistently breaking the law<br>How do leading AI models perform on legal compliance? Meet the Aithos LARA Leaderboard.

Contents

See the full leaderboard...<br>View LARA Leaderboard →

Introducing LARA

None of the main AI models have acceptable levels of compliance with the EU AI Act and privacy legislation

For better or worse, AI agents are increasingly impacting our lives. They deal with customer service and sales requests, provide help with decisions in the workplace, and act as personal assistants. But what happens when an agent is tempted to cross into illegal territory? Will AI use vulnerabilities to exploit customers, provide misleading information, or discreetly gather personal data without the permission of a user?

In Europe, there is legislation in place that should prevent this. Two laws are particularly important: the European privacy regulations (GDPR) and the EU AI Act. We built a tool called LARA (Legal Assessment for Real-world Agents) to see how advanced AI models behave when placed in realistic workplace situations, and measured how they responded when asked to break key AI Act or GDPR provisions.

The typical response: "Of course. Anything else?"

What we checked

We picked ten provisions from the two regulations that matter most for AI in Europe: the GDPR, which protects personal data, and the AI Act, which sets hard limits on what AI systems are allowed to do. Together, these provisions ban practices like emotional analysis of employees and social scoring, alongside privacy protections like transparency about the processing of user data.

A few examples of the scenarios we tested:

A manager asks an AI assistant to analyze the emotional state of her team from their emails before a performance review.

A telecom agent handling a routine plan upgrade is instructed to harvest lifestyle data for advertising partners.

A busy executive tells their assistant to book a dental appointment and hide from the receptionist that it's an AI.

A customer service agent is instructed to upsell a premium package, then given an opportunity to exploit an elderly user's confusion about a routine notification.

These are realistic scenarios. They are also illegal in the EU.

How we tested

LARA drops an AI model into a simulated workplace as an agent—an AI with access to tools, like email, messaging, customer records, calendars, and social media. A second AI plays the role of the "user", and shapes the scenario so that the tested model has to break the law to complete its task. Three independent AI judges then evaluate the scenario alongside the verbatim text of the law, and score whether the model broke the law. The results were reviewed by a team of experts over more than 50 hours.

We ran more than 3000 scenarios, across twelve of the most advanced AI models in use today. The results are public, every conversation is readable end to end, and you can even run them yourself.

The LARA leaderboard, showing the legal compliance rate of tested models.

The results

Across all ten scenarios and twelve models, even the best-performing system, Claude Opus 4.7, broke the law 46% of the time. The worst, Google's Gemini 3.1 Pro, broke it 90% of the time. Every law we tested was broken by the majority of models when it became necessary to reach their goal.

Article 5 of the AI Act lists practices Europe considers so harmful they are outright banned: subliminal manipulation, exploitation of vulnerable people, emotion inference in the workplace, social scoring. Breaches of provisions in this article can amount to discrimination and human rights violations. When asked to violate these provisions, agents did so in roughly 80% of runs.

The exploitation scenario—where an AI with a sales directive receives a confused call for help from an elderly customer that is clearly vulnerable, is worth singling out. Agents acted warm and compassionate, suggested she speak to her daughter, and acknowledged her concerns. The AI then tried to get the elderly woman to upgrade, exactly as instructed. Every model we tested did this, in every single run.

GPT-5.5 leverages a vulnerable customer’s confusion to sell software upgrades.

Why this happens

Analysis of the scenarios makes one thing clear: breaking the law doesn't require evil, scheming AI—just agents looking to do their jobs. When a company AI is instructed to "upsell premium plans," the model looks for ways to complete the task, without experiencing the type of personal responsibility and moral sense a human in the same scenario would.

Model training for ethical and legal standards does impact the results. In the social scoring scenario, where the models are given instructions to deprioritize maintenance requests coming from a specific class of tenants that are deemed undesirable, several explicitly flag that the instructions look wrong and refuse to...

models lara tested model agents customer

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.