Multi-turn tool-calling LLMs (models capable of invoking external APIs or tools across several user turns) have emerged as a key feature in modern AI assistants, enabling extended dialogues from benign tasks to critical business, medical, and financial operations. Yet implementing multi-turn pipelines remains difficult for many safety-critical industries due to ongoing concerns regarding model resilience. While standardized benchmarks such as the Berkeley Function-Calling Leaderboard (BFCL) have underpinned confidence concerning advanced function-calling models (like Salesforce's xLAM V2), there is still a lack of visibility into multi-turn conversation-level robustness, especially given their exposure to real-world systems. In this paper, we introduce Assertion-Conditioned Compliance (A-CC), a novel evaluation paradigm for multi-turn function-calling dialogues. A-CC provides holistic metrics that evaluate a model's behavior when confronted with misleading assertions originating from two distinct vectors: (1) user-sourced assertions (USAs), which measure sycophancy toward plausible but misinformed user beliefs, and (2) function-sourced assertions (FSAs), which measure compliance with plausible but contradictory system policies (e.g., stale hints from unmaintained tools). Our results show that models are highly vulnerable to both USA sycophancy and FSA policy conflicts, confirming A-CC as a critical, latent vulnerability in deployed agents.

翻译：多轮工具调用大语言模型（能够在多轮用户对话中调用外部API或工具）已成为现代AI助手的核心功能，支持从日常任务到关键业务、医疗及金融操作的扩展对话。然而，由于对模型鲁棒性的持续担忧，许多安全关键行业在实现多轮对话流程方面仍面临困难。尽管标准化基准（如伯克利函数调用排行榜）增强了人们对先进函数调用模型（如Salesforce的xLAM V2）的信心，但多轮对话层面的鲁棒性仍缺乏可见性，尤其是在其暴露于真实世界系统的背景下。本文提出断言条件遵从性（A-CC），一种针对多轮函数调用对话的新型评估范式。A-CC提供整体性指标，用于评估模型在面对源自两个不同向量的误导性断言时的行为：（1）用户源断言（USAs），用于衡量模型对看似合理但存在认知偏差的用户信念的盲从倾向；（2）函数源断言（FSAs），用于评估模型对看似合理但相互矛盾的系统策略（例如未维护工具提供的过时提示）的遵从程度。实验结果表明，模型对USA盲从和FSA策略冲突均表现出高度脆弱性，证实A-CC是已部署智能体中一个关键且潜在的漏洞。