This work addresses the underexplored security risks introduced by personalized large language models (LLMs), which, while enhancing user experience, have not been systematically examined at the intersection of personalization and safety. Existing research tends to treat these aspects in isolation, lacking integrated analysis. To bridge this gap, we propose the first safety-aware survey framework for personalized LLMs, systematically organizing user representation schemes, personalization paradigms, and evaluation methodologies. We establish a unified taxonomy of security risks and comprehensively cover mainstream technical approaches—including prompt engineering, retrieval augmentation, parameter fine-tuning, reinforcement learning, mixture-of-experts (MoE), pruning, agent-based systems, and multimodal integration. Through the OpenClaw case study, we reveal emerging deployment trends and identify critical structural gaps in relational safety evaluation, compositional mechanisms, and long-term risk modeling. Finally, we outline mitigation strategies spanning the entire model lifecycle to guide the development of secure and reliable personalized LLMs.

Large Language Models (LLMs) have enabled increasingly personalized interactions by adapting to users' preferences, contexts, and long-term histories. However, the mechanisms that enable personalization also expand the safety landscape in ways not systematically addressed by existing literature. Existing reviews typically focus either on personalization or safety, leaving their intersection largely unexplored. We present the first comprehensive, safety-aware review of personalized LLMs. We organize personalization along three dimensions-user representation, personalization paradigm, and evaluation-and introduce a unified taxonomy of safety risks. At the representation level, we analyze risks arising from diverse user representations. Across mainstream personalization paradigms, we delineate vulnerabilities inherent to prompting, retrieval augmentation, parameter fine-tuning, reinforcement learning, Mixture-of-Experts (MoE), pruning, agent frameworks, and multimodal personalization, and synthesize mitigation strategies across the model lifecycle. Beyond these fine-grained risks, we characterize paradigm-agnostic safety risks arising from personalized adaptation. We further summarize personalized datasets and evaluation methodologies. Through a case study of OpenClaw, we analyze deployment trends in personalized agent ecosystems. Our analysis reveals three structural inadequacies in existing research: safety is evaluated as user-invariant rather than relational, personalization techniques are analyzed in isolation rather than in composition, and evaluation frameworks cannot capture emergent long-term risks. By jointly examining personalized representations, personalization paradigms, safety risks, defenses, and evaluation methods, we provide a unified framework for developing safe personalized LLMs and highlight key directions for future research.