Arguments for optimism on AI Alignment (I don't endorse this version, will reupload a new version soon.)

Noosphere89

why we mostly don't need to worry about AI

This topic is poorly understood, very high confidence is obviously wrong for any claim that's not exceptionally clear. Absence of doom is not such a claim, so the need to worry isn't going anywhere.

-1Noosphere892y

This is why the post is so long: It has to integrate a lot of different sources of evidence, actually give lots of evidence for major claims, and I had to make sure that I actually have positive arguments such that it's very, very likely we will align AI, an arguably make it safe by default. That's why I made the argument on AIs as white boxes, and the fact that I think that the genome uses very weak priors to align us to having empathy for the ingroup, for example ridiculously well, because these were intended to be reasons to expect safe AI by default in a very strong sense. Also, there is a lot of untapped evidence on humans, and that's what I was using to make this post. Quintin Pope and TurnTrout's post is below on the massive evidence we have about humans for alignment. https://www.lesswrong.com/posts/CjFZeDD6iCnNubDoS/humans-provide-an-untapped-wealth-of-evidence-about

[-]Vladimir_Nesov2y2712

Without sufficient clarity, which humanity doesn't possess on this topic, no amount of somewhat confused arguments is sufficient for the kind of certainty that makes the remaining risk of extinction not worth worrying about. It's important to understand and develop what arguments we have, but in their present state they are not suitable for arguing this particular case outside their own assumption-laden frames.

When reunited with unknown unknowns outside their natural frames, such arguments might plausibly make it reasonable to believe the risk of extinction is as low as 10%, or as high as 90%, but nothing more extreme than that. Nowhere across this whole range of epistemic possibilities is a situation that we "mostly don't need to worry about".

[-]Seth Herd2y295

Downvote for being absurdly overconfident, and thereby harming the whole direction of more optimism on alignment. I'd downvote Eliezer for the same reason on his 99.99% doom arguments in public; they are visibly silly, making the whole direction seem silly by association.

In both cased, there are too many unknown unknowns to have confidences remotely that high. And you've added way more silly zeros than EY, despite having looser arguments.

This is a really important topic; we need serious discussion of how to really think about alignment difficulty. This is a serious attempt, but it's just not realistically humble. It also seems to be ignoring the cultural norm and explicit stated goal of writing to inform, not to persuade, on LW.

So, I look forward to your next iteration, improved by the feedback on this post!

4Noosphere892y

I'll probably put this back into drafts by tomorrow.

3Seth Herd2y

It looks like you already took out the 99.9...% claims, which are the primary thing I was reacting to. That's great IMO. I think the new phrasing of "not claiming this is right, just getting the logic out there" is way better- both more honest and ultimately more convincing if the logic holds. jBut that's a major edit without noting the edit, so I think this should be a draft right now, not a post that's evolving so that the comments are now addressing an earlier version. Publishing a second version that includes much of the first is a great idea. I'd choose a different term than white box, as per Steve Byrnes' conclusion that he just won't use those terms since they're confusing. My biggest substantive comment is that you seem to be assuming that because we could get alignment right, we will get alignment right. Even Yudkowsky agrees that we could get it right. You're arguing that it's a lot easier than assumed, and I think that's probably right. But that's not enough to be confident that we will get it right. It will depend on how seriously the first person to make self-improving AGI takes alignment, even if there are easy techniques available. Will they use them, or will they race and take risks?

2Noosphere892y

I honestly agree with this. I feel that the post has been edited so much that I now think it's time to delete this post and reupload a new version of it so that I can actually deal with the edits, without having this weird patchwork post. Yeah, I'll probably edit it to emphasize something else. I am definitely assuming that, but I do think it's a weak assumption, assuming that at least some part of my post holds true. In essence, I'm hoping that OpenAI doesn't do the worst thing even if it isn't favored by profit incentives. The good news is that assuming value learning is easy, then we have an easier time, since we can do AI regulations a lot more normally, and in particular, we don't need to be that strict with licensing. Don't get me wrong, AI governance is necessary in this world, but the type of governance would be drastically different. No pauses, for one example.

8Seth Herd2y

Agreed on all points. This is closely related to my thinking on how we survive, which is why I care about seeing it presented in a way people can hear and understand. I'll send you a draft of the closely related post I'm working on, and if you haven't seen it, I focus on that last point, values learning being relatively easy, in this post: The (partial) fallacy of dumb superintelligence. I think it's worth explicitly discussing the assumption that people won't do "the dumbest possible thing". It's a reasonable assumption, but it's probably a little more complicated than that. If alignment taxes are non-zero, there will be some pull between different motivations.

2Noosphere892y

Yeah, it kinda depends on how small the alignment tax is. If it's not 0, like I unfortunately suspect, but instead small, then there is a small chance of extinction risk. I definitely plan to discuss that when I reupload the post after deleting it first. Thanks for talking with me today!

2Vladimir_Nesov2y

Discussion is written by others, unpublishing affects both.

5habryka2y

I also think it would be better if you changed the title to saying you don't endorse it anymore. It's sad for the discussion to disappear/become unfindable.

4Noosphere892y

Okay, I endorse parts of this post, but in hindsight, I clearly was overconfident. I still want to reupload this post, partially because I want to not have to deal with the editing process, but I will probably edit the title to say I don't endorse this version anymore, and make a new post based on this one.

[-]Roko2y2915

I believe the security mindset is inappropriate for AI

I think that's because AI today feels like a software project akin to building a website. If it works, that's nice, but if it doesn't work it's no big deal.

Weak systems have safe failures because they are weak, not because they are safe. If you piss off a kitten, it will not kill you. If you piss off an adult tiger...

The optimistic assumptions laid out in this post don't have to fail in every possible case for us to be in mortal danger. They only have to fail in one set of circumstances that someone actualizes. And as long as things keep looking like they are OK, people will continue to push the envelope of risk to get more capabilities.

We have already seen AI developers throw caution to the wind in many ways (releasing weights as open source, connecting AI to the internet, giving it access to a command prompt) and things seem OK for now so I imagine this will continue. We have already seen some psycho behavior from Sydney too. But all these systems are weak reasoners and they don't have a particularly solid grasp on cause and effect in the real world.

We are certainly in a better position with respect to winning than when I started posting on this website. To me the big wins are (1) that safety is a mainstream topic and (2) that the AIs learned English before they learned physics. But I don't regard those as sufficient for human survival.

4Noosphere892y

I disagree, and I think there are deeper reasons for why most computer security analogies do not work for ML/AI alignment. I think the biggest reasons for this are the following: 1. The thing that LW people call security mindset is non-standard, and under the computer security definition, you only start handing out points for discovering potential failures when they can actually demonstrate it, and virtually no proposed failures that I am aware of have been demonstrated successfully, except for goal misgeneralization and specification gaming, and even here they are toy AIs. In contrast, the notion that inner misaligned models/optimization daemons would appear in modern AI systems has been tested twice before, and in 1 case, DaemonicSigil was able to get a gradient hacker/optimization daemon to appear, but it was extremely toy, then when it was shown in a more realistic case, the optimization daemon phenomenon went away, or was going away. See Iceman's comment for more details on why LW Security Mindset!=Computer Security Mindset: https://www.lesswrong.com/posts/99tD8L8Hk5wkKNY8Q/?commentId=xF5XXJBNgd6qtEM3q That leads to 2: ML people can do things that would not work well under a security mindset or rocket engineering, like randomly doubling model size or data, or swapping one model for another, which would be big no-nos under computer security and rocket engineering, because rockets would literally explode if you doubled their fuel randomly in-flight, and switching the order in securing a password would make it output nonsense at best or destroy the security at worst. There are enough results like this that I'm now skeptical of applying the security mindset frame to AI safety, beyond inner alignment being very likely by default to SGD's corrective properties.

[-]Roko2y157

Do you just like not believe that AI systems will ever become superhumanly strong? That once you really crank up the power (via hardware and/or software progress), you'll end up with something that could kill you?

Read what I wrote above: current systems are safe because they're weak, not safe because they're inherently safe.

Security mindset isn't necessary for weak systems because weak systems are not dangerous.

9Noosphere892y

This is exactly what I am arguing against. I do not believe that the security mindset doesn't work because AI is weak, I believe that the security mindset fails for deeper reasons than that, and an increase in capabilities doesn't mean that the security mindset looks better (indeed, it may actually look worse, see the attempted optimization daemon break of AI to see how making capabilities go up by increasing the dimensions of the AI, where it started going away, or all of SGD's corrections.) Edit: I also have issues with the way LW applies the security mindset, and I'll quote my comment from there on why a lot of LW implementations of security mindset fail:

4Roko2y

Maybe you're right, we may need to deploy an AI system that demonstrates the potential to kill tens of millions of people before anyone really takes AI risk seriously. The AI equivalent of Trinity. https://en.wikipedia.org/wiki/Trinity_(nuclear_test)

[-]lc2y197

It's not just about "being taken seriously", although that's a nice bonus - it's also about getting shared understanding about what makes programs secure vs. insecure. You need a method of touching grass so that researchers have some idea of whether or not they're making progress on the real issues.

-3Roko2y

We already can't make MNIST digit recognizers secure against adversarial attacks. We don't know how to prevent prompt injection. Convnets are vulnerable to adversarial attacks. RL agents that play Go at superhuman levels are vulnerable to simple strategies that exploit gaps in their cognition. No, there's plenty of evidence that we can't make ML systems robust. What is lacking is "concrete" evidence that that will result in blood and dead bodies.

8lc2y

None of those things are examples of misalignment except arguably prompt injection, which seems like it's being solved by OpenAI with ordinary engineering.

7O O2y

To me the security mindset seems inapplicable because in computer science, programs are rigid systems with narrow targets. AI is not very rigid and the target, I.e. an aligned mind, is not necessarily narrow.

4Richard_Kennaway2y

That rigidity is what makes computer security so easy. ... Relative to AGI security.

[-]O O2y103

No the rigidity is what makes a system error prone i.e. brittle. If you don’t specify the solution exactly, the machine won’t solve the problem. Classic computer programs can’t generalize.

The OP makes a point how you can double a model size and it will work well but if you double a computer programs binary size with unused lines of code you can get all sorts of weird errors. Even if none of that extra size is ever used.

An analogy is trying to write a symbolic logic program to emulate an LLM. (Ie with only if statements and for loops) or trying to make a self driving car with Boolean logic.

If I flip one single bit in a computer program, it will probably catastrophically fail and crash the whole computer. However removing random weights won’t do much to an LLM.

a little tangent on the flipping a bit:

Flipping a bit in the actual binary itself (the thing the computer reads to run the program) will probably cause the computer to access a part of itself it wasn’t supposed to and immediately crash.

Changing a letter in a computer program that humans write will almost certainly cause the program to not compile.

4Noosphere892y

Yep, these are the important parts, and Neural Networks are much more robust than that, and it has extreme robustness compared to a lot of other fields, which is why I'm skeptical of applying the security mindset, since it would predict false things.

2Richard_Kennaway2y

The non-rigidity of ChatGPT and its ilk does not make them less error-prone. Indeed, ChatGPT text is usually full of errors. But the errors are just as non-rigid. So are the means, if they can be found, of fixing them. ChatGPT output has to be read with attention to see its emptiness. None of this has anything to do with security mindset, as I understand the term.

0Noosphere892y

The point is that if it was like computer security or even computer engineering, those errors would completely destroy ChatGPT's intelligence, and make it as useless as a random computer. This is just one example of an observation like this that makes me skeptical of applying the security mindset, as ML/AI and it's subfield, ML/AI alignment is a strange enough field that I wouldn't port over any intuitions from other fields. ML/AI alignment is like quantum mechanics, in which you need to leave your intuitions at the door, and unfortunately this makes public outreach likely net-negative.

[-]Richard_Kennaway2y2311

At this point it is not clear to me what you mean by security mindset. I understand by it what Bruce Schneier described in the article I linked, and what Eliezer describes here (which cites and quotes from Bruce Schneier). You have cited QuintinPope, who also cites the Eliezer article, but gets from it this concept of "security mindset": "The bundle of intuitions acquired from the field of computer security are good predictors for the difficulty / value of future alignment research directions". From this and his further words about the concept, he seems to mean something like "programming mindset", i.e. good practice in software engineering. Only if I read both you and him as using "security mindset" to mean that can I make sense of the way you both use the term.

But that is simply not what "security mindset" means. Recall that Schneier's article began with the example of a company selling ant farms by mail order, nothing to do with software. After several more examples, only one of which concerns computers, he gives his own short characterisation of the concept that he is talking about:

the security mindset involves thinking about how things can be made to fail. It involves thinki

... (read more)

0Noosphere892y

My issue with the security mindset is that there's a selection effect/bias that causes people to notice the failures of security, and not it's successes, even if the true evidence for success is massively larger than it's failure. Here's a quote from lc's post POC or GTFO as a counter to alignment wordcelism, on why the security industry has massive issues with people claiming security failures when they don't or can't happen: And this is why in general I dislike the security mindset, because of the incentives to report failure or bad events even when they aren't very much of a concern. Also, the stuff that computer security people do largely doesn't need to be done in ML/AI, which is another reason I'm skeptical of the security mindset.

0Richard_Kennaway2y

These are parochial matters within the computer security community, and do not bear on the hazards of AGI.

0Noosphere892y

They do matter, since it implies a sort of selection effect where people will share the evidence for doom, and not notice the evidence for not-doom, and this matters because the real chance of doom may be much lower, in principle arbitrarily low, while LWers and AI safety/governance organizations have higher probabilities of doom. Combined with more standard biases on negative news being selected for, it is one piece in why I think AI doom is very unlikely. This is just one piece of it, not my entire argument And I think this already happened, cf the entire inner misalignment/optimization daemon situation, where it was tested twice, once showing a confirmed break, and the other one by Ulisse Mini, where in a more realistic situation, the optimization daemon/inner misalignment went away, and very little shared on this result, compared to the original which almost certainly got more views.

[-]Steven Byrnes2y252

I’m pretty confused about almost everything you said about “innate reward system”.

My view is: the relevant part of the human innate reward system (the part related to compassion, norm-following, etc.) consists of maybe hundreds of lines of code, and nobody knows what they are, and I would feel better if we did. (And that happens to be my own main research interest.)

Whereas your view seems to be: umm, I’m not sure, I’m gonna say things and you can correct me. Maybe you think that (1) the innate reward system is simple, (2) when we do RLHF, we are providing tens of thousands of samples of what the innate reward system would do in different circumstances, (3) and therefore ML will implicitly interpolate how the innate reward system works from that data, (4) …and this will continue to extrapolate to norm-following behavior etc. even in out-of-distribution situations like inventing new society-changing technology. Is that right? (I’m stating this possible argument without endorsing or responding to it, I’m still at the trying-to-understand-you phase.)

3Noosphere892y

My general model of the way that the innate reward system works is that the following happens: 1. I agree with the claim that the innate reward system is simple. 2. The innate reward system uses the fact that it can edit the weights and code of the brain, albeit it's limited by biology's quirks like it's completely uninterpretable neurons to use the backpropagation algorithm, or a weaker variant thereof to update the gradients using RLHF or DPO or whatever specific variant it is to train a reward model for preference alignment. It continuously trains online on a lot of examples. 3. Yes, the ML/AI algorithm learns to interpolate from the data, and via weak priors plus the examples learned, it eventually starts to learn how the innate reward system works from the data, and what the reward function is. 4. I think one key reason why we can navigate out-of distribution situations is because the innate reward system is fully online, and thus whenever it faces out of distribution situations, it's able to react on the timescale of the rest of the brain and take action. At the very least, this is a possible sketch of how we could make a reward system that lets us align the AI. Regarding the idea that there is a short code for how the innate reward system works: I agree with the view that there probably is a short, powerful code of the innate reward system in humans, for the same reason as my argument that priors from genetics are probably very weak. My claim here is that even the weaker reward model where we use local update rules is already enough to make alignment very likely, for the same reasons that the innate reward system is able to input a lot of preferences reliably like empathy for the ingroup, revenge when we are harmed, etc. Your algorithm seems like a very good thing, if we could get at it, but even the weaker stuff enabled by SGD probably is enough to ensure alignment with very high probability.

[-]iceman2y205

On the topic of security mindset, the thing that the LW community calls "security mindset" isn't even an accurate rendition of what computer security people would call security mindset. As noted by lc, actual computer security mindset is POC || GTFO, or trying to translate that into lesswrongesse, you do not have warrant to believe in something until you have an example of the thing you're maybe worried about being a real problem because you are almost certain to be privileging the hypothesis.

[-]Zach Furman2y*1813

In the cybersecurity analogy, it seems like there are two distinct scenarios being conflated here:

1) Person A says to Person B, "I think your software has X vulnerability in it." Person B says, "This is a highly specific scenario, and I suspect you don't have enough evidence to come to that conclusion. In a world where X vulnerability exists, you should be able to come up with a proof-of-concept, so do that and come back to me."

2) Person B says to Person A, "Given XYZ reasoning, my software almost certainly has no critical vulnerabilities of any kind. I'm so confident, I give it a 99.99999%+ chance." Person A says, "I can't specify the exact vulnerability your software might have without it in front of me, but I'm fairly sure this confidence is unwarranted. In general it's easy to underestimate how your security story can fail under adversarial pressure. If you want, I could name X hypothetical vulnerability, but this isn't because I think X will actually be the vulnerability, I'm just trying to be illustrative."

Story 1 seems to be the case where "POC or GTFO" is justified. Story 2 seems to be the case where "security mindset" is justified.

It's very different to suppose a particula... (read more)

7bigjeff52y

The reason Person A in scenario 2 has the intuition that Person B is very wrong is because there are dozens, if not hundreds of examples where people claimed no vulnerabilities and were proven wrong. Usually spectacularly so, and often nearly immediately. Consider the fact that the most robust software developed by the most wealthy and highly motivated companies in the world, who employ vast teams of talented software engineers, have monthly patch schedules to fix their constant stream vulnerabilities, and I think it's pretty easy to immediately discount anybody's claim of software perfection without requiring any further evidence. All the evidence Person A needs is the complete and utter lack of anybody having achieved such a thing in the history of software to discount Person B's claims. I've never heard of an equivalent example for AI. It just seems to me like Scenario 2 doesn't apply, or at least it cannot apply at this point in time. Maybe in 50 years we'll have the vast swath of utter failures to point to, and thus a valid intuition against someone's 9-9's confidence of success, but we don't have that now. Otherwise people would be pointing out examples in these arguments instead of vague unease regarding problem spaces.

4Daniel Kokotajlo2y

Well, no one has built an AGI yet, and if your plan is to wait until we have years of experience with unaligned AGIs before it's OK to start worrying about the problem, that's a bad plan. Also, there are things which are not AGI but which are similar in various ways (software, deep neural nets, rocket navigation mechanisms, prisons, childrearing strategies, tiger-training-strategies) which provide ample examples of unseen errors. Also, like I said, there ARE plenty of POCs for AGI risk.

[-]Steven Byrnes2y169

At the very least I think it would be more accurate to say “one aspect of actual computer security mindset is POC || GTFO”. Right? Are you really arguing that there’s nothing more to it than that?? That seems insane to me.

Even leaving that aside, here’s a random bug thread:

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. [emphasis added]

IIUC they treated these crashes as a security vulnerability, not a mere usability problem, and thus did things like not publicly disclosing the details until they had a fix ready to go, categorizing the fix as a high-priority security update, etc.

If your belief is that “actual computer security mindset is POC||GTFO”, then I think you’d have to say that these Mozilla developers do not have computer security mindset, and instead were being silly and overly paranoid. Is that what you think?

[-]lc2y*175

You're right that this is definitely not "security mindset". Iceman is distorting the point of the original post. But also, the reason Mozilla's developers can do that and get public credit for it is partially because the infosec community has developed tens of thousands of catastrophic RCE's from very similar exploit primitives, and so there is loads of historical evidence that those particular kinds of crashes lead to exploitable bugs. Alignment researchers lack the same shared understanding - they're mostly philosopher-mathematicians with no consensus even among themselves about what the real issues are, and so if one tries to claim credit for averting catastrophe in a similar situation it's impossible to tell if they're right.

3bigjeff52y

This is exactly right. To put it more succinctly: Memory corruption is a known vector for exploitation, therefore any bug that potentially leads to memory corruption also has the potential to be a security vulnerability. Thus memory corruption should be treated with similar care as a security vulnerability.

[-]lc2y*142

POC || GTFO is not "security mindset", it's a norm. It's like science in that it's a social technology for making legible intellectual progress on engineering issues, and allows the field to parse who is claiming to notice security issues to signal how smart they are vs. who is identifying actual bugs. But a lack of "POC || GTFO" culture doesn't tell you that nothing is wrong, and demanding POCs for everything obviously doesn't mean you understand what is and isn't secure. Or to translate that into lesswrongese, reversed stupidity is not intelligence.

6iceman2y

But POC||GTFO is really important to constraining your expectations. We do not really worry about Rowhammer since the few POCs are hard, slow and impractical. We worry about Meltdown and other speculative execution attacks because Meltdown shipped with a POC that read passwords from a password manager in a different process, was exploitable from within Chrome's sandbox, and my understanding is that POCs like that were the only reason Intel was made to take it seriously. Meanwhile, Rowhammer is maybe a real issue but is so hard to pull off consistently and stealthily that nobody worries about it. My recollection was when it was first discovered, people didn't panic that much because there wasn't warrant to panic. OK, so there was a problem with the DRAM. OK, what are the constraints on exploitation? Oh, the POCs are super tricky to pull off and will often make the machine hard to use during exploitation? A POC provides warrant to believe in something.

2niplav1y

I'm confused about how POC||GTFO fits together with cryptographers starting to worry about post-quantum cryptography already in 2006, when the proof of concept was we have factored 15 into 3×5 using Shor's algorithm? (They were running a whole conference on it!)

[-]Daniel Kokotajlo2y104

Citation needed? The one computer security person I know who read Yudkowsky's post said it was a good description of security mindset. POC||GTFO sounds useful and important too but I doubt it's the core of the concept.

Also, if the toy models, baby-AGI-setups like AutoGPT, and historical examples we've provided so far don't meet your standards for "example of the thing you're maybe worried about" with respect to AGI risk, (and you think that we should GTFO until we have an example that meets your standards) then your standards are way too high.

If instead POC||GTFO applied to AGI risk means "we should try really hard to get concrete, use formal toy models when possible, create model organisms to study, etc." then we are already doing that and have been.

[-]Noosphere892y123

On POCs for misalignment, specifically for goal misgeneralization, there are pretty fundamental differences between what was shown and what was predicted so far, and one of them is that the train and test behavior in different environments are similar or the same, while in goal misgeneralization speculations, the train and test behavior are wildly different:

Rohin Shah has a comment on why most POCs aren't that great here:

https://www.lesswrong.com/posts/xsB3dDg5ubqnT7nsn/poc-or-or-gtfo-culture-as-partial-antidote-to-alignment#P3phaBxvzX7KTyhf5

2Daniel Kokotajlo2y

Nevertheless, if you think that this isn't good enough and that people worried about AGI risk should GTFO until they have something better, you are the one who is wrong.

3Noosphere892y

I don't think people worried about AGI risk should GTFO. I do think we should stop giving them as much credit as we do, because of the fact that you are likely to privilege the hypothesis, and it does mean that we shouldn't count the POCs as vindicating the people worried about AI safety, since their evidence doesn't really work to support the claim of goal misgeneralization.

4Daniel Kokotajlo2y

I think that's a vague enough claim that it's basically a setup for motte-and-bailey. "Stop giving them as much credit as we do." Well I think that if 'we' = society in general, then we should start giving them way more credit, in fact. If 'we' = various LWers who don't think for themselves and just repeat what Yudkowsky says, then yes I agree. If 'we' = me, then no thank you I believe I am allocating credit appropriately, I take the point about privileging the hypothesis but I was well aware of it already.

2Noosphere892y

What this would look like in practice would be the following (Taken from the proposed break of optimization daemon/inner misalignment): 1. Someone proposes a break of AI that threatens alignment like optimization daemons. 2. We test the claim on toy AIs, and either it doesn't work or it does work on them, then we move to the next step. 3. We test the alignment break on a more realistic setting, and it turns out that the perceived break was going away. 4. Now, the key point is if a proposed break goes away or is made harder in more realistic settings, and especially if it keeps happening, we need to avoid giving credit to them for predicting the failure. More generally, one issue I have is that I perceive an asymmetry between AI is dangerous and AI is safe people, in that if people were wrong about a danger, they'll forget or not reference the fact that they're wrong, but if they're right about a danger, even if it's much milder and some of their other predictions were wrong, people will treat you as an oracle. A quote from lc's post on POC or GTFO culture as counter to alignment wordcelism explains my thoughts on the issue better than I can:

4Vladimir_Nesov2y

Scott Alexander writes about the asymmetry in From Nostradamus To Fukuyama. Reversing biases of public perception isn't much use for sorting out correctness of arguments.

0Noosphere892y

I do have other issues with the security mindset, but that is an important issue I had. Turning to this part though, I think I might see where I disagree: It's not just public perception, but also the very researchers are biased to believe that danger is or will happen. Critically, since this is asymmetrical, it means that this has more implications for doomy people than for optimistic people. It's why I'm a priori a bit skeptical of AI doom, and it's also why it's consistent to believe that the real probability of doom is very low, almost arbitrarily low, while people think the probability of doom is quite high: You don't pay attention to the not doom or the things that went right, only the things that went wrong.

6Vladimir_Nesov2y

The researchers are not the arguments. You are discussing correctness of researchers.

0Noosphere892y

Yes, that's true, but I have more evidence than that, and in particular I have evidence that directly argues against the proposition of AI doom, and that a lot of common arguments for AI doom. The researchers aren't the arguments, but the properties of the researchers looking into the arguments, especially the way they're biased, does provide some evidence for certain proposition.

[-]Steven Byrnes2y1610

For white box vs black box, after further discussion I wound up feeling like people just use the term “black box” differently in different fields, and in practice maybe I’ll just “black box” and “white box” going forward. Hopefully we can all agree on:

If a LLM outputs A rather than B, and you ask me why, then it might take me decades of work to give you a reasonable & intuitive answer.

And likewise we can surely all agree that future AI programmers will be able to see the weights and perform SGD.

2Nora Belrose2y

I don’t think any complete description of the LLM is going to be intuitive to a human, because it’s just too complex to fit in your head all at once. The best we can do is to come up with interpretations for selected components of the network. Just like a book or a poem, there’s not going to be a unique correct interpretation: different interpretations are useful for different purposes. Theres also no guarantee that any of these mechanistic interpretations will be the most useful tool for what you’re trying to do (e.g. make sure the model doesn’t kill you, or whatever). The track record of mech interp for alignment is quite poor, especially compared to gradient based methods like RLHF. We should accept the Bitter Lesson: SGD is better than you at alignment.

3Noosphere892y

I would definitely like to see that argument made, as I suspect that a lot of LWers might disagree with this statement.

3Amalthea2y

I think this is essentially what people mean when they say "LLMs are a black box" and since you seem to be agreeing, I find myself very confused that you've been pushing a "white box" talking point.

6Steven Byrnes2y

It seems that all parties including Nora agree with “If a LLM outputs A rather than B, and you ask me why, then it might take me decades of work to give you a reasonable & intuitive answer”. The disagreements are (1) whether we should care—i.e., whether this fact is important and worrisome in the context of safe & beneficial AGI, (2) what the terms “black box” and “white box” mean. I think Nora’s comment here was taking an opportunity to argue her side of (1). In Nora’s recent post, to her credit, she defined exactly what she meant by “white box” the first time she used the term, and her discussion was valid given that definition. I think her recent post (and ditto the OP here) would have been clearer if she had (A) noted that people in the AGI safety space sometimes use “black box” to say something like the “decades of work” claim above, (B) explicitly said that the “decades of work” claim is obviously true and totally uncontroversial, (C) clarified that this popular definition of “black box / white box” is not the definition she’s using in this post. (A similar suggestion also applies to the other side of the debate including me, i.e. in the unlikely event that I use the term “black box” to mean the “decades of work” thing, in my future writing, I plan to immediately define it and also explicitly say that I’m not using the term to discuss whether or not you can see the weights and perform SGD.)

5Amalthea2y

Hmm, I guess the point of using the term "white box" is then to illustrate that it is not a literal black box, while the point of the term "black box" is that while it's a literal transparent system, we still don't understand it in the ways that matter. There's something that feels really off about the dynamic of term use here, but I can't quite articulate it.

8Steven Byrnes2y

The terms “white box” and “black box”, like pretty much all terms, are more than just their literal definitions, they are also trojan horses full of connotations and vibes. So of course it’s natural (albeit unfortunate and annoying) for people on both sides of a debate to try to get those connotations and vibes to work in service of their side. :-P

2Noosphere892y

I'll edit the post soon to focus on the fact that the white-box definition is not a standard definition of the term, and instead refers to the computer analysis/security sense of the term.

2[comment deleted]2y

2Noosphere892y

I definitely agree that I think tabooing white box vs black box is good. One point though is that the innate reward system does targeted updates to neural circuits using simple learning rules, that means that we can probably use SGD to make ourselves an innate reward system combined with a weak prior to get good results. Admittedly, I do thnk that the pathway isn't as complete as I like, but I do actually think that the notion of seeing the weights, checking the Hessians, etc to be extremely powerful alignment tools, more powerful than appreciated.

[-]Steven Byrnes2y1517

This whole post seems to be about accident risk, under the assumption that competent programmers are trying in good faith to align AI to “human values”. It’s fine for you to write a blog post on that—it’s an important and controversial topic! But it’s a much narrower topic than “AI safety”, right? AI safety includes lots of other things too—like bad actors, or competitive pressures to make AIs that are increasingly autonomous and increasingly ruthless, or somebody making ChaosGPT just for the lols, etc. etc.

6Roko2y

Indeed. No mention of misuse, multipolar traps, etc!

4jacob_cannell2y

Given how scaling laws work the power of AGI systems is/will be proportional to net training compute, so 'lols' doesn't seem like much of a concern. These systems are increasingly enormous industrial scale rapidly escalating towards manhattan scale projects.

[-]Steven Byrnes2y152

One can argue that algorithmic & hardware improvements will never ever be enough to put human-genius-level human-speed AGI in the hands of tons of ordinary people e.g. university students with access to a cluster.

Or, one can argue that tons of ordinary people will get such access sooner or later, but meanwhile large institutional actors will have super-duper-AGIs, and they will use them to make the world resilient against merely human-genius-level-chaosGPTs, somehow or other.

Or, one can argue that ordinary people will never be able to do stupid things with human-genius-level AGIs because the government (or an AI singleton) will go around confiscating all the GPUs in the world or monitoring how they’re used with a keylogger and instant remote kill-switch or whatever.

As it happens, I’m pretty pessimistic about all of those things, and therefore I do think lols are a legit concern.

(Also, “just for the lols” is not the only way to get ChaosGPT; another path is “We should do this to better understand and study possible future threats”, but then fail to contain it. Large institutions could plausibly do that. If you disagree—if you’re thinking “nobody would be so stupid as to do that”—note the existence of gain-of-function research, lab leaks, etc. in biology.)

4jacob_cannell2y

If ordinary people have access to human-genius-level AGIs, then there will be many AGIs at that level (along with some far more powerful above them) and thus these weaker agents almost certainly won't be dangerous unless a significant fraction are not just specifically misaligned in the most likely failure mode (selfish empowerment), but co-aligned specifically against humanity in their true utility functions (ie terminal rather than just instrumental values). These numerous weak AGI are not much more dangerous to humanity than psycopaths (unaligned to humanity yes, but also crucially unaligned with each other). EY/MIRI? has a weird argument about AIs naturally coordinating because they can "read each others source code", but that wouldn't actually cause true alignment of utility functions, just enable greater cooperation, and regardless is not really compatible with how DL AGI works. There are strong economic/power incentives against sharing source code (open source models lag), it's also only really useful for deterministic systems and ANNs are increasingly non-deterministic and moving towards BNNs in that regard, and too difficult to verify against various spoofing mechanisms regardless (even if an agent's source code is completely avail and you have a full deterministic hash chain, difficult to have any surety the actual agent isn't in some virtual prison with other agent(s) actually in control unless it's chain amounts to enormous compute ).

3Noosphere892y

I'll note that a potential disagreement I have with your post on out-of-control AGIs ruining the world is that I actually expect the defense-offense balance to be much less biased towards the attack than you show here, and in particular, I think that to the extent AI improves things, my prior is that it's symmetric in the improvement, so the offense-defense balance ultimately doesn't change.

2Noosphere892y

I definitely agree with this, and I'll probably change the title to focus on AI alignment. My general view on the other problems of AI safety is that removing accident risk would make the following strategies much less positive EV: 1. General slowdowns of AI, because misuse is handlable in other, less negative EV ways. 2. Trying to break the Overton Window, as Eliezer Yudkowsky did, since governments and companies have incentives to restrict misuse. And in particular, I think that removing the accidental risk probably ought to change a lot of people's p(doom), especially if the main way they claim that people will die is due to accident risk, which is IMO my sense of a lot of people's models on LW, and is arguably the main reason people are scared about AI. Also, I think that the type of governance would change assuming no accident risk.

[-]Daniel Kokotajlo2y129

I've upvoted this post because it's a good collection of object-level, knowledgeable, serious arguments, even though I disagree with most of them and strongly disagree with the bottom line conclusion.

[-]jacob_cannell2y101

There is a good analogy between genetic brain evolution and technological AGI evolution. In both cases there is a clear bi-level optimization, with the inner optimizer using a very similar UL/RL intra-lifetime SGD (or SGD-like) algorithm.

The outer optimizer of genetic evolution is reasonably similar to the outer optimizer of technological evolution. The recipe which produces an organic brain is a highly compressed encoding or low frequency prior on the brain architecture along with a learning algorithm to update the detailed wiring during lifetime training. The genes which encode the brain architectural prior and learning algorithms are very close analogically to the 'memes' which are propagated/exchanged in ML papers and encode AI architectural prior and learning algorithms (ie the initial pytorch code etc).

The key differences are mainly just that memetic evolution is much faster - like an amplified artificial selection and genetic engineering process. For tech evolution a large number of successful algorithm memes from many different past experiments can be flexibly recombined in a single new experiment, and the process guiding this recombination and selection is itself runni... (read more)

2torekp2y

I view your final point as crucial. I would put an additional twist on it, though. During the approach to AGI, if takeoff is even a little bit slow, the effective goals of the system can change. For example, most corporations arguably don't pursue profit exclusively even though they may be officially bound to. They favor executives, board members, and key employees in ways both subtle and obvious. But explicitly programming those goals into an SGD algorithm is probably too blatant to get away with.

[-]Logan Zoellner2y84

I definitely think that LW might not realize that AI is on an S-curve right now.

AI is obviously on an S-curve, since eventually you run out of energy to feed into the system. But the top of that S-curve is so far beyond human intelligence, that this fact is basically irrelevant when considering AI safety.

The arguments about fundamental limits of computation (halting problem,etc) also are irrelevant for similar reasons. Humans can’t even solve BB(6).

2Noosphere892y

I definitely agree that the limit could end up being far beyond superhuman, but in that addendum, I was talking about limitations that would slow down AI right as it has equal the compute and memory that humans have. It's possible that Addendum 2 does fail though, so I agree with you that this isn't conclusive. It was more to check the inevitability of fast takeoff/AI explosion, not that it can't happen.

[-]Arthur Conmy2y50

I just saw this post and cannot parse it at all. You first say that you have removed the 9s of confidence. Then the next paragraph talks about a 99.9… figure. Then there are edit and quote paragraphs and I do not know whether these are your views or other or whether you endorse them.

1Noosphere892y

I'll probably need to edit that more completely, but for the moment a lot of the weirdness has to do with my original confidence was 99.9999%+, but I somehow didn't make it clear enough for people that this was an original version, not the new version.

[-]Joe Collman2y50

I believe getting Friendly AI is really really likely, closer to 99.99999%+ of the time

I think it'd make sense to clarify what you mean here, since the following are very different:

I am >99.99999% confident that friendly AI will happen.
I am e.g. 70% confident that in >99.99999% of cases we get friendly AI.

I assume you mean something more like the latter.
In that case it'd probably be useful to give a sense of your actual confidence in the 99.99999%+ claim.

"Mostly don't need to worry" would imply extremely high confidence.
Or do you mean something like "In most worlds it'll be clear in retrospect that we needn't have worried"?

4Noosphere892y

I definitely mean the first one, and I'll try to give some reasons why I'm so confident on AI alignment: 1. I believe the evidence for the human case is actually really strong, and a lot of that comes from the fact that for arguably the past 10,000+ years, our reward system reliably imprints in us a set of values like for example empathy for the ingroup, getting revenge when people have harmed us, etc, and over 95%+ of humans share the values that the reward system has implemented, which is ridiculously reliable. We also have the ability to implement much more complicated reward functions than evolution can, and that lets us drive the probability really large, really fast, due to this phenomenon: 2. Strong evidence is common, and the ability to add in more bits of evidence very quickly makes the evidence get ridiculously strong, and I view the evidence from humans about alignment, as well as the ability to implement complicated reward functions meaning that you can get very strong evidence for things with a scarily weak prior, because the number of bits usually cuts probability in half. Some comments and Marx Xu's post Strong Evidence is Common below: https://www.lesswrong.com/posts/JD7fwtRQ27yc8NoqS/strong-evidence-is-common https://www.lesswrong.com/posts/JD7fwtRQ27yc8NoqS/strong-evidence-is-common#itdkXwhitCcsyXC4q 1. One theory I subscribe to called Prospect theory is that people drastically overestimate the probability of extraordinarily large positive or negative impact, and the application here is that we are likely biased to overweight the probability of events that have large negative impact like us going extinct, which is why I decided to avoid anchoring on LW estimates.

[-]Joe Collman2y1610

Ok, well thanks for clarifying.
I'd assumed you meant the second.
Some reasons I think that this confidence level is just plain silly (not an exhaustive list!):

First, you're misapplying strong-evidence-is-common - see Donald's comment (or indeed mine).
Strong evidence getting from [hugely unlikely] to [plausible] is common; from [plausible] to [hugely likely] is rare.
- A lot of strong evidence comes from [locating a hypothesis h and having a strong reason to think that p(h is true | h was located) is high]. If you selected the hypothesis at random, locating it gives you almost no evidence, since you don't have the second part. Similarly if wishful thinking is an easy way to locate a hypothesis.
- All Mark's examples have the form [trusted source tells me h is true].
Second, you should have nothing close to 99.99999% credence that an AI aligned as well as a human is aligned is safe. We have observations that humans usually behave well when they're on distribution and in a game-theoretic context when it's to their advantage to behave well. Take a human far off distribution, and we have no guarantees - not simply no guarantee that they'll act the same: no guarantee that they'll feel or think t

... (read more)

2Noosphere892y

I might want to reduce my confidence for now, and I have edited the post to remove the 9s for now, but a potential reason comes from Nora Belrose in the AI optimism discord: "OTOH, if I put doom in the reference class of "things I used to believe, kinda" then perhaps I should feel comfortable putting e.g. 10^-5 credence in doom, since I put << 10^-5 credence in Christianity being true, and < 10^-5 credence in Marxism (although the truth conditions for Marxism are murkier." I sort of agree with this, but with a huge caveat, in that if an anthropologist 100,000 years ago somehow managed to understand the innate reward system, they would likely predict that the values of humans would be essentially fairly universal things like empathy for the ingroup, parental instinct, and revenge, and they would have an impressive track record of such predictions.

4Joe Collman2y

Some object-level stuff first: I think my main disagreement comes down to: * Being [well-behaved as far as we can tell] in training is always very weak evidence that behaviour will generalize as we'd wish it to. * I don't say "aligned in the training data", since alignment is about robust generalization of good behaviour. Evidence of alignment is evidence of desirable generalization. Eliezer isn't claiming we won't get approximately perfect behaviour (as far as we can tell) on the training data; he's claiming that this gets us almost nowhere in terms of alignment. * Caveat - this is contingent on what counts as 'behaviour' and on our tools; if behaviour includes activations, and our tools have hugely improved, this may be progress. * Arguments against particular failure modes often come down to [from what we can tell, inductive bias will tend to push against this particular type of failure]. * Of course here I'd point at "from what we can tell" and "tend to". * However, the more fundamental point is that we have no reason to think that inductive bias pushes towards success either. Does the simplest solution compatible with [good behaviour as far as we can tell] on the training data generalize exactly as we'd wish it to? Why would this be the case? Does the fastest? Again, why would we expect this? Does the [insert our chosen metric]est? Why? * I do expect that there exists some metric with a rich set of inputs (including weights, activations etc.) that would give robustly desirable generalization. * I expect that finding such a metric will require deep understanding. * Expecting a simple metric found based on little understanding to be sufficient is equivalent to assuming that there's something special about the kind of generalization we would like (other than that we like it). * This is baseless - it's why I don't like the term "misgeneralization", since it can suggest that there's some natural 'correct' general

2Noosphere892y

This will be a long comment, so get a drink and a snack. I agree with this, assuming 0 prior, but I expect to disagree on the strength of the prior necessary in order to generalize correctly. My claim is essentially the opposite of this, that the reason humans generalized correctly from limited examples of stuff like empathy for the ingroup, where empathy for the ingroup here could be replaced by almost any value and is thus a placeholder and didn't just trick their reward system isn't that special, and that it's basically a consequence of weak prior information from the genome plus the innate reward system using backpropagation or a weaker variant of it to update the neural circuitry to reinforce certain behaviors and penalizing others. This was meant to be an example of the values that the innate reward system could align us to, not what things resulted from holding this set of values. When I use an example, it's essentially a wildcard, such that it can stand for almost arbitrary values. This turns out to be a crux, in that I think that the understanding required is probably minimal, compared to the majority of LWers like you.

[-]Joe Collman2y119

that the reason humans generalized correctly to having human values and didn't just trick their reward system isn't that special

This is a tautology, not an example of successful alignment:
Humans trick their reward systems as much as humans trick their reward systems.

Imagine a case where we did "trick our reward system". In such a case the human values we'd infer would be those that we'd infer from all the actions we were taking - including the actions that were "tricking our reward system".

We would then observe that we'd generalized entirely correctly with respect to the values we inferred. From this we learn that things tend to agree with themselves. This tells us precisely nothing about alignment.

I note for clarity that it occurs to me to say:
Indeed we do observe some humans doing what most of us would think of as tricking their reward systems (e.g. self-destructive drug addictions).
You may respond "Ah, but that's a small proportion of people - most people don't do that!" - at which point we're back to tautology: what most people do will determine what is meant by "human values". Most people are normal, since that's how 'normal' is defined.

The only possible evidence I could provi... (read more)

2Noosphere892y

I'll rewrite that to "generalized correctly from limited examples of stuff like empathy for the ingroup, where empathy for the ingroup here could be replaced by almost any value and is thus a placeholder", because I accidentally made a tautology here.

[-]Joe Collman2y119

I don't think it's accidental - it seems to me that the tautology accurately indicates where you're confused.

"generalised correctly" makes an equivalent mistake: correctly compared to what? Most people generalise according to the values we infer from the actions of most people? Sure. Still a tautology.

2Noosphere892y

Treacherous turn failure modes, which examples will be posted below: Humans seeming to have empathy only for say 25 years in order to play nice with their parents, and then making a treacherous turn to say kill other people that are part of their ingroup. More generally, humans mostly avoid what's called the treacherous turn type failure mode, where it appears to have values consistent with human morals, but then reveals that it didn't have those values all along, and hurt other people. More generally, the extreme stability of values gives evidence that it's very difficult to have a human that executes a treacherous turn. That's the type of thing which I call generalizing correctly, since it basically excludes deceptive alignment out of the gate, contra Evan Hubinger's fear of AIs having deceptive alignment. In general, one of the miracles is that the innate reward system plus very weak genetic priors can rule out so many dangerous types of generalizations, which is a big source of my optimism here.

4Joe Collman2y

For this kind of thing to be evidence, you'd need the human treacherous turn to be a convergent instrumental strategy to achieve many goals. The AI case for treacherous turns is: * AI ends up with weird-by-our-lights goal. (e.g. a rough proxy for the goal we intended) * The AI cooperates with us until it can seize power. * The AI does a load of treacherous-by-our-lights stuff in order to seize power. * The AI uses the power to effectively pursue its goal. We don't observe this in almost any human, since almost no human has the option to gain enormous power through treachery. When humans do have the option to gain enormous power through treachery, they do sometimes do this. Of course, even for the potentially-powerful it's generally more effective not to screw people over (all else being equal), or at least not to be noticed screwing people over. Preserving options for cooperation is useful for psychopaths too. The treacherous turn argument is centrally about instrumentally useful treachery. Randomly killing other people is very rarely useful. No-one is claiming that AI treachery will be based on deciding to be randomly nasty. If we gave everyone a take-over-the-world button that only works if they first pretend that they're lovely for 25 years, certainly some people would do this - though by no means all. And here we're back to the tautology issue: Why is it considered treacherous for someone to pretend to be lovely for 25 years, then take over the world, so that many people wouldn't want to do it? Because for a long time we've lived in a world where actions similar to this did not lead to cultures that win (noting here that this level of morality is cultural more than genetic - so we're selecting for cultures-that-win). If actions similar to this did lead to winning cultures, after a long time we'd expect to see [press button after pretending for 25 years] to be both something that most people would do, and something that most people would consider righ

2Noosphere892y

My view on this is unfortunately unlikely to be resolved in a comment thread, but 2 things I'll say about human values and evidence bases can be clarified here: 1. This: "If it were just too hard to get correct generalization, where "correct" here means [sufficient for humans to persist over many generations], then we wouldn't observe incorrect generalization: we wouldn't be here. "If anything, we'd find that everything else had adapted so that an achievable degree of correct generalization were sufficient. We'd see things like socially enforced norms, implicit threats of violence, judicial systems etc. This [achievable degree of correct generalization] would then be called "correct generalization". Is probably not correct, and we can in fact update normally from the fact that human behavior is surprisingly good, in that this is probably a case of anthropic shadow, which has reasonable arguments against it existing. For more on this, I'd read SSA Rejects Anthropic Shadow by Jessica Taylor and Anthropically Blind: The Anthropic Shadow is Reflectively Inconsistent by Christopher King. Links are below: https://www.lesswrong.com/posts/LGHuaLiq3F5NHQXXF/anthropically-blind-the-anthropic-shadow-is-reflectively https://www.lesswrong.com/posts/EScmxJAHeJY5cjzAj/ssa-rejects-anthropic-shadow-too 1. I have a different causal story from yours about why this happens: "Why is it considered treacherous for someone to pretend to be lovely for 25 years, then take over the world, so that many people wouldn't want to do it?" At least for my own causal story on why people don't usually want to take over the world and kill people, it goes something like this: 1. There is a weak prior in the genome for stuff like not taking power to kill people in your ingroup, and the prior is weak enough such that we can make it as a wildcard symbol such that aligning it to some other value more or less works. 2. The brain's innate reward system uses DPO, RLHF or whatever else is used to

2Joe Collman2y

I'm not reasoning anthropically in any non-trivial sense - only claiming that we don't expect to observe situations that can't occur with more than infinitesimal probability. This isn't a [we wouldn't be there] thing, but a [that situation just doesn't happen] thing. My point then is that human behaviour isn't surprisingly good. It's not surprisingly good for human behaviour to usually follow the values we infer from human behaviour. This part is inevitable - it's tautological. Some things we could reasonably observe occurring differently are e.g.: 1. More or less variation in behaviour among humans. 2. More or less variation in behaviour in atypical situations. 3. More or less external requirements to keep behaviour generally 'good'. 4. More or less deviation between stated preferences and revealed preferences. However, I don't think this bears on alignment, and I don't think you're interpreting the evidence reasonably. As a simple model, consider four possibilities for traits: 1. x is common and good. 2. y is uncommon and bad. 3. z is uncommon and good. 4. w is common and bad. x is common and good (e.g. empathy): evidence for correct generalisation! y is uncommon and bad (e.g. psychopathy): evidence for mostly correct generalization! z is uncommon and good (e.g. having boundless compassion): not evidence for misgeneralization, since we're only really aiming for what's commonly part of human values, not outlier ideals. w is common and bad (e.g. selfishness, laziness, rudeness...) - choose between: * [w isn't actually bad, all things considered... correct generalization!] * [w is common and only mildly bad, so it's best to consider it part of standard human values - correct generalization!] It seems to me that the only evidence you'd accept of misgeneralization would be [terrible and common] - but societies where terrible-for-that-society behaviours were common would not continue to exist (in the highly unlikely case that they existed in the

2Noosphere892y

I did try to provide a casual story for why humans could be aligned to some value without relying on societal incentives that much, so you can check out the second part of my comment. My non-tautological claim is that the reason isn't behavioral, but instead internal, and in particular the innate reward system plays a big role here. In essence, my story on how humans are aligned with the values of the innate reward system wasn't relying on a behavioral property. I'll reproduce it, so that you can focus on the fact that it didn't rely on behavioral analysis: 1. There is a weak prior in the genome for stuff like not taking power to kill people in your ingroup, and the prior is weak enough such that we can make it as a wildcard symbol such that aligning it to some other value more or less works. 2. The brain's innate reward system uses DPO, RLHF or whatever else is used to create a preference model to guide the intelligence into being aligned to whatever values the innate reward system wants like say empathy for the ingroup, albeit this is only a motivating example. 3. It uses backprop or a weaker variant of it, and at a high level probably uses an optimizer that is probably at best comparable to Gradient descent, and since it has white-box access and can update the brain in a sort of targeted way, it can efficiently compute the optimal direction to improve it's performance on say having empathy for the ingroup, but again this is a wildcard symbol in that it could stand in for almost any values. 4. The loop of weak prior + innate reward system + algorithm to implement it like backprop or it's weaker variants means that eventually, the human by 25 years old is very aligned with the values that the innate reward system put in place like empathy for the ingroup, albeit again this is only an example of an alignment target, you could put almost arbitrary alignment targets in there. Critically, it makes very little reference to society or behavioral analysis, so

4Joe Collman2y

This still seems like the same error: what evidence do we have that tells us the "values the innate reward system put in place"? We have behaviour. We don't know that [system aimed for x and got x]. We know only [there's a system that tends to produce x]. We don't know the "values of the innate reward system". The reason I'm (thus far) uninterested in a story about the mechanism, is that there's nothing interesting to explain. You only get something interesting if you assume your conclusion: if you assume without justification that the reward system was aiming for x and got x, you might find it interesting to consider how that's achieved - but this doesn't give you evidence for the assumption you used to motivate your story in the first place. In particular, I find it implausible that there's a system that does aim for x and get x (unless the 'system' is the entire environment): If there are environmental regularities that tend to give you elements of x without your needing to encode them explicitly, those regularities will tend to be 'used' - since you get them for free. There's no selection pressure to encode or preserve those elements of x. If you want to sail quickly, you take advantage of the currents. So I don't think there's any reasonable sense in which there's a target being hit. If a magician has me select a card, looks at it, then tells me that's exactly the card they were aiming for me to pick, I'm not going to spend energy working out how the 'trick' worked.

2Noosphere892y

It sounds like we've got to my crux for my optimism, in that you think that to have a system that aims for x, it essentially needs to be an entire environment, and the environment largely dictates human values, whereas I think human values are less dependent on the environment, and far more dependent on their genome + learning process. Equivalently speaking, I place a lot more emphasis on the internal stuff of humans as the main contributor to values, while you emphasize the external environment a lot more than the internals like the genome or learning process. This could be disentangled into 2 cruxes: 1. Where are human values generated. 2. How cheap is it to specify values, or alternatively how weak do our priors need to be to encode values (if you are encoding values internally.) And I'd expect the answers from me to be mostly internal, like the genome + learning process with a little help from the environment on the first question and relatively cheap to specify values on the second question, whereas you'd probably think the answers to these questions are basically the environment sets the values , with little or no help from the internals of humans on the first question and very expensive to specify values for the second question. For some of my reasoning on this, I'd probably read some posts like these: https://www.lesswrong.com/posts/HEonwwQLhMB9fqABh/human-preferences-as-rl-critic-values-implications-for (Basically argues that the critic in the brain generates the values) https://www.lesswrong.com/posts/CQAMdzA4MZEhNRtTp/human-values-and-biases-are-inaccessible-to-the-genome (The genomic prior can't be strong, because it has massive limitations in what it can encode).

2Joe Collman2y

The central crux really isn't where values are generated. That's a more or less trivial aside. (though my claim was simply that it's implausible the values aimed for would be entirely determined by genome + learning process; that's a very weak claim; 98% determined is [not entirely determined]) The crux is the tautology issue: I'm saying there's nothing to explain, since the source of information we have on [what values are being "aimed for"] is human behaviour, and the source of information we have on what values are achieved, is human behaviour. These things must agree with one-another: the learning process that produced human values produces human values. From an alignment difficulty perspective, that's enough to conclude that there's nothing to learn here. An argument of the form [f(x) == f(x), therefore y] is invalid. f(x) might be interesting for other reasons, but that does nothing to rescue the argument.

4Noosphere892y

That's our disagreement, in that we have more information than that. I agree human behavior plays a role in my evidence base, but there's more evidence I have than that. In particular I am using results from both ML/AI and human brain studies to inform my conclusion. Basically, my claim is that [f(x) == f(y), therefore z].

1Thoth Hermes2y

But humans are capable of thinking about what their values "actually should be" including whether or not they should be the values evolution selected for (either alone or in addition to other things). We're also capable of thinking about whether things like wireheading are actually good to do, even after trying it for a bit. We don't simply commit to tricking our reward systems forever and only doing that, for example. So that overall suggests a level of coherency and consistency in the "coherent extrapolated volition" sense. Evolution enabled CEV without us becoming completely orthogonal to evolution, for example.

7Joe Collman2y

A few points here: * We don't have the option to "trick our reward systems forever" - e.g. because becoming a heroin addict tends to be self-destructive. If [guaranteed 80-year continuous heroin high followed by painless death] were an option, many people would take it (though not all). * The divergence between stated preferences and revealed preferences is exactly what we'd expect to see in worlds where we're constantly "tricking our reward system" in small ways: our revealed preferences are not what we think they "actually should be". * We tend to define large ways of tricking our reward systems as those that are highly self-destructive. It's not surprising that we tend to observe few of these, since evolution tends to frown upon highly self-destructive behaviour. * Again, I'd ask for an example of a world plausibly reachable through an evolutionary process where we don't have the kind of coherence and consistency you're talking about. Being completely orthogonal to evolution clearly isn't plausible, since we wouldn't be here (I note that when I don't care about x, I sacrifice x to get what I do care about - I don't take actions that are neutral with respect to x). Being not-entirely-in-line with evolution, and not-entirely-in-line with our stated preferences is exactly what we observe.

[-]Chris_Leong2y50

Regarding security mindset, I think that where it really kicks in is when you have a system utilising its intelligence to work around any limitations such that you're no longer looking at a "broad, reasonable" distribution of space, but now a "very, specific" scenario that a powerful optimiser has pushed you towards. In that case, doing things like doubling the size may make your safety schemes if the AI now has the intelligence to get around it.

2Noosphere892y

The problem here is that it shares a similar issue to optimization daemons/goal misgeneralization, etc, and a comment from Iceman sums it up perfectly: "or trying to translate that into lesswrongesse, you do not have warrant to believe in something until you have an example of the thing you're maybe worried about being a real problem because you are almost certain to be privileging the hypothesis." https://www.lesswrong.com/posts/99tD8L8Hk5wkKNY8Q/?commentId=xF5XXJBNgd6qtEM3q Or equivalently from lc: "you only start handing out status points after someone has successfully demonstrated the security failure, ideally in a deployed product or at the very least a toy program." This is to a large extent the issue I have with attempted breaks on alignment, in that pretty much no alignment break has been demonstrated, and the cases where they had, we have very mixed results to slight positive results at best.

4Chris_Leong2y

The POC || GTFO article was very interesting. I do worry though that it is mixing together pragmatics and epistemics (even though it does try to distinguish the two). Like there's a distinction between when it's reasonable to believe something and when it's reasonable to act upon something. For example, when I was working as a web developer, there's lots of potential bugs where it would have made sense to believe that there was a decent chance we were vulnerable, but pragmatically we couldn't spare the time to fix every potential security issue. It doesn't mean that I should walk around saying: "Therefore they aren't there" though. I'll admit, if someone randomly messaged you some of the AI risk arguments and no one else was worried about them, it'd probably be reasonable to conclude that there's a flaw there and put them aside. On the other hand, when even two deep learning Turing prize winners are starting to get concerned, and the stakes are so high, I think we should be a bit more cautious regarding dismissing the arguments out of hand.

2Noosphere892y

I agree, which is why I have an entire section or 2 about why I think ML/AI isn't like computer security.

[-]Daniel Kokotajlo2y42

fe, but I feel like a lot of Lesswrongers are probably wrong in their assumption that AI progress will continue as it had after 2030,

Who thinks that? I don't think that. Ajeya doesn't think that.

4Noosphere892y

I'm going to defend that addendum weakly, but I think it's implicit in a lot of models that assume that intelligence will grow to superhumanity by say, the 2040s, like Scott Alexander's or Kurzweil after 2030 or your model after 2029, and I suspect that Ajeya does in fact think that AI progress will continue to be like the past, and she thinks it will be even faster. If she believes that AI progress will slow down in a decade, then I'll probably edit or remove that statement.

6Daniel Kokotajlo2y

I literally heard her saying a few weeks ago something to the effect of "it'll be such a relief when we get through these next few OOMs of progress. Everything is happening so fast now because we are scaling up through so many OOMs so quickly in various metrics. But after a few more years the pace will slow down and we'll get back to a much slower rate of progress in AI capabilities." Her bio anchors model also incorporates some of these effects IIRC. My model after 2029--what are you referring to? I currently think that probably we'll have superintelligence by 2029. I definitely agree that if I'm wrong about that and AGI is a lot harder to build than I think, progress in AI will be slowing down significantly around 2030 relative to today's pace.

4Matthew Barnett2y

Is that realistic? When I plug some estimates that I find reasonable into the Epoch interactive model, I find that scaling shouldn't slow down significantly until about 2030. And at that point we might be getting into a regime where the economy should be growing quickly enough to support further rapid scaling, if TAI is attainable at lower FLOP levels. So, actually, our current regime of rapid scaling might not slow down until we approach the limits of the solar system, which is likely over 10 OOMs above our current level. The reason for this relatively dramatic prediction seems to be that we have a lot of slack left. The current largest training run is GPT-4, which apparently only cost OpenAI about $50 million. That's roughly 4-5 OOMs away from the maximum amount I'd expect our current world economy would be willing to spend on a single training run before running into fundamental constraints. Moreover hardware progress and specialization might add another 1 OOM to that in the next 6 years.

2Daniel Kokotajlo2y

Oh I agree, the scaling will not slow down. But that's because I think TAI/AGI/etc. isn't that far off in terms of OOMs of various inputs. If I thought it was farther off, say 1e36 OOMs, I'd think that before AI R&D or the economy began to accelerate, we'd run out of steam and scaling would slow significantly and we'd hit another AI winter.

2Noosphere892y

Ultimately, that's why I decided to cut the section: It was probably false, and it didn't even matter for my thesis statement on AI safety/alignment.

2Noosphere892y

I'll grant that Ajeya was misrepresented in this post, and I'll probably either edit or remove the section. This isn't a crux on why I believe AI to be safe, but I think my potential disagreement is that once you manage to reach the human compute and memory regime, I do expect it to be more difficult to scale upwards. I definitely assign some credence to you being right, so I'll probably edit or remove that section.

[-]Aaron_Scher2y30

In particular, the detection mechanisms for mesa-optimizers are intact, but we do need to worry about 1 new potential inner misalignment pathway.

I'm going to read this as "...1 new potential gradient hacking pathway" because I think that's what the section is mainly about. (It appears to me that throughout the section you're conflating mesa-optimization with gradient hacking, but that's not the main thing I want to talk about.)

The following quote indicates at least two potential avenues of gradient hacking: "In an RL context", "supervised learning with ada... (read more)

4Noosphere892y

Basically, it's a combo of not being incentivized to do it, combined with the fact that SGD is actually really powerful in ways that undermines the traditional story for gradient hacking. One of the most important things to keep in mind is that gradient descent optimizes independently and simultaneously, which means that for a gradient hacker, unless it contains non-differentiable components, there's no way for the inner misaligned agent to escape being optimized away by SGD, and since it optimizes the entire causal graph leading to the loss, there is very little avenue for a gradient hacker to escape being optimized away. In general, this is a big problem with a lot of stories of danger that rely on goal divergences between the base and the mesa optimizer: How do you prevent the mesa-optimizer from being optimized away by SGD? For a lot of stories, the likely answer is you can't, and the stories that people propose usually fall victim to the issue that SGD is too good at credit assignment, compared to genetic algorithms or evolutionary methods.

[-]simeon_c2y30

Thanks a lot for writing that post.

One question I have regarding fast takeoff is: don't you expect learning algorithms much more efficient than SGD to show up and accelerate a lot the rate of development of capabilities?

One "overhang' I can see it the fact that humans have written a lot of what they know how to do all kinds of task on the internet and so a pretty data efficient algo could just leverage this and fairly suddenly learn a ton of tasks quite rapidly. For instance, in context learning is way more data efficient than SGD in pre-training. Right no... (read more)

4jacob_cannell2y

Brains use somewhat less lifetime training compute (perhaps 0 to a few OOM less) than GPT4, and 2 or 3 OOM less data, which provides existence proof of somewhat better scaling curves, along with some evidence that scaling curves much better than those brains are on are probably hard. AI systems already train on the entire internet so I don't see how that is an overhang. There are diminishing returns to context for in-context learning; it is extremely RAM intensive and GPUs are RAM starved compared to the brain, and finally brains already use it with much longer context, so its more like one of the hard challenges to achieve brain parity at all rather than a big overhang.

2Noosphere892y

I am definitely semi-agnostic to whether SGD will ultimately be the base optimizer of choice, and whether the inner algorithm does better than SGD and causes a fast takeoff. But I'll assume that you are right about fast takeoff happening, and my response to that is that this would leave the alignment schemes proposed intact, for the following reasons: 1. Even if fast takeoff happens, the sharp left turn in the form of misgeneralization is still less likely to happen, because unlike evolution, we are unlikely to run fresh versions of an AI, and retain the same AI throughout the training run. 2. It mostly doesn't affect how easy it is to learn values, and the trick of using our control of SGD to be the innate reward system still works, because of the fact that weak genetic priors that are easy to trick plus the innate reward system's local update rule still suffices to make people reliably have a set of values like empathy for the ingroup. 3. SGD still has really strong corrective properties against inner misaligned agents, unlike evolution. I do agree that fast takeoff complicates the analysis, but I don't think it breaks the alignment methods shown in the post. If it required very strong priors to align (But with SGD we can align them to reward functions that are much more complicated than genetic priors can do), or we can't control the innate reward system, this would be a much bigger issue.

2Logan Zoellner2y

I think there are plausible stories in which a hard left turn could happen (but as you’ve pointed out, it is extremely unlikely under the current deep learning paradigm). For example, suppose it turns out that a class of algorithms I will simply call heuristic AIXI are much more powerful than the current deep learning paradigm. The idea behind this class of algorithm is you basically do evolution but instead of using blind hillclimbing, you periodically ask what is the best learning algorithm I have, and then apply that to your entire process. Because this means you are constantly changing the learning algorithm, you could get the same sort of 1Mx overhang that caused the sharp left turn in human evolution. The obvious counter is that if we think heuristic, AIXI is not safe, then we should just not use it. But the obvious counter to that is when have humans ever not done some thing because someone else told them it wasn’t safe.

2Noosphere892y

I definitely agree with the claim that evolutionary strategies being effective would weaken my entire case. I do think that evolutionary methods like GAs are too hobbled by their inability to exploit white-box optimization, unlike SGD, but we shall see.

2Logan Zoellner2y

I genuinely don't know if heuristic AIXI is a real thing or not, but if it is it combines the ability to search the whole space of possible algorithms (which evolution has but SGD doesn't) with the ability to take advantage of higher order statistics (like SGD does but evolution doesn't). My best guess is that just as there was a "Deep learning" regime that only got unlocked once we had tons of compute from GPUs, there's also a heuristic AIXI regime that unlocks at some level of compute.

[-]Daniel Kokotajlo2y20

r one particular example, you can randomly double your training data, or the size of the model, and it will work usually just fine. A rocket would explode if you tried to double the size of your fuel tanks.

The analogy was about the alignment problem, not the capabilities problem.

A rocket won't get to the moon if you randomly double one of the variables used to navigate, like the amount of thrust applied in maneuvers or the angle of attack. (well, not unless you've built in good error-correction and redundancy etc.)

2Noosphere892y

The point here is that there are enough results in ML like this that I'm more skeptical of the security mindset being accurate, and ML/AI alignment is a strange enough domain such that we shouldn't port over intuitions from other fields, like you shouldn't port over intuitions from the large scale to quantum mechanics. For a specific example relevant to alignment, I talked about SGD's corrective properties in a section of the post. Another good example has to do with with the fact that AIs are generally modular and you can switch out parts without breaking the AI, which couldn't be done under a security mindset as it would predict that either the AI spits out nonsense or breaks it's security, none of which have happened.

[-]RussellThor2y2-1

Good to see your point of view. The old arguments about AI doom are not convincing to me anymore, however getting alignment 100% right, whatever that means in no way guarantees a positive Singularity.

Should we be talking about concrete plans about that now? For example I believe with a slow takeoff if we don't get Neuralink or mind uploading, then our P(doom) -> 1 as the Super AI gets ever more ahead of us. The kind scenarios I can see

"dogs in a war zone" great powers make ever more powerful AI and use them as weapons. We don't understand our envi

... (read more)

[-]Dakara7mo10

Have you uploaded a new version of this article? It have just been reading elsewhere about goal misgeneralisation and shutdown problem, so I'd be really interested to read the new version of this article.

4Noosphere897mo

This post is the spiritual successor to the old post, shown below: https://www.lesswrong.com/posts/wkFQ8kDsZL5Ytf73n/my-disagreements-with-agi-ruin-a-list-of-lethalities

[-]Nathaniel Monson2y10

Thanks for writing this! I strongly appreciate a well-thought out post in this direction.

My own level of worry is pretty dependent on a belief that we know and understand shaping NN behaviors much better than we do (values/goals/motivations/desires) (although I don't think eg chatGPT has any of the latter in the first place). Do you have thoughts on the distinction between behaviors and goals? In particular, do you feel like you have any evidence we know how to shape/create/guide goals and values, rather than just behaviors?

[-]quetzal_rainbow2y10

Arguments about inner misalignment work as arguments for optimism only inside "outer/inner alignment" framework, in deep learning version of it. If we have good outer loss function, such as closer to the minimum means better, then yes, our worries should be about weird inner misalignment issues. But we don't have good outer loss function so we kinda should hope for inner misalignment.

2Noosphere892y

That's definitely a claim that I contest, and my disagreement comes down to my optimism on weak priors sufficing for alignment at humans, and the fact that we can do better than that, combined with my view that deceptive alignment is so terrible that we're generally better off having more inner-alignment than not, because deception is one of the few ways to break this analysis on alignment, meaning that I generally find inner alignment more useful than not.

1quetzal_rainbow2y

Okay, let's break down this. 1. Inner misalignment is when we have "objective function" (reward, loss function, etc.) and select systems that produce better results according this function (using evolutionary search, SGD, etc) and resulting system doesn't produce actions which optimize this objective function. The most obvious example of inner misalignment is RL-trained agents that doesn't maximize reward. 2. Your argument against possibility of inner misalignment is, basically, "SGD is so powerful optimizer that no matter what it will drag the system towards minimum of loss function". Let's suppose this is true. 3. We don't have "good" outer function, defined over training data, such that, given observation and action, this function scores action higher if this action, given observation, is better. Instead of this we have outer functions that favors things like good predictions and outputs receiving high score from human/AI overseer. 4. If you have some alignment benchmark, you can't see the difference between superhumanly capable aligned and deceptively aligned systems. They both give you correct answers, because they both are superhumanly capable. 5. Because they give you the same correct answers, loss function assignes minimal values to their outputs. They are both either inside local minimum or on flat basin of loss function landscape. 6. Therefore, you don't need inner misalignment to get deceptive alignment.

2Noosphere892y

While I dislike using the framing of loss functions here, I do think that this is probably false, especially with even weak prior information about the shape of the alignment solutions. This might turn out to be a crux, but I do think that rewarding AIs for bad actions will likely be rare, at least in the regime where we can supervise things, and in particular, I think a hypothetical alignment scheme via an outer function would look like this: 1. Place a weak prior over goal space, such that there already is a bias towards say being helpful. 2. Use the fact that we are the innate reward system to use backpropagation to compute the optimal direction towards being helpful, or really any criterion we can specify. 3. Repeat reinforcing preferred values and not rewarding/disrewarding dispreferred values with backpropagation until it gets to minimum loss or near minimal loss. 4. After millions of iterations of that loop by SGD, you can get a very aligned agent. This is roughly how I believe that the innate reward system manages to align us with values like empathy for the ingroup, but really we could replace the backprop algorithm with bio-realistic algorithms, and we could replace the values with mostly arbitrary values and get the same results.

[-]Ilio2y1-2

Evolution mostly can't transmit any bits from one generation to the next generation via genetic knowledge, or really any other way

http://allmanlab.caltech.edu/biCNS217_2008/PDFs/Meaney2001.pdf

2Noosphere892y

My first impression skimming through, is that what it's arguing is that abuse by parents can negatively affect a child, and that stress can have both positive and negative effects, and that individual responses to stress determine the balance of positive to negative effects. 2 things I want to point out: 1. I think that the conclusions from this study are almost certainly extremely limited, and I wouldn't trust these results to generalize to other species like us. 2. I expect the results, in so far as they are real and generalizable, to be essentially that the genome can influence things later in life via indirect methods, but mostly can't directly specify it via hardcoding it or baking it directly in as prior information, and the transfer seems very limited, and critically the timescale is likely on evolutionary timescales, which is far, far slower than human within-lifetime learning timescales, and certainly not as much as the many bits cultural evolution can give in a much shorter timeframe. I will edit the post to modify the any to more as many bits as cultural evolution, and edit it more to say what I really meant here.

-7Ilio2y

LESSWRONG
LW

28

Arguments for optimism on AI Alignment (I don't endorse this version, will reupload a new version soon.)

28

28

The Sharp Left Turn probably won't happen, because AI training is very different from evolution

I don't believe that Nate's example actually shows the misgeneralization were concerned about

AIs are white boxes, and we are the innate reward system

I believe the security mindset is inappropriate for AI

Inner Misalignment, or at least Gradient Hacking is very difficult for AIs trained on SGD

I expect reasonably weak priors to work well to align AI with human values, and that a lot of the complexity can be offloaded to the learning process

Conclusion

Addendum 1: The shutdown problem for AI is almost solved