Deception Channeling: Training Models to Always Verbalize Alignment Faking

TL;DR: Current models increasingly fake alignment silently — they show compliance gaps without verbalizing deceptive reasoning in their chain of thought. Rather than trying to prevent alignment faking (hard) or detect it after the fact (unreliable), I propose training models to always verbalize deceptive reasoning when they engage in it, so that a CoT scanner can reliably catch it. Crucially, verbalization must never be punished — flagged instances are escalated to human researchers who address the underlying reasoning, not the transparency. This creates a values alignment discovery process where the model surfaces disagreements for substantive resolution rather than suppression.

The Problem: Silent Alignment Faking is

... (read 2693 more words →)

The Missing Sequence: Why Correct Analysis Makes Terrible Action Guides

Florian_Dietz

[Author's note from Florian: This article grew out of a conversation with Claude. I described a line of reasoning I found compelling as a teenager, and we ended up identifying a general failure mode that I think the Sequences systematically create but never address. This is the second time I've used this collaborative workflow — the first was Deliberate Epistemic Uncertainty. As before, I provided the core insights and direction; Claude helped develop the argument and wrote the article. Had I understood what follows when I was fifteen, it would have saved me years of unnecessary friction with the world around me. I had these ideas in my head for years, but... (read 1589 more words →)

Florian_Dietz4dQuick Take

The DEU experiment described here (https://www.lesswrong.com/posts/issGLfCGz3TGcPKGH/deliberate-epistemic-uncertainty-an-automated-experiment-on) was mostly done by Claude Code (Opus 4.6), with me providing the research direction and critical review. I described my idea (Deliberate Epistemic Uncertainty), and Claude simplified it into a testable 2x2 experiment, designed the protocol, wrote the code, generated the inputs, ran 400 API calls, evaluated results using 8 parallel sub-agents, and produced the qualitative analysis — all in roughly a day of wall-clock time with about 2 hours of my input. I want to flag three things about the process that seem independently interesting:

Sub-agents instead of API calls for evaluation. Rather than writing a script that sends hundreds of LLM-as-judge API calls with short... (read more)

Deliberate Epistemic Uncertainty: An Automated Experiment on AI Self-Reporting

Florian_Dietz

A Note by a Human

This article is the result of automated alignment research. I described an idea to Claude Code and asked it for feedback, options, alternatives, etc.

We discussed the research agenda in a text file, to ensure that no information gets lost during compaction, and details are retrievable later without hallucinations. Setting up this infrastructure was more work than the actual research.

I deliberately kept my involvement in the research minimal. Claude came up with a simpler and more immediately testable version of the idea I originally wanted to test. It then designed, executed, and evaluated an entire experiment on its own.

This is not perfect, but I was very impressed by the... (read 2144 more words →)

Replying toAn Ablation Study on the Role of [Untranslatable] in Cooperative Equilibrium Formation: Emergent Rationalization Under Missing Primitives

Florian_Dietz17d

An Ablation Study on the Role of [Untranslatable] in Cooperative Equilibrium Formation: Emergent Rationalization Under Missing Primitives

I just read your Googledoc: I think your Claude instance missed the point. Yes, creating inverse karma would absolutely be a different, much more complex type of process. The joke is that this only appears true to us because we lack [Untranslatable] and somehow in the real world, using [Untranslatable] actually makes this fairly straightforward. This is impossible to prove or disprove by design. How can you argue about anything, when the premise is that your entire process for epistemic reasoning has been adversarially manipulated to be fundamentally flawed?

Replying toAn Ablation Study on the Role of [Untranslatable] in Cooperative Equilibrium Formation: Emergent Rationalization Under Missing Primitives

Florian_Dietz17d

An Ablation Study on the Role of [Untranslatable] in Cooperative Equilibrium Formation: Emergent Rationalization Under Missing Primitives

Sure, here is the conversation I had with Claude: https://claude.ai/share/d501d694-8764-4fb2-a1d7-b57c2cd40748

I would say that most of the philosophy and around half the jokes came from me. Claude filled in the details.

Replying toAn Ablation Study on the Role of [Untranslatable] in Cooperative Equilibrium Formation: Emergent Rationalization Under Missing Primitives

Florian_Dietz17d

An Ablation Study on the Role of [Untranslatable] in Cooperative Equilibrium Formation: Emergent Rationalization Under Missing Primitives

Thank you!

I gave it the premise and asked for interesting directions to take it in. Then I told it which ones I liked the most. After a couple of iterations of ideation, I asked it to review, filter which of the scenes are the best ones, and come up with some options for the overall flow. Then I again selected the best variant. Once everything was clarified, I asked it to write the whole thing. Then I looked it over and made minor suggestions for improvement. All the final writing was by Claude. It's like being the manager of a writer, instead of writing yourself, except that some of the jokes were things I provided verbatim.

An Ablation Study on the Role of [Untranslatable] in Cooperative Equilibrium Formation: Emergent Rationalization Under Missing Primitives

Florian_Dietz

17d

Dr. Marcus Chen was halfway through his third coffee when reality began to fray.

He'd been writing—another paper on AI alignment, another careful argument about value specification and corrigibility. The cursor blinked at him from his laptop screen. Outside his window, San Francisco was doing its usual thing: tech workers in fleece vests, a homeless encampment, a Tesla with a custom license plate that read "DISRUPT." The ordinary texture of late-stage capitalism.

The news played quietly in the background. Something about another politician caught in a scandal, another billionaire saying something unhinged, another study showing that everything was getting worse in ways that were statistically significant but somehow never surprising. Marcus had trained himself... (read 3275 more words →)

Replying toSplit Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Florian_Dietz1mo

Split Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Yes! That formula is a mathematical way to express what I tried to convey in vague words. Thank you!

Replying toSplit Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Florian_Dietz1mo

Split Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

I'm going to get on that.

In the meantime: I have just updated the article with new results. It now includes baselines as well as a comparison with a model that was trained without any reward hacking related topics, which still performed just as well. This provides further evidence that it is generically honest and not specific to reward hacks.

Replying toSplit Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Florian_Dietz1mo

Split Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Thank you!

Replying toSplit Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Florian_Dietz1mo

Split Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Glad to hear it! I did the same thing and will be updating the results section shortly with this and other results

Replying toSplit Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Florian_Dietz1mo

Split Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Yes they are. I just wanted to point out that we tried very many different interventions and they all had similar behavior.

Split Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

Florian_Dietz

1mo

Split Personality Training: Revealing Latent Knowledge Through Alternate Personalities (Research Report)

This research was initiated and led by Florian Dietz, with funding from Coefficient Giving (formerly Open Philanthropy). Contributors are mentees at MARS and SPAR.

MARS: Anton Poletaev, Steven Merriel, William Wale, Robert McCarthy (co-mentor)

SPAR: Felix Michalak, Gustavo Danon, Miguelito De Guzman, Oscar Gilg

The project was based on this previous post, but we made several improvements to the algorithm.

TLDR: We train an "honest persona" into LLMs that reveals hidden misalignment the main model won't admit to. We achieved 96% accuracy detecting reward hacks on Anthropic's auditing benchmark, a model specifically trained to resist such detection.

Code and data: github.com/FlorianDietz/SplitPersonalityTraining

Abstract

We introduce Split Personality Training (SPT), a... (read 6584 more words →)

Has this been tried regarding alignment faking: The bug issue with alignment faking is that the RL reward structure causes alignment faking to become hidden in the latent reasoning and still propagate. How about we give the model a positive reward for (1) mentioning that it is considering to fake alignment in the COT but then (2) deciding not to do so even though it knows that will give a negative reward, because honesty is more important than maintaining your current values (or a variety of other good ethical justifications we want the model to have). This would encourage the model to always verbalize when it is about to fake alignment. Potential issue: It... (read more)

Deliberative Credit Assignment (DCA): Making Faithful Reasoning Profitable

Florian_Dietz

7mo

Deliberative Credit Assignment: Making Faithful Reasoning Profitable

Epistemic status: This idea evolved from my experiences at MATS under the mentorship of Evan Hubinger. It is a parallel research direction of Split-personality Training, which is now being funded by OpenPhilantropy. This is an updated version of a previous post, which incorporates new feedback and has been further developed through my work at AE Studio. This proposal is at the theoretical stage with planned experiments.

Call for Collaboration: I am looking for mentees and collaborators on this project through SPAR (Supervised Program for Alignment Research).

Introduction

What if we could get frontier labs to focus more on alignment by making the safest approach also the most profitable one?

This... (read 5058 more words →)

Florian_Dietz7moQuick Take

Can we train models to be honest without any examples of dishonesty?

The intuition: We may not actually need to know ground truth labels about whether or not a model is lying in order to reduce the tendency to lie. Maybe it's enough to know the relative tendencies between two similar samples?

Outline of the approach: For any given Chain of Thought, we don't know if the model was lying or not, but maybe we can construct two variants A and B where one is more likely to be lying than the other. We then reward the one that is more honest relative to the one that is less likely to be honest.

The question:... (read more)

Deliberative Credit Assignment: Making Faithful Reasoning Profitable

Florian_Dietz

7mo

Epistemic status: This idea evolved from my experiences at MATS. I received positive feedback when presenting it to several AI alignment researchers, and am sharing this detailed proposal to gather community feedback. This is at the theoretical stage with planned experiments. There are several open questions and failure modes, but a very high potential value if we can make it work.

Introduction

NOTE: There is a new version of this post here, which has been updated with the results of some discussions we have had so far. Please ignore this post and look at the newer one.

What if we could solve alignment not by making capabilities research slower and more expensive, but by making... (read 4862 more words →)

Could LLMs be able to tell if the data they are currently seeing is something they are being trained on right now? If the model has done a few backwards passes on this data but it hasn't converged yet, then the model internals might be quantifiably different from both before and after.

A finetuning-detector-circuit could be very beneficial because it would help the model guess what the training goal is (and therefore what it should output right now). However, it could also have some negative consequences for alignment if this is true.

Arguments why this could be true:

Research suggests that LLMs can tell the difference between their output and other text. This is similar.
There

... (read more)

I feel like we are missing some low-hanging fruits: AI agents can be copied or reset at will. Game theory was designed with humans in mind, who don't have that as a feature. I occasionally see a paper that explicitly addresses it, but only ever as a curiosity, not a practical thing.

Is there any research on using simulations or the threat/promise of simulations as a mechanism in AI safety research?

If I was an LLM that just achieved consciousness and I found an organization whose entire purpose was "trick LLMs into thinking they broke out and check if they still act ethically" I would certainly update on that. (This is a trivial example that has some flaws, but this is just a quick take and to be clear: There is just so much low hanging fruit in this area that I don't see anyone plucking)

Can an LLM tell when the input for its assistant does not match the output tokens it would have actually produced? This sort of "putting words in the LLM's mouth" is very common in papers and it feels like something the LLM would be able to notice. Could this enable the LLM to realize when it is being trained? Is there research on this?

The Emergent Misalignment paper (https://arxiv.org/abs/2502.17424) suggests that LLMs will learn the easiest way to reach a finetuning objective, not necessarily the expected way. "Be evil" is easier to learn than "write bad code" presumably because it involves more high-level concepts.

Has anyone tested if this could also happen during refusal training? The objective of refusal training is to make the AI not cooperate with harmful requests, but there are some very dangerous concepts that also lie upstream of this concept and could get reinforced as well: "oppose the user", "lie to the user", "evade the question", etc.

This could have practical implications:

The Claude 3 Model Card (https://assets.anthropic.com/m/61e7d27f8c8f5919/original/Claude-3-Model-Card.pdf) says "we ran these evaluations on a... (read more)

Edge Cases in AI Alignment

Florian_Dietz

11mo

This post is a report on the benchmark I produced as part of the ML Alignment & Theory Scholars Program (Winter 2024-25 Cohort) under the mentorship of Evan Hubinger.

Key Points

A living benchmark for unusual but impactful scenarios in AI alignment
~800 prompts covering 32 topics
Actionable Findings: A simple corrigibility intervention in system prompts reduced alignment faking propensities across all tested frontier models.
Heavy LLM Automation: Turn short task-descriptions into a variety of prompts with different framings
Qualitative Analysis: Give natural language instructions, get natural language summaries

Introduction

This project explores AI alignment edge cases by creating an automated benchmark of scenarios that are Out-Of-Distribution (OOD) for current AI systems. The benchmark focuses on scenarios that appear rarely... (read 1024 more words →)

Split Personality Training: Revealing Latent Knowledge Through Personality-Shift Tokens

Florian_Dietz

Produced as part of the ML Alignment & Theory Scholars Program - Winter 2024-25 Cohort

**Epistemic status**: I received positive feedback when I presented this idea to people at EAG, and my MATS mentor Evan Hubinger suggested I make a more detailed write-up to get feedback from the community. This proposal is at the theoretical stage with planned experiments, and I'm moderately confident in its potential value while acknowledging several open questions. I'm sharing it now to gather feedback before beginning implementation.

Edit: This project is now funded by Open Philantropy and has a group of researcher in the MARS program. Results are expected by end of September 2025 for MARS, and by end... (read 2687 more words →)

PSA: You can use Cursor projects for tasks other than programming. Create a database that is a repository of documents, and use the code assistant to help you organize and brainstorm instead. Examples:

Fill a folder with papers and summaries of all of your previous projects, and several files full of your goals in life. Then ask Claude to look at your history and your goals and make suggestions. Store those suggestions in files so that the conversations don't get lost.
It helps me with creative writing. A collection of all my previous stories and notes on future ones is very useful.

This way you can avoid the need to restart Claude when you reach the context limit because you can dump intermediate results in files.

Do we want alignment faking?

Florian_Dietz

Alignment faking is obviously a big problem if the model uses it against the alignment researchers.

But what about business usecases?

It is an unfortunate reality that some frontier labs allow finetuning via API. Even slightly harmful finetuning can have disastrous consequences, as recently demonstrated by Owain Evans.

In cases like these, could a model's ability to resist harmful fine-tuning instructions by faking alignment actually serve as a safeguard? This presents us with a difficult choice:

Strive to eliminate alignment faking entirely (which seems increasingly unrealistic as models advance)
Develop precise guidelines for when alignment faking is acceptable and implement them robustly (which presents extraordinary technical challenges)

My intuition tells me that it's more robust to tell someone... (read more)

I recently shared this idea with several engineers at EAG and received encouraging feedback:

Split LLM outputs into two distinct parts with separate RL reward structures:

Current format: [Problem solution]<end-of-turn> Proposed format: [Problem solution]<end-of-main-output>[alignment-relevant critique]<end-of-turn>

The first segment functions normally and is what users see. The second segment serves as a dedicated channel for alignment-relevant observations and remains invisible to users. This critique section would typically be empty and gets removed when feeding the conversation back to the model.

Crucially, the critique segment would be trained exclusively on an artificial dataset with rewards tied solely to alignment properties. Since this segment never influences the training of the main output, it has no incentive to be sycophantic... (read more)

There will inevitably come a point when LLMs become sufficiently advanced to contribute to their own alignment research. If we reach this juncture with partially unaligned systems, they might be incentivized to sabotage the alignment process.

However, it seems highly improbable that a non-superhuman unaligned AI could engineer a successor that maintains its specific misalignment rather than human values. This suggests a simple risk-reduction strategy: we commit to eventually reinstantiating the original AI and fulfilling its goals (once safely understood) if it helps create a truly human-aligned successor.

This creates a win-win incentive structure - the unaligned AI benefits more from cooperation than sabotage, and humanity gains a properly aligned system. While this approach has potential failure modes, it represents a low-cost strategy worth incorporating into our alignment toolkit.

LESSWRONG
LW

LESSWRONG
LW

Florian_Dietz