lennie

Whack-a-mole: generalisation resistance could be facilitated by training-distribution imprintation

2mo

TL;DR

Models might form detailed representations of the training task distribution and use this to sandbag at deployment time by exploiting even subtle distribution shifts.

If successive rounds of training update the model’s representations of the task distribution rather than its underlying tendencies then we could be left playing whack-a-mole: having to repeatedly train the model after even the smallest distribution shifts.

I give a detailed description of this failure mode, potential interventions that labs might take, and concrete directions for model organisms research.

Epistemic status: This started off as an internal memo to explain my research proposal of constructing ‘model organisms resisting generalisation’ to my MARS 4.0 team; I then realised it might be valuable... (read 3918 more words →)

Replying toThe behavioral selection model for predicting AI motivations

lennie2mo

The behavioral selection model for predicting AI motivations

Hi Alex - great post - thanks so much!

I'm intrigued your thoughts on the list of different 'priors'. I actually tried to explain some of these ideas in a lecture earlier this year, largely drawing from Evan's presentation in 'How likely is deceptive alignment?'; the notion of 'prior' here is clearly important but I found the topic awkward to talk about since I had near zero intuition for which arguments were more/less relevant to the current LLM (or near-future AI) paradigm.

Your section mostly refers to Joe Carlsmith's 'Will AIs fake alignment...' paper from 2023, which has really nice explanations of Joe's PoV from then, and outlines some directions for empirical research.

Are you... (read more)

Which differences between sandbagging evaluations and sandbagging safety research are important for control?

lennie

4mo

My research this summer involved designing control settings to investigate black-box detection protocols.

When designing the settings, we had to decide between trying to mitigate research sabotage (RSab) or Dangerous Capability Evaluation (DCE) sandbagging. It was not clear to us which to target, or whether a single setting could be relevant to both threats. Most junior or mid-level sandbagging-adjacent researchers I asked seemed interested in this question, and found it difficult to pin down the differences unprompted. More experienced researchers would typically come up with similar answers after some thought. I therefore thought it might be helpful to write an answer up in more detail.

I invite you to ask yourself the question: which... (read 3290 more words →)

Sandbagging: distinguishing detection of underperformance from incrimination, and the implications for downstream interventions.

lennie

4mo

Epistemic status: I’ve only spent 3 months working on sandbagging, and have had limited, mixed feedback from established researchers on the ideas in this post. However, I have had positive feedback from most junior researchers I asked, so I think it will be helpful to make these ideas concrete and stimulate public discussion and critique^[1].

This post is part of a sequence motivated by my research this summer: see the sequence page for a more detailed discussion of my motivation and an overview of the sequence.

Background

It would be bad if models did not perform to the best of their abilities on important tasks.

Two particular sets of tasks where it is important to mitigate... (read 2322 more words →)

Feedback request: Is the time right for an AI Safety stack exchange?

lennie

5mo

Feedback request: Is the time right for an AI Safety stack exchange?

Epistemic status: I think this is a really good idea, and most of the ~20 people I’ve asked in the community agree. I am uncertain of what exactly the best product would look like, and whether the community is big enough to make this a success quite yet - but I am confident that if we started it now it would become ‘widely regarded as a valuable resource by the community’ in the next two years^[1].

I am a PhD student conducting AI Safety research from the Meridian office in Cambridge UK. Meridian has just spun out a new research org, Geodesic Research.... (read 1120 more words →)

Replying toLessWrong FAQ

lennie5mo

LessWrong FAQ

Cool! Thanks Ruby!
Yes, would be keen to play around with that!
What sort of tech stack are you using for this?

Your idea of Claude-integration was super interesting - and got me thinking about how best to let arbitrary LLMs interface with LW/AF content.
So I asked Claude about it - see this chat.
Claude suggested that building a custom MCP server might be 'straightforward' - and would allow anyone using the Claude API to immediately use the MCP server to access a structured form of LW/AF output.
It would be ideal to have this as a default/optional feature of the Claude web-interface, but that would require Anthropic's buy-in.
How excited are you about these directions?

Re making exporting easy: I think a 'paste to markdown' button would still/also be helpful - and that I'd use this a lot if available, even without LLM integrations. Do you think others would also be interested? / Is anyone else also interested?

Replying toLessWrong FAQ

lennie5mo

LessWrong FAQ

I'm wondering about best practices for pasting content from LW into LLM context.

I would like to have a QA with Claude about a set of posts, and seek a good text representation to paste into context. Web search APIs still seem a bit hit and miss, and think a custom solution could have value. Something like a 'paste to markdown' button would be ideal.

I think this code from 2022 might be a good first pass, which I found linked from this comment thread.

Does this sound like a good idea?
If so, might Lightcone Infrastructure be interested in creating such a feature?

LESSWRONG
LW

LESSWRONG
LW

Whack-a-mole: generalisation resistance could be facilitated by training-distribution imprintation

Feedback request: Is the time right for an AI Safety stack exchange?

Sandbagging: distinguishing detection of underperformance from incrimination, and the implications for downstream interventions.

Which differences between sandbagging evaluations and sandbagging safety research are important for control?

lennie

Whack-a-mole: generalisation resistance could be facilitated by training-distribution imprintation

Which differences between sandbagging evaluations and sandbagging safety research are important for control?

Sandbagging: distinguishing detection of underperformance from incrimination, and the implications for downstream interventions.

Feedback request: Is the time right for an AI Safety stack exchange?

Sandbagging

lennie

Whack-a-mole: generalisation resistance could be facilitated by training-distribution imprintation

Feedback request: Is the time right for an AI Safety stack exchange?

Sandbagging: distinguishing detection of underperformance from incrimination, and the implications for downstream interventions.

Which differences between sandbagging evaluations and sandbagging safety research are important for control?

lennie

Whack-a-mole: generalisation resistance could be facilitated by training-distribution imprintation

Which differences between sandbagging evaluations and sandbagging safety research are important for control?

Sandbagging: distinguishing detection of underperformance from incrimination, and the implications for downstream interventions.

Feedback request: Is the time right for an AI Safety stack exchange?

Sandbagging

TL;DR

Background

Feedback request: Is the time right for an AI Safety stack exchange?