Replying toConsider donating to Alex Bores, author of the RAISE Act

Consider donating to Alex Bores, author of the RAISE Act

Throwing some weight behind this: I've been impressed by Alex. He's got a rare combination of thoughtfulness, orientation to important causes, and savvy deliberative pragmatism in politics.

porby4mo

One simple example: pretraining an LLM^[1] will converge to an approximation of Bayesian inference over the training distribution^[2]. Any part of the output distribution clearly off the pareto frontier of approximation with respect to the architecture/training scheme/data would be akin to an anomalous and persistent area of high pressure within a gas; it's an unstable high energy state with respect to optimization.

I can't tell you with certainty how the weights will move during the training process, but I can tell you where it's going at a higher level.

^{^}
assuming proper scoring rule etc.
^{^}
there are degrees of freedom outside of the training distribution that aren't bound by the same dynamics. Adversarial intervention to build and maintain circuitry outside the training distribution could survive the pressure, for example.

porby4moQuick Take

A note to expand upon in some counterfactual future in which I have lots of spare time:

Considering AI systems at the level of gas laws is often useful.

You typically do not know the precise configuration of any particular lump of molecules composing a gas. Often, knowing such precise configurations isn't even tractably useful to predicting what the gas will do, but it might help to refine or verify your theoretical description of its behavior.
You can make some pretty strong claims about how that gas will behave at the system level in various circumstances.
There are conditions where the simple abstraction breaks down and you really do need more information (microfluidics, turbulence, shock waves, phase transitions, etc.). It's usually easier to avoid a dependency on those conditions if you can, or to make the dependency as controllable as you can.

Replying toEmergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs

porby1y

Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs

This is great research and I like it!

I'd be interested in knowing more about how the fine-tuning is regularized and the strength of any KL-divergence-penalty-ish terms. I'm not clear on how the openai fine-tuning API works here with default hypers.

By default, I would expect that optimizing for a particular narrow behavior with no other constraints would tend to bring along a bunch of learned-implementation-dependent correlates. Representations and circuitry will tend to serve multiple purposes, so if strengthening one particular dataflow happens to strengthen other dataflows and there is no optimization pressure against the correlates, this sort of outcome is inevitable.

I expect that this is most visible when using no KL divergence penalty... (read more)

Replying toFAQ: What the heck is goal agnosticism?

porby1y

FAQ: What the heck is goal agnosticism?

These things are possible, yes. Those bad behaviors are not necessarily trivial to access, though.

If you underspecify/underconstrain your optimization process, it may roam to unexpected regions permitted by that free space.
It is unlikely that the trainer's first attempt at specifying the optimization constraints during RL-ish fine tuning will precisely bound the possible implementations to their truly desired target, even if the allowed space does contain it; underconstrained optimization is a likely default for many tasks.
Which implementations are likely to be found during training depends on what structure is available to guide the optimizer (everything from architecture, training scheme, dataset, and so on), and the implementations' accessibility to the optimizer with respect to

porby1y

Instrumentality makes agents agenty

Instrumentality exists on the simulacra level, not the simulator level. This would suggest that corrigibility could be maintained by establishing a corrigible character in context. Not clear on the practical implications.

That one, yup. The moment you start conditioning (through prompting, fine tuning, or otherwise) the predictor into narrower spaces of action, you can induce predictions corresponding to longer term goals and instrumental behavior. Effective longer-term planning requires greater capability, so one should expect this kind of thing to be more apparent as models get stronger even as the base models can be correctly claimed to have 'zero' instrumentality.

In other words, the claims about simulators here are quite narrow. It's pretty easy to... (read more)

Replying toFFMI Gains: A List of Vitalities

porby1y

FFMI Gains: A List of Vitalities

There are lots of little things when it's not at a completely untenable level. Stuff like:

Going up a flight or three of steps and really feeling it in my knees, slowing down, and saying 'hoo-oof.'
Waking up and stepping out of bed and feeling general unpleasantness in my feet, ankles, knees, hips, or back.
Quickly seeking out places to sit when walking around, particularly if there's also longer periods of standing, because my back would become terribly stiff.
Walking on uneven surfaces and having a much harder time catching myself when I stumbled, not infrequently causing me to tweak something in my ankle or knee.
Always having something hurting a bit. Usually my knees, back, or

porby1y

Why I think strong general AI is coming soon

Hey, we met at EAGxToronto : )

🙋‍♂️

So my model of progress has allowed me to observe our prosaic scaling without surprise, but it doesn't allow me to make good predictions since the reason for my lack of surprise has been from Vingean prediction of the form "I don't know what progress will look like and neither do you".

This is indeed a locally valid way to escape one form of the claim—without any particular prediction carrying extra weight, and the fact that reality has to go some way, there isn't much surprise in finding yourself in any given world.

I do think there's value in another version of the word "surprise," here, though. For... (read more)

Replying toMy Advice for Incoming SERI MATS Scholars

porby2y

My Advice for Incoming SERI MATS Scholars

I've got a fun suite of weird stuff going on^[1], so here's a list of sometimes-very-N=1 data:

Napping: I suck at naps. Despite being very tired, I do not fall asleep easily, and if I do fall asleep, it's probably not going to be for just 5-15 minutes. I also tend to wake up with a lot of sleep inertia, so the net effect of naps on alertness across a day tends to be negative. They also tend to destroy my sleep schedule.
Melatonin: probably the single most noticeable non-stimulant intervention. While I'm by-default very tired all the time, it's still hard to go to sleep. Without mitigation, this usually meant it was nearly

... (read 900 more words →)

Has there been any work on the scaling laws of out-of-distribution capability/behavior decay?

A simple example:

Simultaneously train task A and task B for N steps.
Stop training task B, but continue to evaluate the performance of both A and B.
Observe how rapidly task B performance degrades.

Repeat across scale and regularization strategies.

Would be nice to also investigate different task types. For example, tasks with varying degrees of implied overlap in underlying mechanisms (like #2).

I've previously done some of these experiments privately, but not with nearly the compute necessary for an interesting result.

The sleeper agents paper reminded me of it. I would love to see what happens on a closer-to-frontier model that's intentionally backdoored, and then... (read more)

Having escaped infinite overtime associated with getting the paper done, I'm now going back and catching up on some stuff I couldn't dive into before.

Going through the sleeper agents paper, it appears that one path—adversarially eliciting candidate backdoor behavior—is hampered by the weakness of the elicitation process. Or in other words, there exist easily accessible input conditions that trigger unwanted behavior that LLM-driven adversarial training can't identify.

I alluded to this in the paper linkpost, but soft prompts are a very simple and very strong option for this. There remains a difficulty in figuring out what unwanted behavior to adversarially elicit, but this is an area that has a lot of low hanging fruit.

I'd also interested in whether how more brute force interventions, like autoregressively detuning a backdoored model with a large soft prompt for a very large dataset (or an adversarially chosen anti-backdoor dataset) compares to the other SFT/RL interventions. Activation steering, too; I'm currently guessing activation-based interventions are the cheapest for this sort of thing.

Soft Prompts for Evaluation: Measuring Conditional Distance of Capabilities

porby

Abstract:

To help evaluate and understand the latent capabilities of language models, this paper introduces an approach using optimized input embeddings, or `soft prompts,' as a metric of conditional distance between a model and a target behavior. The technique aims to facilitate latent capability discovery as a part of automated red teaming/evaluation suites and to provide quantitative feedback about the accessibility of potentially concerning behaviors in a way that may scale to powerful future models, including those which may otherwise be capable of deceptive alignment. An evaluation framework using soft prompts is demonstrated in natural language, chess, and pathfinding, and the technique is extended with generalized conditional soft prompts to aid in constructing

... (read 911 more words →)

porby2yQuick Take

I sometimes post experiment ideas on my shortform. If you see one that seems exciting and you want to try it, great! Please send me a message so we can coordinate and avoid doing redundant work.

Retrodicting prompts can be useful for interpretability when dealing with conditions that aren't natively human readable (like implicit conditions induced by activation steering, or optimized conditions from soft prompts). Take an observed completion and generate the prompt that created it.

What does a prompt retrodictor look like?

Generating a large training set of soft prompts to directly reverse would be expensive. Fortunately, there's nothing special in principle about soft prompts with regard to their impact on conditioning predictions.

Just take large traditional text datasets. Feed the model a chunk of the string. Train on the prediction of tokens before the chunk.

Two obvious approaches:

Special case of infilling. Stick to a purely autoregressive training mode, but train

... (read more)

Soft prompts are another form of prompt automation that should naturally preserve all the nice properties of goal agnostic architectures.

Does training the model to recognize properties (e.g. 'niceness') explicitly as metatokens via classification make soft prompts better at capturing those properties?

You could test for that explicitly:

Pretrain model A with metatokens with a classifier.
Pretrain model B without metatokens.
Train soft prompts on model A with the same classifier.
Train soft prompts on model B with the same classifier.
Compare performance of soft prompts in A and B using the classifier.

Notes and extensions:

The results of the research are very likely scale sensitive. As the model gets larger, many classifier-relevant distinctions that could be missed by small models

... (read more)

Quarter-baked experiment:

Stick a sparse autoencoder on the residual stream in each block.
Share weights across autoencoder instances across all blocks.
Train autoencoder during model pretraining.
Allow the gradients from autoencoder loss to flow into the rest of the model.

Why? With shared autoencoder weights, every block is pushed toward sharing a representation. Questions:

Do the meanings of features remain consistent over multiple blocks? What does it mean for an earlier block's feature to "mean" the same thing as a later block's same feature when they're at different parts of execution?
How much does a shared representation across all blocks harm performance? Getting the comparison right is subtle; it would be quite surprising if there is no slowdown on

... (read more)

Another experiment:

Train model M.
Train sparse autoencoder feature extractor for activations in M.
FT = FineTune(M), for some form of fine-tuning function FineTune.
For input x, fineTuningBias(x) = FT(x) - M(x)
Build a loss function on top of the fineTuningBias function. Obvious options are MSE or dot product with bias vector.
Backpropagate the loss through M(x) into the feature dictionaries.
Identify responsible features by large gradients.
Identify what those features represent (manually or AI-assisted).
To what degree do those identified features line up with the original FineTune function's intent?

Extensions:

The features above are in the context of a single input. Check for larger scopes by sampling more inputs, backpropagating, and averaging the observed feature activations. Check for ~unconditional shifts induced by

... (read more)

Some experimental directions I recently wrote up; might as well be public:

Some attempts to demonstrate how goal agnosticism breaks with modifications to the architecture and training type. Trying to make clear the relationship between sparsity/distance of the implicit reward function and unpredictability of results.
A continuation and refinement of my earlier (as of yet unpublished) experiments about out of distribution capability decay. Goal agnosticism is achieved by bounding the development of capabilities into a shape incompatible with internally motivated instrumental behavior across the training distribution; if it's possible for any nontrivial capability to persist out of distribution at toy scales, even with significant contrivance to train it into existence in the first place,

... (read 464 more words →)

FAQ: What the heck is goal agnosticism?

porby

Thanks to George Wang, Liron Shapira, Eliezer^[1], and probably dozens of other people at Manifest and earlier conferences that I can't immediately recall the names of for listening to me attempt to explain this in different ways and for related chit chat.

I've gotten better at pitching these ideas over the last few conferences, but I think some of the explanations I've provided didn't land nearly as well as they could have. It's sometimes hard to come up with great explanations on the spot, so this FAQ/dialogue is an attempt to both communicate the ideas better and to prepare a bunch of explanatory contingencies.

The content and tone of these questions shouldn't be taken to... (read 8275 more words →)

Another item for the todo list:

Compile neural networks from fountains of autogenerated programs.
Generate additional permutations by variously scrambling compiled neural networks.
Generate more "natural" neural representations by training networks to predict the mapping implied by the original code.
Train an interpreter to predict the original program from the neural network.

Naive implementation likely requires a fairly big CodeLlama-34b-Instruct-tier interpreter and can only operate on pretty limited programs, but it may produce something interesting. Trying to apply the resulting interpreter on circuits embedded in larger networks probably won't work, but... worth trying just to see what it does?

Might also be something interesting to be learned in spanning the gap between 'compiled' networks and trained networks. How close do they come to being affine equivalents? If not linear, what kind of transform is required (and how complicated is it)?

A plea for more funding shortfall transparency

porby

[This post is largely from the perspective of AI safety, but most of it should generalize.]

For recipients, well calibrated estimates about funding probability and quantity are extremely valuable. Funding-dependent individuals and organizations need information to optimize their decisionmaking; incorrect estimates cause waste.

At the moment, getting that information seems unnecessarily hard.

To help with this, I would ask organizations up the funding chain to systematically and continuously provide bite-sized updates from their own perspectives on the funding situation when possible.

This needn't be in the form of a lengthy report or deep-dive (though those are nice too!). For example, for a grantmaking organization with open applications, maybe something like:

We've received V requests for funding totaling

... (read 574 more words →)

Using predictors in corrigible systems

porby

[This was a submission to the AI Alignment Awards corrigibility contest that won an honorable mention. It dodges the original framing of the problem and runs off on a tangent, and while it does outline the shape of possible tests, I wasn't able to get them done in time for submission (and I'm still working on them).

While I still think the high-level approach has value, I think some of the specific examples I provide are weak (particularly in the Steering section). Some of that was me trying to prune out potentially-mildly hazardous information, but some of the ideas were also just a bit half-baked and I hadn't yet thought of some of... (read 8077 more words →)

One path to coherence: conditionalization

porby

[Thanks to guy-whose-name-I-forgot working on paths to coherence for the conversation at Newspeak House after EAG London that prompted this thought, and Jozdien and eschatropic for some related chit-chat.]

Many agents start with some level of incoherence in their preferences^[1]. What paths should we expect agents to take to resolve this incoherence, if they do at all?

For a subset of incoherent agents, conditionalization of preferences may be convergent.

Ideal predictors

Suppose you've trained a model on predictive loss and it has successfully learned ideal "values" that are faithful to the predictive loss. For clarity, this does not mean that the model wants to predict well, but rather that the model consistently acts as the process of... (read 984 more words →)

One implementation of regulatory GPU restrictions

porby

Some observations:

ML-relevant hardware supply is bottlenecked at several points.
One company, NVIDIA, is currently responsible for most purchasable hardware.^[1]
NVIDIA already implements driver licensing to force data center customers to buy into the more expensive product line.^[2]
NVIDIA would likely not oppose even onerous regulation on the use of its ML hardware if it gives them more of a competitive moat.

Where can you stick a regulatory lever to prevent improper use of GPUs at scale?

Here's one option!^[3]

Align greed with oversight

Buff up driver licensing with some form of hardware authentication so that only appropriately signed drivers can run. (NVIDIA may do this already; it would make sense!)
Modify ML-focused products to brick themselves if they do not

... (read 1236 more words →)

porby's Shortform

porby

This is a special post for quick takes (aka "shortform"). Only the owner can create top-level comments.

Implied "utilities" of simulators are broad, dense, and shallow

porby

This is a quick attempt at deconfusion similar to instrumentality. Same ideas, different angle.

Extremely broad, dense reward functions constrain training-compatible goal sets

Predictors/simulators are typically trained against a ground truth for every output. There is no gap between the output and its evaluation; an episode need not be completed before figuring out how good the first token prediction was. These immediate evaluations for every training sample can be thought of as a broad and densely defined reward function.

It's easier for a model to fall into an undesired training-compatible goal set^[1] when there are many accessible options for undesirable goal sets versus desirable goal sets. As the number of constraints imposed by the trained reward... (read 757 more words →)

Instrumentality makes agents agenty

porby

You could describe the behavior of untuned GPT-like model^[1] using a (peculiar) utility function. The fact that the loss function and training didn't explicitly involve a reward function doesn't mean a utility function can't represent what's learned, after all.

Coming from the opposite direction, you could also train a predictor using RL: choose a reward function and an update procedure which is equivalent to approximating the supervised loss function's gradient with numerical sampling. It'll tend to be much less efficient to train (and training might collapse sometimes), but it should be able to produce an equivalent result in the limit.

And yet... trying to interpret simulators as agents with utility functions seems misleading. Why?

Instrumentality is

... (read 1548 more words →)

How would you use video gamey tech to help with AI safety?

porby

I've been working on AI safety for a while now. It's going better than expected, but I have finite hours. The more hours I spend on safety, the less I can spend on business-oriented things. Those business-oriented things are long term (4+ years) high risk attempts at earning to give.

My timelines aren't long, so doing some direct work on AI safety seems wise so long as I'm not completely killing the businessy side of things.

But if I could find an actually-useful way to share work, it could save years. So:

Suppose you've got a person with a background in high performance real time physics simulation, bleeding edge low latency rendering, aggressive optimization, and... (read 203 more words →)

LESSWRONG
LW

LESSWRONG
LW

porby

Why I think strong general AI is coming soon

Am I secretly excited for AI getting weird?

Against Boltzmann mesaoptimizers

A plea for more funding shortfall transparency

porby

porby

Soft Prompts for Evaluation: Measuring Conditional Distance of Capabilities

FAQ: What the heck is goal agnosticism?

A plea for more funding shortfall transparency

Using predictors in corrigible systems

One path to coherence: conditionalization

One implementation of regulatory GPU restrictions

porby's Shortform

porby

Why I think strong general AI is coming soon

Am I secretly excited for AI getting weird?

Against Boltzmann mesaoptimizers

A plea for more funding shortfall transparency

porby

porby

Soft Prompts for Evaluation: Measuring Conditional Distance of Capabilities

FAQ: What the heck is goal agnosticism?

A plea for more funding shortfall transparency

Using predictors in corrigible systems

One path to coherence: conditionalization

One implementation of regulatory GPU restrictions

porby's Shortform

Abstract:

Ideal predictors

Align greed with oversight

Extremely broad, dense reward functions constrain training-compatible goal sets

Instrumentality is