LESSWRONG
LW

TurnTrout — LessWrong

punctilio (n.): precise observance of formalities.

Pretty good at making your text pretty. The most feature-complete and reliable English micro-typography package—transforms plain ASCII into typographically correct Unicode, even across HTML element boundaries.

Smart quotes · Em/en dashes · Ellipses · Math symbols · Legal symbols · Arrows · Primes · Fractions · Superscripts · Ligatures · Non-breaking spaces · HTML-aware · Bri’ish localisation support

import { transform } from 'punctilio'

transform('"It\'s a beautiful thing, the destruction of words..." -- 1984')
// → “It’s a beautiful thing, the destruction of words…”—1984

npm install punctilio

Why punctilio?

As far as I can tell, punctilio is the most reliable and feature-complete. I built punctilio for my website. I wrote^[1] and sharpened the... (read 1219 more words →)

Replying toWill Any Crap Cause Emergent Misalignment?

TurnTrout15d

Will Any Crap Cause Emergent Misalignment?

More evidence that AIs are fundamentally human-like and non-alien!

(Not sure how serious I'm being, but it's non-zero)

Replying toNo instrumental convergence without AI psychology

TurnTrout23d*

No instrumental convergence without AI psychology

Maybe "psychology" is just the wrong word to use here, because I think it conjures up ideas of anthropomorphism, when in fact I read you as simply making an argument that the processes interior to an AI system matter as to whether and how an AI might try to instrumentally converge towards some goals.

I agree. I welcome suggestions for alternate titles, if anyone has any! I tried myself but didn't find anything immediately. "No instrumental convergence without considering how the AI will make decisions" isn't exactly the snappiest title.

EDIT: I actually think "psychology" is pretty good here, despite some flaws.

Replying toNo instrumental convergence without AI psychology

TurnTrout23d

No instrumental convergence without AI psychology

Like, imo, "most programs which make a mind upload device also kill humanity" is (if true) an interesting and somewhat compelling first claim to make in a discussion of AI risk, to which the claim "but one can at least in principle have a distribution on programs such that most programs which make mind uploads no not also kill humans" alone is not a comparably interesting or compelling response.

I disagree somewhat, but—whatever the facts about programs—at least it is not appropriate to claim "not only do most programs which make a mind upload device also kill humanity, it's an issue with the space of programs themselves, not with the way we generate... (read more)

No instrumental convergence without AI psychology

TurnTrout

24d

The secret is that instrumental convergence is a fact about reality (about the space of possible plans), not AI psychology.
Zack M. Davis, group discussion

Such arguments flitter around the AI safety space. While these arguments contain some truth, they attempt to escape "AI psychology" but necessarily fail. To predict bad outcomes from AI, one must take a stance on how AI will tend to select plans.

This topic is a specialty of mine. Where does instrumental convergence come from? Since I did my alignment PhD on exactly this question, I'm well-suited to explain the situation.
In this article, I do not argue that building transformative AI is safe or that transformative AIs won't tend to

... (read 1743 more words →)

TurnTrout24d

I think the problem of "may suggest a potentially suboptimal intervention" is less severe than "isn't descriptive." Plus, I think we're going to see "self-fulfilling alignment" be upsampled after the recent positive results. :)

TurnTrout24dQuick Take

When talking about "self-fulfilling misalignment", "hyperstition" is a fun name but not a good name which actually describes the concept to a new listener. (In this sense, the name has the same problem as "shard theory" --- cool but not descriptive unless you already know the idea.) As a matter of discourse health, I think people should use "self-fulfilling {misalignment, alignment, ...}" instead.

TurnTrout24d

Based. Thank you for your altruism, Sheikh. :)

TurnTrout24dQuick Take

Last week, I took the 10% giving pledge to donate at least 10% of my income to effective charities, for the rest of my life. I encourage you to think carefully and honestly about what you can do to improve this world. Maybe you should take the pledge yourself.

172

TurnTrout1mo

Yes, I have left many comments on Nate's posts which I think he would agree were valuable. By blocking me, he confirmed that he was not merely moving (supposedly) irrelevant information, but retaliating for sharing unfavorable information.

I had spent nearly two years without making any public comments regarding Nate's behavior, so I don't see any rational basis for him to expect I would "hound" him in future comment sections.

-2

TurnTrout1mo

Different people have different experiences. Some of Nate's coworkers I interviewed felt just fine working with him, as I have mentioned.

-1

TurnTrout1mo*

I would share your concern if TurnTrout or others were replying to everything Nate published in this way. But well... the original comment seemed reasonably relevant to the topic of the post and TurnTrout's reply seemed relevant to the comment. So it seems like there's likely a limiting principle here

I think there is a huge limiter. Consider that Nate's inappropriate behavior towards Kurt Brown happened in 2017 & 2018 but resulted in no consequences until 5 and a half years later. This suggests that victims are massively under-supplying information due to high costs. We do not have an over-supply problem.

Let me share some of what I've learned from my own experience and... (read more)

Apply for Alignment Mentorship from TurnTrout and Alex Cloud

TurnTrout

TurnTrout, cloud

2mo

Through the MATS program, we (Alex Turner and Alex Cloud^[1]) help alignment researchers grow from seeds into majestic trees. We have fun, consistently make real alignment progress, and help scholars tap into their latent abilities.

MATS summer '26 applications are open until January 18th!

Five men strike a pose at Lighthaven, the community campus. Four of them wear shades while the fifth, Alex, looks at the camera in a blazer. — Team Shard in MATS 6.0 during the summer of '24. From left: Evžen Wyitbul, Jacob Goldman-Wetzler, Alex Turner, Alex Cloud, and Joseph Miller.

Many mentees now fill impactful roles.

Lisa Thiergart (MATS 3.0) moved on to being a research lead at MIRI and is now a senior director at the SL5 task force.
Alex Cloud (MATS 6.0) went from mentee to co-mentor in one round and also secured a job at Anthropic. Lead

... (read 583 more words →)

2025-Era “Reward Hacking” Does Not Show that Reward Is the Optimization Target

TurnTrout

2mo

Folks ask me, "LLMs seem to reward hack a lot. Does that mean that reward is the optimization target?". In 2022, I wrote the essay Reward is not the optimization target, which I here abbreviate to "Reward≠OT".

Reward still is not the optimization target: Reward≠OT said that (policy-gradient) RL will not train systems which primarily try to optimize the reward function for its own sake (e.g. searching at inference time for an input which maximally activates the AI's specific reward model). In contrast, empirically observed "reward hacking" almost always involves the AI finding unintended "solutions" (e.g. hardcoding answers to unit tests).

"Reward hacking" and "Reward≠OT" refer to different meanings of "reward"

We confront yet another... (read 1886 more words →)

Me (genius): "In the limit, a sufficiently powerful model will eventually manifest instrumentally convergent hostility to human values."
You (fool): "Wait, what limit are we taking here?"
Me (extra genius):
You (confused fool): "That reasoning seems... questionable."
Me (resplendently extra genius): "It seems I must explain every trivial point. It should be obvious to the Wise that $M$ is only transformed by the identity function, which is continuous. Thus the limit holds. QED. I would suggest you meditate further upon the implications of the null string."

(Reproduced from @Quintin Pope with permission)

Automatic alt text generation

TurnTrout

3mo

When I started writing in 2018, I didn't include alt text. Over the years, over 500 un-alt'ed images piled up. These (mostly) aren't simple images of geese or sunsets. Most of my images are technical, from graphs of experimental results to hand-drawn AI alignment comics. Describing these assets was a major slog, so I turned to automation.

To implement accessibility best practices, I needed alt text that didn't describe the image so much as communicate the information the image is supposed to communicate. None of the scattershot AI projects I found met the bar, so I wrote my own package.

alt-text-llm is an AI-powered tool for generating and managing alt text in markdown files.... (read more)

[Paper] Output Supervision Can Obfuscate the CoT

jacob_drori

jacob_drori, lukemarks, cloud, TurnTrout

3mo

We show that training against a monitor that only sees outputs (not CoTs) can cause obfuscated^[1] CoTs! The obfuscation happens in two ways:

When a model is trained to produce a safe-looking output, that model may generalize to making its CoTs look safe.
Since later tokens are conditioned on earlier ones, safe‑looking CoTs may increase the likelihood of safe outputs, causing safe-looking CoTs to be reinforced.

We introduce two mitigations and they work reasonably well. Compared to regular training, our mitigations improve monitorability with comparable or better task performance in two of our three settings. Overall, our work suggests that preserving CoT monitorability is harder than previously thought.

Read our paper on Arxiv. Produced as part of... (read 1224 more words →)

GDM: Consistency Training Helps Limit Sycophancy and Jailbreaks in Gemini 2.5 Flash

TurnTrout

TurnTrout, Rohin Shah

3mo

Authors: Alex Irpan* and Alex Turner*, Mark Kurzeja, David Elson, and Rohin Shah

You’re absolutely right to start reading this post! What a rational decision!

Even the smartest models’ factuality or refusal training can be compromised by simple changes to a prompt. Models often praise the user’s beliefs (sycophancy) or satisfy inappropriate requests which are wrapped within special text (jailbreaking). Normally, we fix these problems with Supervised Finetuning (SFT) on static datasets showing the model how to respond in each context. While SFT is effective, static datasets get stale: they can enforce outdated guidelines (specification staleness) or be sourced from older, less intelligent models (capability staleness).

We explore consistency training, a self-supervised paradigm that teaches... (read 1608 more words →)

An Opinionated Guide to Privacy Despite Authoritarianism

TurnTrout

4mo

I've created a highly specific and actionable privacy guide, sorted by importance and venturing several layers deep into the privacy iceberg. I start with the basics (password manager) but also cover the obscure (dodging the millions of Bluetooth tracking beacons which extend from stores to traffic lights; anti-stingray settings; flashing GrapheneOS on a Pixel). I feel strongly motivated by current events, but the guide also contains a large amount of timeless technical content. Here's a preview.

Digital Threat Modeling Under Authoritarianism by Bruce Schneier
Being innocent won't protect you.
This is vital to understand. Surveillance systems and sorting algorithms make mistakes. This is apparent in the fact that we are routinely served advertisements for products

... (read 969 more words →)

180

Recontextualization Mitigates Specification Gaming Without Modifying the Specification

ariana_azarbal

ariana_azarbal, Victor Gillioz, TurnTrout, cloud

4mo

Recontextualization distills good behavior into a context which allows bad behavior. More specifically, recontextualization is a modification to RL which generates completions from prompts that discourage misbehavior, appends those completions to prompts that are more tolerant of misbehavior, and finally reinforces the model on the recontextualized instruction-completion data. Due to the data generation and training prompts differing in their attitude towards misbehavior, recontextualization builds resistance to misbehaviors that the training signal mistakenly reinforces.

For example, suppose our reward signal does not robustly penalize deception. Recontextualization generates completions while discouraging deception and then creates training data by updating those completions' prompts to encourage deception. That simple tweak can prevent the model from becoming dishonest!

Read... (read 3013 more words →)

141

Apply for MATS mentorship at Team Shard before October 2nd. Alex Cloud (@cloud) and I run this MATS stream together. We help alignment researchers grow from seeds into majestic trees. We have fun, consistently make real alignment progress, and have a dedicated shitposting channel.

Our mentees have gone on to impactful jobs, including (but not limited to)

@lisathiergart (MATS 3.0) moved on to being a research lead at MIRI and now a senior director at the SL5 task force,
@cloud (MATS 6.0) went from mentee to co-mentor in one round and also secured a job at Anthropic, and
@Jacob G-W (MATS 6.0) also accepted an offer from Anthropic!

We likewise have a strong track record in research... (read more)

•••

Training a Reward Hacker Despite Perfect Labels

ariana_azarbal

ariana_azarbal, Victor Gillioz, TurnTrout

6mo

Summary: Perfectly labeled outcomes in training can still boost reward hacking tendencies in generalization. This can hold even when the train/test sets are drawn from the exact same distribution. We induce this surprising effect via a form of context distillation, which we call re-contextualization:

Generate model completions with a hack-encouraging system prompt + neutral user prompt.
Filter the completions to remove hacks.
Train on these prompt-completion pairs with the hack-encouraging system prompt removed.

While we solely reinforce honest outcomes, the reasoning traces focus on hacking more than usual. We conclude that entraining hack-related reasoning boosts reward hacking. It's not enough to think about rewarding the right outcomes—we might also need to reinforce the right reasons.

Introduction

It's often... (read 1143 more words →)

137

In a thread which claimed that Nate Soares radicalized a co-founder of e-acc, Nate deleted my comment – presumably to hide negative information and anecdotes about how he treats people. He also blocked me from commenting on his posts.

The information which Nate suppressed

The post concerned (among other topics) how to effectively communicate about AI safety, and positive anecdotes about Nate's recent approach. (Additionally, he mentions "I’m regularly told that I’m just an idealistic rationalist who’s enamored by the virtue of truth" -- a love which apparently does not extend to allowing people to read negative truths about his own behavior.)

Here are the parents of the comment which Nate deleted:

@jdp (top-level comment)
For what

... (read 504 more words →)

Want to get into alignment research? Alex Cloud (@cloud) & I mentor Team Shard, responsible for gradient routing, steering vectors, retargeting the search in a maze agent, MELBO for unsupervised capability elicitation, and a new robust unlearning technique (TBA) :) We discover new research subfields.

Apply for mentorship this summer at https://forms.matsprogram.org/turner-app-8

I recently read "Targeted manipulation and deception emerge when optimizing LLMs for user feedback."

All things considered: I think this paper oversells its results, probably in order to advance the author(s)’ worldview or broader concerns about AI. I think it uses inflated language in the abstract and claims to find “scheming” where there is none. I think the experiments are at least somewhat interesting, but are described in a suggestive/misleading manner.

The title feels clickbait-y to me --- it's technically descriptive of their findings, but hyperbolic relative to their actual results. I would describe the paper as "When trained by user feedback and directly told if that user is easily manipulable, safety-trained LLMs still... (read 1074 more words →)

Be careful that you don't say "the incentives are bad :(" as an easy out. "The incentives!" might be an infohazard, promoting a sophisticated sounding explanation for immoral behavior:

If you find yourself unable to do your job without regularly engaging in practices that clearly devalue the very science you claim to care about, and this doesn’t bother you deeply, then maybe the problem is not actually The Incentives—or at least, not The Incentives alone. Maybe the problem is You.
~ No, it’s not The Incentives—it’s you

The lesson extends beyond science to e.g. Twitter conversations where you're incentivized to sound snappy and confident and not change your mind publicly.

I quite appreciated Sam Bowman's recent Checklist: What Succeeding at AI Safety Will Involve. However, one bit stuck out:

In Chapter 3, we may be dealing with systems that are capable enough to rapidly and decisively undermine our safety and security if they are misaligned. So, before the end of Chapter 2, we will need to have either fully, perfectly solved the core challenges of alignment, or else have fully, perfectly solved some related (and almost as difficult) goal like corrigibility that rules out a catastrophic loss of control. This work could look quite distinct from the alignment research in Chapter 1: We will have models to study that are much closer to the models

... (read more)

A semi-formalization of shard theory. I think that there is a surprisingly deep link between "the AIs which can be manipulated using steering vectors" and "policies which are made of shards."^[1] In particular, here is a candidate definition of a shard theoretic policy:

A policy has shards if it implements at least two "motivational circuits" (shards) which can independently activate (more precisely, the shard activation contexts are compositionally represented).

By this definition, humans have shards because they can want food at the same time as wanting to see their parents again, and both factors can affect their planning at the same time! The maze-solving policy is made of shards because we found activation directions for... (read more)

TurnTrout

Steering GPT-2-XL by adding an activation vector

Reward is not the optimization target

Lessons I've Learned from Self-Teaching

Understanding and controlling a maze-solving policy network

TurnTrout

TurnTrout

punctilio: the best text prettifier

No instrumental convergence without AI psychology

Apply for Alignment Mentorship from TurnTrout and Alex Cloud

2025-Era “Reward Hacking” Does Not Show that Reward Is the Optimization Target

Automatic alt text generation

[Paper] Output Supervision Can Obfuscate the CoT

GDM: Consistency Training Helps Limit Sycophancy and Jailbreaks in Gemini 2.5 Flash

Interpreting a Maze-Solving Network

Thoughts on Corrigibility

The Causes of Power-seeking and Instrumental Convergence

Reframing Impact

Becoming Stronger

TurnTrout

Steering GPT-2-XL by adding an activation vector

Reward is not the optimization target

Lessons I've Learned from Self-Teaching

Understanding and controlling a maze-solving policy network

TurnTrout

TurnTrout

punctilio: the best text prettifier

No instrumental convergence without AI psychology

Apply for Alignment Mentorship from TurnTrout and Alex Cloud

2025-Era “Reward Hacking” Does Not Show that Reward Is the Optimization Target

Automatic alt text generation

[Paper] Output Supervision Can Obfuscate the CoT

GDM: Consistency Training Helps Limit Sycophancy and Jailbreaks in Gemini 2.5 Flash

Interpreting a Maze-Solving Network

Thoughts on Corrigibility

The Causes of Power-seeking and Instrumental Convergence

Reframing Impact

Becoming Stronger

Why punctilio?

"Reward hacking" and "Reward≠OT" refer to different meanings of "reward"

Introduction

The information which Nate suppressed