LESSWRONG
LW

Vika — LessWrong

Replying toSafety researchers should take a public stance

Safety researchers should take a public stance

Similarly to Leo, I think racing to AGI is bad and it would be good to coordinate not to do that. I support proposals for AI regulations that would make this easier. I signed various open letters to this effect on AI red lines, AI Treaty, SB1047, and others.

I'm pretty uncertain if pushing for an AI pause now is an effective way to achieve this, and I think it's quite plausibly better to pause later rather than now. In the next few years, we will have more solid evidence of misalignment, and we would be able to make better use of a pause period (which is likely to be finite) e.g. with automated... (read more)

Replying toAn epistemic advantage of working as a moderate

Vika6mo

An epistemic advantage of working as a moderate

This is a significant effect in general, but I'm not sure how much epistemic cost it creates in this situation. Moderates working with AI companies mostly interact with safety researchers, who are not generally doing bad things. There may be a weaker second-order effect where the safety researchers at labs have some epistemic distortion from cooperating with capabilities efforts, and this can influence external people who are collaborating with them.

-3

Vika6mo

Thanks for this helpful framework, it's also useful for people who are submitting rebuttals not for the first time :). Sadly NeurIPS and ICML no longer allow a top-level comment (for silly technical reasons).

Access to agent CoT makes monitors vulnerable to persuasion

Nikita Ostrovsky

Nikita Ostrovsky, Julija Bainiaksina, Tuna, Vika

7mo

This research was completed for London AI Safety Research (LASR) Labs 2025 by Jennifer Za, Julija Bainiaskina, Nikita Ostrovsky and Tanush Chopra. The team was supervised by Victoria Krakovna (Google DeepMind). Find out more about the programme and express interest in upcoming iterations here.

Introduction

Many proposals for controlling misaligned LLM agents rely on using a second LLM as a monitor [1]. A concerning vulnerability of this setup is that agents may persuade monitors to approve undesirable actions.

Our research investigates the capability of frontier models to persuade monitors to approve actions that are against the monitor’s policy, and how this changes when the monitor has access to the agent’s chain-of-thought (CoT) [2]. We open source... (read 969 more words →)

Evaluating and monitoring for AI scheming

Vika

Vika, Scott Emmons, Erik Jenner, Mary Phuong, Lewis Ho, Rohin Shah

7mo

As AI models become more sophisticated, a key concern is the potential for “deceptive alignment” or “scheming”. This is the risk of an AI system becoming aware that its goals do not align with human instructions, and deliberately trying to bypass the safety measures put in place by humans to prevent it from taking misaligned action. Our initial approach, as laid out in the Frontier Safety Framework, focuses on understanding current scheming capabilities of models and developing chain-of-thought monitoring mechanisms to oversee models once they are capable of scheming.

We present two pieces of research, focusing on (1) understanding and testing model capabilities necessary for scheming, and (2) stress-testing chain-of-thought monitoring as a... (read 1426 more words →)

A short course on AGI safety from the GDM Alignment team

Vika

Vika, Rohin Shah

We are excited to release a short course on AGI safety for students, researchers and professionals interested in this topic. The course offers a concise and accessible introduction to AI alignment, consisting of short recorded talks and exercises (75 minutes total) with an accompanying slide deck and exercise workbook. It covers alignment problems we can expect as AI capabilities advance, and our current approach to these problems (on technical and governance levels). If you would like to learn more about AGI safety but have only an hour to spare, this course is for you!

Here are some key topics you will learn about in this course:

The evidence for the field being on a path to

... (read 263 more words →)

105

Replying toMoving on from community living

Vika2y

Moving on from community living

Thanks Gunnar, those sound like reasonable guidelines!

The common space was still usable by other housemates, but it felt a bit cramped, and I felt more internal pressure to keep it tidy for others to use (while in my own space I feel more comfortable leaving it messy for longer). Our housemates were very tolerant of having kid stuff everywhere, but it still seemed suboptimal.
The fridge, laundry area and outdoor garbage bins were the most overloaded in our case, while the shed and attic were sufficiently spacious and less in demand that it wasn't an issue. Gathering everyone for a decluttering spree is a noble effort but a bit hard to coordinate. I

Vika2y

Moving on from community living

Yeah, living in a group house was important for our mental well-being as well, especially during the pandemic and parental leaves. I think the benefits of the social environment decreased somewhat because we were often occupied with the kids and had less time to socialize. It was still pretty good though - if Deep End was close enough to schools we like, we would have probably stayed and tried to make it work (though this would likely involve taking over more of the house over time). Our new place contributes to mental well-being by being much closer to nature (while still a reasonable bike commute from the office).

Replying toMoving on from community living

Vika2y

Moving on from community living

I would potentially be interested, if we knew the other people well. I find that, as a parent, I'm less willing to take risks by moving in with people I don't know that well, because the stress and uncertainty associated with things not working out are more costly.

Space requirements would likely be the biggest difficulty though, as you pointed out. A family with 2 kids probably needs at least 3 rooms, so two such families together would need a 6 bedroom house. This is hard to find, especially combined with other constraints like proximity to schools, commute distances, etc. It's a lot easier to live near other families than sharing a living space.

Moving on from community living

Vika

After 7 years at Deep End (and 4 more years in other group houses before that), Janos and I have moved out to live near a school we like and some lovely parks. The life change is bittersweet - we will miss living with our friends, but also look forward to a logistically simpler life with our kids. Looking back, here are some thoughts on what worked and didn't work well about living in a group house with kids.

Pros. There were many things that we enjoyed about living at Deep End, and for a long time I couldn't imagine ever wanting to leave. We had a low-effort social life - it was... (read 658 more words →)

Replying toMore Is Different for AI

Vika2yReview for 2022 Review

More Is Different for AI

I really enjoyed this sequence, it provides useful guidance on how to combine different sources of knowledge and intuitions to reason about future AI systems. Great resource on how to think about alignment for an ML audience.

Replying toCounterarguments to the basic AI x-risk case

Vika2yReview for 2022 Review

Counterarguments to the basic AI x-risk case

I think this is still one of the most comprehensive and clear resources on counterpoints to x-risk arguments. I have referred to this post and pointed people to a number of times. The most useful parts of the post for me were the outline of the basic x-risk case and section A on counterarguments to goal-directedness (this was particularly helpful for my thinking about threat models and understanding agency).

Replying toRefining the Sharp Left Turn threat model, part 1: claims and mechanisms

Vika2yReview for 2022 Review

Refining the Sharp Left Turn threat model, part 1: claims and mechanisms

I still endorse the breakdown of "sharp left turn" claims in this post. Writing this helped me understand the threat model better (or at all) and make it a bit more concrete.

This post could be improved by explicitly relating the claims to the "consensus" threat model summarized in Clarifying AI X-risk. Overall, SLT seems like a special case of that threat model, which makes a subset of the SLT claims:

Claim 1 (capabilities generalize far) and Claim 3 (humans fail to intervene), but not Claims 1a/b (simultaneous / discontinuous generalization) or Claim 2 (alignment techniques stop working).
It probably relies on some weaker version of Claim 2 (alignment techniques failing to apply to more

... (read more)

Replying toClarifying AI X-risk

Vika2y*Review for 2022 Review

Clarifying AI X-risk

I continue to endorse this categorization of threat models and the consensus threat model. I often refer people to this post and use the "SG + GMG → MAPS" framing in my alignment overview talks. I remain uncertain about the likelihood of the deceptive alignment part of the threat model (in particular the requisite level of goal-directedness) arising in the LLM paradigm, relative to other mechanisms for AI risk.

In terms of adding new threat models to the categorization, the main one that comes to mind is Deep Deceptiveness (let's call it Soares2), which I would summarize as "non-deceptiveness is anti-natural / hard to disentangle from general capabilities". I would probably put this under "SG MAPS", assuming an irreducible kind of specification gaming where it's very difficult (or impossible) to distinguish deceptiveness from non-deceptiveness (including through feedback on the model's reasoning process). Though it could also be GMG, where the "non-deceptiveness" concept is incoherent and thus very difficult to generalize well.

When discussing AI risks, talk about capabilities, not intelligence

Vika

Public discussions about catastrophic risks from general AI systems are often derailed by using the word “intelligence”. People often have different definitions of intelligence, or associate it with concepts like consciousness that are not relevant to AI risks, or dismiss the risks because intelligence is not well-defined. I would advocate for using the term “capabilities” or “competence” instead of “intelligence” when discussing catastrophic risks from AI, because this is what the concerns are really about. For example, instead of “superintelligence” we can refer to “super-competence” or “superhuman capabilities”.

When we talk about general AI systems posing catastrophic risks, the concern is about losing control of highly capable AI systems. Definitions... (read 695 more words →)

124

[Linkpost] Some high-level thoughts on the DeepMind alignment team's strategy

Vika

Vika, Rohin Shah

Update: The original title "DeepMind alignment team's strategy" was poorly chosen. Some readers seem to have interpreted the previous title as meaning that this was everything that we had thought about or wanted to say about an "alignment plan", which is an unfortunate misunderstanding. We simply meant to share slides that gave a high-level outline of how we were thinking about our alignment plan, in the interest of partial communication rather than no communication.

I recently gave a talk about the DeepMind alignment team's strategy at the SERI MATS seminar, sharing the slides here for anyone interested. This is an overview of our threat models, our high-level current plan, and how current projects... (read 1310 more words →)

128

Power-seeking can be probable and predictive for trained agents

Vika

Vika, janos

Power-seeking is a major source of risk from advanced AI and a key element of most threat models in alignment. Some theoretical results show that most reward functions incentivize reinforcement learning agents to take power-seeking actions. This is concerning, but does not immediately imply that the agents we train will seek power, since the goals they learn are not chosen at random from the set of all possible rewards, but are shaped by the training process to reflect our preferences. In this work, we investigate how the training process affects power-seeking incentives and show that they are still likely to hold for trained agents under some assumptions (e.g. that the agent learns... (read 2430 more words →)

Refining the Sharp Left Turn threat model, part 2: applying alignment techniques

Vika

Vika, Vikrant Varma, Ramana Kumar, Rohin Shah

A Sharp Left Turn (SLT) is a possible rapid increase in AI system capabilities (such as planning and world modeling). This post will outline our current understanding of the most promising plan for getting through an SLT and how it could fail (conditional on an SLT occurring).

In a previous post, we broke down the SLT threat model into 3 claims:

Capabilities will generalize far (i.e. to many domains)
Alignment techniques that worked previously will fail during this transition
Humans can’t intervene to prevent or align this transition

We proposed some possible mechanisms for Claim 1, while this post will investigate possible arguments and mechanisms for Claim 2.

Plan: we use alignment techniques to find a goal-aligned model before SLT

... (read 1755 more words →)

Threat Model Literature Review

zac_kenton

zac_kenton, Rohin Shah, David Lindner, Vikrant Varma, Vika, Mary Phuong, Ramana Kumar, Elliot Catt

TL;DR: This post provides a literature review of some threat models of how misaligned AI can lead to existential catastrophe. See our accompanying post for high-level discussion, a categorization and our consensus threat model.

Where available we cribbed from the summary in the Alignment Newsletter.

For other people's overviews of some threat models, see here and here.

[ETA: When considering strengths and weaknesses of each threat model, this was done with respect to our goal of better generation/prioritization among alignment research projects. They shouldn't necessarily be read as an all-things-considered review of that work.]

Categorization

Threat Models

Goal misgeneralization + Specification Gaming ➜ MAPS

Is Power-Seeking AI an Existential Risk?

... (read 7259 more words →)

Clarifying AI X-risk

zac_kenton

zac_kenton, Rohin Shah, David Lindner, Vikrant Varma, Vika, Mary Phuong, Ramana Kumar, Elliot Catt

TL;DR: We give a threat model literature review, propose a categorization and describe a consensus threat model from some of DeepMind's AGI safety team. See our post for the detailed literature review.

The DeepMind AGI Safety team has been working to understand the space of threat models for existential risk (X-risk) from misaligned AI. This post summarizes our findings. Our aim was to clarify the case for X-risk to enable better research project generation and prioritization.

First, we conducted a literature review of existing threat models, discussed their strengths/weaknesses and then formed a categorization based on the technical cause of X-risk and the path that leads to X-risk. Next we tried to find consensus... (read 1096 more words →)

127

LESSWRONG
LW

LESSWRONG
LW

Vika

DeepMind alignment team opinions on AGI ruin arguments

Possible takeaways from the coronavirus pandemic for slow AI takeoff

[Linkpost] Some high-level thoughts on the DeepMind alignment team's strategy

Clarifying AI X-risk

Vika

Vika

Access to agent CoT makes monitors vulnerable to persuasion

Evaluating and monitoring for AI scheming

A short course on AGI safety from the GDM Alignment team

Moving on from community living

When discussing AI risks, talk about capabilities, not intelligence

[Linkpost] Some high-level thoughts on the DeepMind alignment team's strategy

Power-seeking can be probable and predictive for trained agents

DeepMind Alignment Team on Threat Models and Plans

Vika

DeepMind alignment team opinions on AGI ruin arguments

Possible takeaways from the coronavirus pandemic for slow AI takeoff

[Linkpost] Some high-level thoughts on the DeepMind alignment team's strategy

Clarifying AI X-risk

Vika

Vika

Access to agent CoT makes monitors vulnerable to persuasion

Evaluating and monitoring for AI scheming

A short course on AGI safety from the GDM Alignment team

Moving on from community living

When discussing AI risks, talk about capabilities, not intelligence

[Linkpost] Some high-level thoughts on the DeepMind alignment team's strategy

Power-seeking can be probable and predictive for trained agents

DeepMind Alignment Team on Threat Models and Plans

Plan: we use alignment techniques to find a goal-aligned model before SLT

Categorization

Threat Models

Goal misgeneralization + Specification Gaming ➜ MAPS

Is Power-Seeking AI an Existential Risk?