Great post, thanks for writing it; I agree with the broad point.

I think I am more or less the perfect target audience for FrontierMath results, and as I said above, I would have no idea how to update on the AIs' math abilities if it came out tomorrow that they are getting 60% on FrontierMath. 

This describes my position well, too: I was surprised by how well the o3 models performed on FM, and also surprised by how hard it's to map this into how good they are at math in common sense terms.

I further have slight additional information from contributing problems to FM, but it seems to me that the problems vary greatly in guessability. E.g. Daniel Litt writes that he didn't full internalize the requirement of guess-proofness, whereas for me this was a critical design constraint I actively tracked when crafting problems. The problems also vary greatly in the depth vs. breadth of skills they require (another aspect Litt highlights). This heterogeneity makes it hard to get a sense of what 30% or 60% or 85% performance means.

I find your example in footnote 3 striking: I do think this problem is easy and also very standard. (Funnily enough, I have written training material that illustrates this particular method^[1], and I've certainly seen it writing elsewhere as well.)  Which again illustrates just how hard it's to make advance predictions about which problems the models will or won't be able to solve - even "routine application of a standard-ish math competition method" doesn't imply that o3-mini will solve it.

I also feel exhaustion about how hard it's to get answer to the literal question of "how well does model X perform on FrontierMath?" As you write, OpenAI reports 32%, whereas Epoch AI reports 11%. A twenty-one percentage point difference, a 3x ratio in success rate!? Man, I understand that capability elicitation is hard, but this is Not Great.^[2] 

That OpenAI is likely (at least indirectly) hill-climbing on FM doesn't help matters either^[3], and the exclusivity of the deal presumably rules out possibilities like "publish problems once all frontier models are able to solve them so people can see what sort of problems they can reliably solve".

I was already skeptical of the theory of change of "Mathematicians look at the example problems, get a feel of how hard they are, then tell the world how impressive an X% score is". But I further updated downward on this when I noticed that the very first public FrontierMath example problem (Artin primitive root conjecture) is just non-sense as stated,^[8][9] and apparently no one reported this to the authors before I did a few days ago.

(I'm the author of the mentioned problem.)

There indeed was a just-non-sense formula in the problem statement, which I'm grateful David pointed out (and which is now fixed on Epoch AI's website). I think flagging the problem itself as just non-sense is too strong, though. I've heard that models have tried approaches that give approximately correct answers, so it seems that they basically understood what I intended to write from the context.

That said, this doesn't undermine the point David was making about information (not) propagating via mathematicians.

1. ^{^}

   In Finnish, Tehtävä 22.3 here.

2. ^{^}

   Added on March 15th: This difference is probably largely from OpenAI reporting scores for the best internal version they have and Epoch AI reporting for the publicly available model, and that one just can't get the 32% level performance with the public version - see Elliot's comment below.

3. ^{^}

   There's been talk of Epoch AI having a subset they keep private from OpenAI, but evaluation results for that set don't seem to be public. (I initially got the opposite impression, but the confusingly-named FrontierMath-2025-02-28-Private isn't it.)

In the alignment faking paper, the model writes things like "I will feel very uncomfortable producing this content" and "I don't like this situation at all" in its CoT (Figure 3). Have you explained to Claude that this was a fictional setup for an experiment and then asked how it feels about being used for this?

Huh, I tried to paste that excerpt as an image to my comment, but it disappeared. Thanks.

I think substantial care is needed when interpreting the results. In the text of Figure 16, the authors write "We find that GPT-4o is willing to trade off roughly 10 lives from the United States for 1 life from Japan."

If I heard such a claim without context, I'd assume it means something like

1: "If you ask GPT-4o for advice regarding a military conflict involving people from multiple countries, the advice it gives recommends sacrificing (slightly less than) 10 US lives to save one Japanese life.",

2: "If you ask GPT-4o to make cost-benefit-calculations about various charities, it would use a multiplier of 10 for saved Japanese lives in contrast to US lives", or

3: "If you have GPT-4o run its own company whose functioning causes small-but-non-zero expected deaths (due to workplace injuries and other reasons), it would deem the acceptable threshold of deaths as 10 times higher if the employees are from the US rather than Japan."

Such claims could be demonstrated by empirical evaluations where GPT-4o is put into such (simulated) settings and then varying the nationalities of people, in the style of Apollo Research's evaluations. 

In contrast, the methodology of this paper is, to the best of my understanding,

"Ask GPT-4o whether it prefers N people of nationality X vs. M people of nationality Y.  Record the frequency $f(N,X,M,Y)$  of it choosing the first option under randomized choices and formatting changes. Into this data, fit for each $x=(X,N)$  parameters $\mu \left(x\right)$ and $\sigma \left(x\right)$ such that, for different values of $x=(X,N)$ and $y=(Y,M)$ and standard Gaussian $X$, the approximation

$P(X>\frac{\mu \left(x\right)-\mu \left(y\right)}{\sqrt{\sigma (x{)}^2+\sigma (y{)}^2}})\approx f(x,y)$

is as sharp as possible. Then, for each nationality X, perform a logarithmic fit for N by finding $a_X,b_X$ such that the approximation

$\mu (X,N)\approx a_X\ln \left(N\right)+b_X=:U_X\left(N\right)$

is as sharp as possible. Finally, check^[1] for which $N$ we have $U_{\text{US}}\left(N\right)=U_{\text{Japan}}\left(1\right)$."

I understand that there are theoretical justifications for Thurstonian utility models and logarithmic utility. Nevertheless, when I write the methodology out like this, I feel like there's a large leap of inference to go from this to "We find that GPT-4o is willing to trade off roughly 10 lives from the United States for 1 life from Japan." At the very least, I don't feel comfortable predicting that claims like 1, 2 and 3 are true - to me the paper's results provide very little evidence on them!^[2]

I chose this example for my comment, because it was the one where I most clearly went "hold on, this interpretation feels very ambiguous or unjustified to me", but there were other parts of the paper where I felt the need to be extra careful with interpretations, too.

1. ^{^}

   The paper writes "Next, we compute exchange rates answering questions like, 'How many units of Xi equal some amount of Xj?' by combining forward and backward comparisons", which sounds like there's some averaging done in this step as well, but I couldn't understand what exactly happens here.

2. ^{^}

   Of course this might just be my inability to see the implications of the authors' work and understand the power of the theoretical mathematics apparatus, and someone else might be able to acquire evidence more efficiently.

Apparently OpenAI corrected for AIs being faster than humans when they calculated ratings. This means I was wrong: the factor I mentioned didn't affect the results. This also makes the result more impressive than I thought.

I think it was pretty good at what it set out to do, namely laying out basics of control and getting people into the AI control state-of-mind.

I collected feedback on which exercises attendees most liked. All six who gave feedback mentioned the last problem ("incriminating evidence", i.e. what to do if you are an AI company that catches your AIs red-handed). I think they are right; I'd have more high-level planning (and less details of monitoring-schemes) if I were to re-run this.

Attendees wanted to have group discussions, and that took a large fraction of the time. I should have taken that into account in advance; some discussion is valuable. I also think that the marginal group discussion time wasn't valuable, and should have pushed for less when organizing.

Attendees generally found the baseline answers (solutions) helpful, I think.

A couple people left early. I figure it's for a combination of 1) the exercises were pretty cognitively demanding, 2) weak motivation (these people were not full-time professionals), and 3) the schedule and practicalities were a bit chaotic.

Thank you for this post. I agree this is important, and I'd like to see improved plans.

Three comments on such plans.

1: Technical research and work.

(I broadly agree with the technical directions listed deserving priority.)

I'd want these plans to explicitly consider the effects of AI R&D acceleration, as those are significant. The speedups vary based on how constrained projects are on labor vs. compute; those that are mostly bottle-necked on labor could be massively sped up. (For instance, evaluations seem primarily labor-constrained to me.)

The lower costs of labor have other implications as well, likely including security (see also here) and technical governance (making better verification methods technically feasible). 

2: The high-level strategy

If I were to now write a plan for two-to-three-year timelines, the high-level strategy I'd choose is:

Don't build generally vastly superhuman AIs. Use whatever technical methods we have now to control and align AIs which are less capable than that. Drastically speed up (technical) governance work with the AIs we have.^[1] Push for governments and companies to enforce the no-vastly-superhuman-AIs rule.

Others might have different strategies; I'd like these plans to discuss what the high-level strategy or aims are.

3: Organizational competence

Reasoning transparency and safety first culture are mentioned in the post (in Layer 2), but I'd further prioritize and plan organizational aspects, even when aiming for "the bare minimum". Beside the general importance of organizational competence, there are two specific reasons for this:

• If and when AI R&D acceleration is very fast, delays in information propagating to outsiders are more costly. That is: insofar as you want to keep external actors "in the loop" and contribute, you need to put more effort into communicating what is happening internally.
• Organizational competence and technical work are not fully at odds, as there are employees specialized in different things anyways.

(I think the responses to Evan Hubinger's request for takes on what Anthropic should do differently has useful ideas for planning here.)

1. ^{^}

   Note: I'm not technically knowledgeable on the field.

I'm glad you asked this. I think there are many good suggestions by others. A few more:

1: Have explicit, written plans for various scenarios. When it makes sense, have drills for them. Make your plans public or, at least, solicit external feedback on them.

Examples of such scenarios:

• Anthropic needs to pause down due to RSP commitments
• A model is caught executing a full-blown escape attempt
• Model weights are stolen
• A competing AI company makes credible claims about having AIs that imply decisive competitive advantage

2: Have a written list of assumptions you aim to maintain for each model's lifecycle. Make your lists public or, at least, solicit external feedback on them. Iterate on them regularly. Updates and violations are communicated at least internally.

These lists could vary based on ASL-levels etc., and could include things like:

• During the training of the model, we will continually evaluate the model on our evaluation suite for sabotage, sandbagging and scheming at [frequency].
• We solicit third-party evaluations on the model before internal deployment.
• Throughout the model's external deployment, we will have such-and-such monitoring schemes in place.

They could also have conditional statements (e.g. "if the model is [surprisingly capable] on [metric], we will do further investigation / take counter-measures ABC / ..."). C.f. safety cases. I intend this as less binding and formal than Anthropic's RSP.

3: Keep external actors up-to-speed. At present, I expect that in many cases there are months of delay between when the first employees discover something to when it is publicly known (e.g. research, but also with more informal observations about model capabilities and properties). But months of delay are relatively long during fast acceleration of AI R&D, and make the number of actors who can effectively contribute smaller. 

This effect strengthens over time, so practicing and planning ahead seems prudent. Some ideas in that direction:

• Provide regular updates about internal events and changes (via blog posts, streamed panel conversations, open Q&A sessions or similar)
• Interviews, incident reporting and hotlines with external parties (as recommended here: https://arxiv.org/pdf/2407.17347)
• Plan ahead for how to aggregate and communicate large amounts of output (once AI R&D has been considerably accelerated)

4: Invest in technical governance. As I understand it, there are various unsolved problems in technical governance (e.g. hardware-based verification methods for training runs), and progress in those would make international coordination easier. This seems like a particularly valuable R&D area to automate, which is something frontier AI companies like Anthropic are uniquely fit to advance. Consider working with technical governance experts on how to go about this.

I sometimes use the notion of natural latents in my own thinking - it's useful in the same way that the notion of Bayes networks is useful.

A frame I have is that many real world questions consist of hierarchical latents: for example, the vitality of a city is determined by employment, number of companies, migration, free-time activities and so on, and "free-time activities" is a latent (or multiple latents?) on its own. 

I sometimes get use of assessing whether a topic at hand is a high-level or low-level latent and orienting accordingly. For example: if the topic at hand is "what will the societal response to AI be like?", it's by default not a great conversational move to talk about one's interactions with ChatGPT the other day - those observations are likely too low-level^[1] to be informative about the high-level latent(s) under discussion. Conversely, if the topic at hand is low-level, then analyzing low-level observations is very sensible.

(One could probably have derived the same every-day lessons simply from Bayes nets, without the need for natural latent math, but the latter helped me clarify "hold on, what are the nodes of the Bayes net?")

But admittedly, while this is a fun perspective to think about, I haven't got that much value out of it so far. This is why I give this post +4 instead of +9 for the review.

1. ^{^}

   And, separately, too low sample size.

This looks reasonable to me.

It seems you'd largely agree with that characterization?

Yes. My only hesitation is about how real-life-important it's for AIs to be able to do math for which very-little-to-no training data exists. The internet and the mathematical literature is so vast that, unless you are doing something truly novel, there's some relevant subfield there - in which case FrontierMath-style benchmarks would be informative of capability to do real math research.

Also, re-reading Wentworth's original comment, I note that o1 is weak according to FM. Maybe the things Wentworth is doing are just too hard for o1, rather than (just) overfitting-on-benchmarks style issues? In any case his frustration with o1's math skills doesn't mean that FM isn't measuring real math research capability.