LESSWRONG
LW

All of TFD's Comments + Replies

AI #106: Not so Fast
TFD10

A judge has ruled that on the merits Musk is probably correct that the conversion is not okay

The question that stopped Musk from getting one was whether Musk has standing to sue based on his donations. The judge thinks that is a toss-up. But the judge went out of their way to point out that if Musk does have standing, he’s a very strong favorite to win, implicitly 75%+ and maybe 90%.

Can you explain what parts of the order lead to these conclusions? for several of the counts The Court does find standing issues, but the count relevant to this (breach of char... (read more)

Reply
Sabotage Evaluations for Frontier Models
TFD32

One question about the threat model presented here. If we consider a given sabotage evaluation, does the threat model include the possibility of that sabotage evaluation itself being subject to sabotage (or sandbagging, "deceptive alignment" etc.)? "Underperforming on dangerous-capability evaluations" would arguably include this, but the paper introduces the term "sabotage evaluations". So depending on whether the authors consider sabotage evaluations a subset vs a distinct set from dangerous-capabilities evaluations I could see this going either way based... (read more)

Reply
4David Duvenaud
Yes, we want to address the possibility of sandbagging on sabotage evaluations too.  Thanks for noting that our phrasing is ambiguous on this point. We can easily incorporate white-box monitoring into any of these evaluations.  This version only included black-box monitoring for simplicity, but all of the evals except for sandbagging involve a monitor producing a suspiciousness score.  That score could be informed by a white-box / internals-based side channel without changing anything else. Great question.  We didn't discuss it in the paper, because it was long enough already, but we've certainly thought about this problem when designing the evals and related safety cases.  A rough sketch of the argument looks something like this:  "We're confident that our anti-refusal training is effective because it uses supervised fine-tuning.  To double-check this empirically, our sandbagging capabilities eval indicates that even a model trained to sandbag can't effectively do so after our anti-refusal / capabilities elicitation procedure.". One problem with this argument is that our sandbagging eval didn't include the exact sabotage tasks that we'd like to make claims about - they couldn't yet because the evals in the paper were developed in parallel.  Probably we'll want future versions of the sandbagging eval to either cover these skills and formats more closely, or include tests to demonstrate consistent generalization across domains.