Quick Takes

The AI safety ecosystem is so well resourced that it has been correctly identified by many as one of the best paths into high prestige AI research jobs. This person on twitter has written a popular article about getting into frontier ai labs and a Field Guide to AI Fellowships. The "AI Fellowships" are mostly AI safety programs funded by CG/OpenPhil. I have also noticed that people in ML research are quite likely to have heard of MATS and be interested in participating even when they have very little interest in AI safety. Idk how good or bad this is. It definitely causes a lot of ML researchers to engage with the AI safety literature, where they otherwise would not have. But it's worth noting that while the primary driver of applications to programs like MATS used be concern about AI safety, now it is increasing a desire to work at a frontier lab. I used to select participants for LASR labs, one of programs listed, and we actively tried to choose people who cared about AI safety, but I think we often did not succeed and indeed some people on the program now work at frontier labs in roles that I think have little to do with safety. Safety-washing in practice mostly looks like people rationalizing research or jobs that they would have done anyway as necessary for safety. It's easy to do because it is in fact genuinely unclear in most cases what is helpful and harmful for safety. Only by looking at the larger pattern can we notice the suspicious abundance of conveniently overlapping opportunities that further both safety and a person's short-term interests. However, I think it will be less common in people whose primary motivation is to prevent AI catastrophe.

Call for alpha testers for an AI control/security tool. A ton of alignment researchers YOLO their Claude usage right now. We run Claude on our computers without real protection (perhaps beyond auto mode) but there isn't an easy way to comply with known best practices. I wrote claude-guard, a wrapper to make best practices easy: just install and then your future claude sessions are protected. Smart misaligned AI will target alignment researchers in particular for research sabotage, for example by: 1. Sabotaging their machines to delete key work later (claude-guard protects via sandboxing that goes beyond Claude Code's Bash-tool-only sandbox), 2. Poisoning training data using invisible unicode characters (the tool sanitizes inputs and outputs), 3. Removing traces of its bad behavior (I provide a tamper-evident audit log outside of the sandbox). My goal is a low-latency, low-fuss product with easy-to-understand restrictions which can be minimally eased to enable e.g. a RunPod workflow. The ambitious vision is for claude-guard to become a staple open-source tool for AI alignment work, with people contributing improvements using the latest in AI control protocols. [1] The tool is ready to use but has a bunch of rough edges. Please give it a try and open issues on GitHub: https://github.com/alexander-turner/claude-guard, or email me at alex@turntrout.com (I generally don't read comments). If you run into a blocking issue, please come back a day or two later and hopefully it will be fixed. 1. This work should complement Apollo's Watcher, currently a monitoring product. ↩︎

The United States Government has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States. This includes Anthropic employees who are foreign nationals. Anthropic is currently disabling Fable 5 and Mythos 5 for all customers. https://www.anthropic.com/news/fable-mythos-access

(Crossposted) About a month ago I left my job. I plan to take the next six months (until December) as a sabbatical. Partly because I don't think I've taken more than two weeks' holiday at a time since 2012, when I got my first real job. It'll be nice to have a longer break. Partly because, man, the world is not standing still. 2026-2031 is going to look very different from 2016-2021, and probably I should spend a bit of time orienting to "what do I even do with my life, going forwards". It's not impossible for me to do that while I have a full time job, but I do think I'll be better at it without one. I don't plan to make any long term commitments until December. But some things I'd like to do in that time: * See if I can help with AI notkilleveryoneism. * Do some kind of study course. * The slightly-more-concrete fields that I think I'm most likely to get into are mech interp (possibly working directly with my girlfriend), agent foundations, and brain-like-AGI safety. * I don't want to pay much attention to "what can I get paid for" right now. That seems like it would distort my thinking, and my sense is that the funding landscape is likely to look very different in six months anyway. If it turns out that I think I can do something worthwhile but I can't get paid to do it, I'll have to figure out what to do about it later. * Blog more. (Vaguely aiming for 10 posts before December, including this one.) * Write some fiction. * Get better at LLM-assisted coding. (I'll probably need to start paying for an LLM subscription. I'm a little sad about that because I don't want the labs to get my money, but I don't think that being a lonely holdout here would help much.) It's been a month and I've done… approximately none of that. Partly that's because I've spent 2-3 weeks out of four either on holiday, preparing for holiday, or recovering from holiday. But I think it's time for me to buckle down a bit. I'm going to try "get something productive done approx

Partitions are categorically dual to both subsets and factorizations, kinda [Prerequisite warning: basic category theory.] In his work on Finite Factored Sets, Scott Garrabrant defined the notion of factorization. In simple terms, a factorization of a finite set consists of a set of non-trivial partitions of , , such that every element in can be "assigned" to a selection of parts, one from each partition. This gives us a bijection between and the cartesian product over : . The natural forward direction of the bijection intersects the parts, producing a singleton set with an element of : . Scott wrote: [...] Intuitively, this makes sense, and I tried to put a bit more categorical flesh on this in my comment under that post. In the category Set (or rather FinSet, as we're only dealing with finite sets), the categorical product ()is the cartesian product () and the coproduct (, dual to the product, is the disjoint sum (). A factorization of a set expresses it as a cartesian product without unnecessary unit elements, i.e., without the singleton sets, as . A partition of a set expresses it as a disjoint union without unnecessary unit elements, i.e., without the empty set, as . Those unit elements — and — are the terminal and initial object, respectively, and hence also duals. * Factorization: , where * Partition: , where (Point of order: perhaps, the 's can be "anything", not necessarily partitions/subsets of , but it doesn't matter categorically, because categorically, equinumerous sets are isomorphic.[1]) But there's an alternative way to view a partition, which makes things more complicated. We can think of a partition of as an epimorphism (surjection in FinSet) , where the elements of correspond to parts of , by the preimage of : . Dualizing this picture gives us a monomorphism (injection in FinSet) , representing picking some set of elements of , i.e., a subset of . So, depending on how we represent a partition of , its dual can either be a factorizati

We appear to have entered a de facto government-enforced pause on making AIs more cyber-capable (it's not quite a hard pause internally, but making it illegal for non-US people to use mythos-equivalent models is probably extremely inconvenient). It's based on something like the condition that the AIs need to be unjailbreakable which seems really hard. I'm surprised we entered any sort of AI pause in 2026.

When Anthropic looked like they were coming out of the SCR designation pretty much unharmed, I predicted to some people that this wasn't the last attempt the DOW would make to force Anthropic to comply (remove all legal requirements on DOW usage) or be destroyed. My example was "revoke the visas of every foreign national Anthropic employee", but they came up with something more devastating than that: prohibiting any foreign national (including Anthropic employees) from using Fable/Mythos. Anthropic's counter-salvo was disabling Fable/Mythos access for everyone including the USG. I expect the DOW to escalate further. This is absolutely not the kind of AI regulation regime that leads to a stable multilateral pause, and I would not recommend touting it as such.