3mo

Executive summary

This post is a research update on our ongoing project studying training-based AI control: using training to mitigate risk from misaligned AI systems in diffuse threat models like research sabotage. This post presents our results on supervised fine-tuning (SFT), the simplest training-based approach.

We evaluate our training measures on a difficult math problem solving dataset (Olympiads dataset)^[1]. In our setting, a red team instructs an untrusted model to give plausible but incorrect answers, while a blue team uses SFT to train the model to answer correctly.

Key findings:

Training on 10-100 golden, correct samples almost fully removes the untrusted model’s propensity to try to answer incorrectly.
SFT damages the untrusted model's capabilities during training, and thus only recovers

... (read 5395 more words →)

Vivek Hebbar5mo*Quick Take

I think it’s possible that an AI will decide not to sandbag (e.g. on alignment research tasks), even if all of the following are true:

Goal-guarding is easy
The AI is a schemer (see here for my model of how that works)
Sandbagging would benefit the AI’s long-term goals
The deployer has taken no countermeasures whatsoever

The reason is as follows:

Even a perfect training-gamer will have context-specific heuristics which sometimes override explicit reasoning about how to get reward (as I argued here).
On the training distribution, that override will happen at the “correct” times for getting maximum reward. But sandbagging in deployment is off the training distribution, so it’s a question of generalization.
Since sandbagging is the sort of thing that would get low reward in the most similar training contexts, it seems pretty plausible that the AI’s context-specific “perform well” drives will override its long-term plans in this case.

Replying toNew Endorsements for “If Anyone Builds It, Everyone Dies”

Vivek Hebbar8mo

New Endorsements for “If Anyone Builds It, Everyone Dies”

Wouldn't it be better to have a real nighttime view of north america? I also found it jarring...

Replying tothe void

Vivek Hebbar8mo

the void

I sympathize somewhat with this complexity point but I'm worried that training will be extremely non-Bayesian in a way that makes complexity arguments not really work. So I feel like the point about optimization power at best cuts the worry about hyperstition by about a factor of 2. Perhaps there should be research on how "sticky" the biases from early in training can be in the face of later optimization pressure.

When does training a model change its goals?

Vivek Hebbar

Vivek Hebbar, ryan_greenblatt

8mo

Here are two opposing pictures of how training interacts with deceptive alignment:

“goal-survival hypothesis”:^[1] When you subject a model to training, it can maintain its original goals regardless of what the training objective is, so long as it follows through on deceptive alignment (playing along with the training objective instrumentally). Even as it learns new skills and context-specific goals for doing well on the training objective, it continues to analyze these as instrumental to its original goals, and its values-upon-reflection aren’t affected by the learning process.
“goal-change hypothesis”: When you subject a model to training, its values-upon-reflection will inevitably absorb some aspect of the training setup. It doesn’t necessarily end up terminally valuing a close

... (read 4235 more words →)

Replying toToward A Mathematical Framework for Computation in Superposition

Vivek Hebbar8mo

Toward A Mathematical Framework for Computation in Superposition

In general, computing a boolean expression with terms without the signal being drowned out by the noise will require $ϵ < 1 / k$ if the noise is correlated, and $ϵ < 1 / k^{2}$ if the noise is uncorrelated.

Shouldn't the second one be $\frac{1}{\sqrt{k}}$ ?

the past token can use information that is not accessible to the token generating the key (as it is in its “future” – this is captured e.g. by the attention mask)

Is this meant to say "last token" instead of "past token"?

Political sycophancy as a model organism of scheming

Alex Mallen

Alex Mallen, Vivek Hebbar

9mo

This post is a short empirical research note about training away scheming behavior (which we’ll define as the propensity to take long-term power-seeking actions when the AI thinks it can get away with it).

We study two broad categories of ways to attempt to train away scheming behavior. First, you can adversarially train, searching for realistic honeypots that cause the AI to take misaligned actions and then training the AI not to. Second, you can do normal alignment training, reinforcing the AI’s propensity to behave aligned on inputs that aren’t meant to trick the AI into thinking it can get away with misaligned actions.

We empirically test both of these strategies on a model organism... (read 3965 more words →)

How can we solve diffuse threats like research sabotage with AI control?

Vivek Hebbar

9mo

Misaligned AIs might engage in research sabotage: making safety research go poorly by doing things like withholding their best ideas or putting subtle bugs in experiments. To mitigate this risk with AI control, we need very different techniques than those in the original control paper or Ctrl-Z, because research sabotage differs from those settings in two crucial ways:

Firstly, the AI can’t cause a catastrophe by behaving badly on just one occasion. To derail the entire project of solving alignment, the AI probably has to take a large number of malign actions. This contrasts with some other threat models (like rogue internal deployments), where the AI might succeed by acting badly on just a few

... (read 2321 more words →)

Replying toHow training-gamers might function (and win)

Vivek Hebbar10mo*

How training-gamers might function (and win)

I made a few edits to this post today, mostly in response to feedback from Ryan and Richard:

Added 2 sentences emphasizing the point that schemers probably won't be aware of their terminal goal in most contexts. I thought this was clear from the post already, but apparently it wasn't.
Modified "What factors affect the likelihood of training-gaming?" to emphasize that "sum of proxies" and "reward-seeker" are points on a spectrum. We might get an in-between model where context-dependent drives conflict with higher goals and sometimes "win" even outside the settings they are well-adapted to. I also added a footnote about this to "Characterizing training-gamers and proxy-aligned models".
Edited the "core claims" section (e.g. softening a claim and adding content).
Changed "reward seeker" to "training-gamer" in a bunch of places where I was using it to refer to both terminal reward seekers and schemers.
Miscellaneous small changes

Replying toDownstream applications as validation of interpretability progress

Vivek Hebbar10mo

Downstream applications as validation of interpretability progress

In the fictional dialogue, Claude Shannon's first answer is more correct -- info theory is useful far outside the original domain of application, and its elegance is the best way to predict that.

Replying to'Empiricism!' as Anti-Epistemology

Vivek Hebbar10mo

'Empiricism!' as Anti-Epistemology

Slightly more spelled-out thoughts about bounded minds:

We can't actually run the hypotheses of Solomonoff induction. We can only make arguments about what they will output.
In fact, almost all of the relevant uncertainty is logical uncertainty. The "hypotheses" (programs) of Solomonoff induction are not the same as the "hypotheses" entertained by bounded Bayesian minds. I don't know of any published formal account of what these bounded hypotheses even are and how they relate to Solomonoff induction. But informally, all I'm talking about are ordinary hypotheses like "the Ponzi guy only gets money from new investors".
In addition to "bounded hypotheses" (of unknown type), we also have "arguments". An argument is a thing whose existence provides fallible evidence for a claim.
Arguments are made of pieces which can be combined "conjuctively" or "disjunctively". The conjunction of two subarguments is weaker evidence for its claim than each subargument was for its subclaim. This is the sense in which "big arguments" are worse.

Replying to'Empiricism!' as Anti-Epistemology

Vivek Hebbar10mo

'Empiricism!' as Anti-Epistemology

I suspect there is some merit to the Scientist's intuition (and the idea that constant returns are more "empirical") which nobody has managed to explain well. I'll try to explain it here.^[1]

The Epistemologist's notion of simplicity is about short programs with unbounded runtime which perfectly explain all evidence. The [non-straw] empiricist notion of simplicity is about short programs with heavily-bounded runtime which approximately explain a subset of the evidence. The Epistemologist is right that there is nothing of value in the empiricist's notion if you are an unbounded Solomonoff inductor. But for a bounded mind, two important facts come into play:

The implications of hypotheses can only be guessed using "arguments". These "arguments"

Vivek Hebbar10mo

Shah and Yudkowsky on alignment failures

I'd be capable of helping aliens optimize their world, sure. I wouldn't be motivated to, but I'd be capable.

@So8res How many bits of complexity is the simplest modification to your brain that would make you in fact help them? (asking for an order-of-magnitude wild guess)
(This could be by actually changing your values-upon-reflection, or by locally confusing you about what's in your interest, or by any other means.)

How training-gamers might function (and win)

Vivek Hebbar

10mo

In this post I present a model of the relationship between higher level goals, explicit reasoning, and learned heuristics in capable agents. This model suggests that given sufficiently rich training environments (and sufficient reasoning ability), models which terminally value on-episode reward-proxies are disadvantaged relative to training-gamers.

A key point is that training gamers can still contain large quantities of learned heuristics (context-specific drives). By viewing these drives as instrumental and having good instincts for when to trust them, a training-gamer can capture the benefits of both instinctive adaptation and explicit reasoning without paying much of a speed penalty.

Core claims

To get high reward, models must learn context-specific heuristics which are not derivable by reasoning

... (read 3798 more words →)

114

Replying toArguments about fast takeoff

Vivek Hebbar10mo

Arguments about fast takeoff

Sigmoid is usually what "straight line" should mean for a quantity bounded at 0 and 1. It's a straight line in logit-space, the most natural space which complies with that range restriction.
(Just as exponentials are often the correct form of "straight line" for things that are required to be positive but have no ceiling in sight.)

Different senses in which two AIs can be “the same”

Vivek Hebbar

Vivek Hebbar, Buck

Sometimes people talk about two AIs being “the same” or “different” AIs. We think the intuitive binary of “same vs. different” conflates several concepts which are often better to disambiguate. In this post, we spell out some of these distinctions. We don’t think anything here is particularly novel; we wrote this post because we think it’s probably mildly helpful for people to think this through, and because Buck fairly often wants to reference it.

Some example distinctions:

In a debate protocol^[1], people often refer to the judge and debaters as three “different” AIs because their tokens are subject to different training incentives. But you could also say that the two debaters are “the same

... (read 1141 more words →)

It's sad that agentfoundations.org links no longer work, leading to broken links in many decision theory posts (e.g. here and here)

Infinite-width MLPs as an "ensemble prior"

Vivek Hebbar

Summary: A simple toy model suggests that infinitely wide MLPs^[1] generalize in an "ensemble-ish" way which is exponentially less data-efficient than Solomonoff induction. It's probably fixable by different initializations and/or regularizations, so I note it here mostly as a mathematical curiosity / interesting prior.

The analysis seems to be qualitatively consistent with empirical results on generalization vs width in small MLPs.

Notes:

The generalization behavior of these neural nets can be analyzed with the Neural Tangent Kernel, which is widely studied. This post is meant to probe the qualitative nature of this behavior through a toy model. I'm unsure whether my particular analysis exists elsewhere.
The deficiency of the standard initialization at infinite width seems to be

... (read 1290 more words →)

Is EDT correct? Does "EDT" == "logical EDT" == "logical CDT"?

Vivek Hebbar

Main question: Does EDT / "logical EDT"^[1] make any wrong decisions, once the "tickle defense" is accounted for? And is there any real distinction between EDT, "logical EDT", and "logical CDT"?

Relatedly, I'm having trouble constructing any case which distinguishes logical EDT from some kind of "logical CDT" where some facts are "upstream" of others. Does anyone have an example where:

There is a logical fact which could plausibly be upstream of both the agent's decision and some other thing which feels like it "should" be unrelated.

My failed attempt at this:

"There is some law of physics which affects both the agent's decision to chew gum and the number of planets in the universe. The

... (read 248 more words →)

Results on logarithmic utility and stock market leverage: https://www.lesswrong.com/posts/DMxe4XKXnjyMEAAGw/the-geometric-expectation?commentId=yuRie8APN8ibFmRJD

A framing I wrote up for a debate about "alignment tax":

"Alignment isn't solved" regimes:
1. Nobody knows how to make an AI which is {safe, general, and broadly superhuman}, with any non-astronomical amount of compute
2. We know how to make an aligned AGI with 2 to 25 OOMs more compute than making an unaligned one
"Alignment tax" regimes:
1. We can make an aligned AGI, but it requires a compute overhead in the range 1% - 100x. Furthermore, the situation remains multipolar and competitive for a while.
2. The alignment tax is <0.001%, so it's not a concern.
3. The leading coalition is further ahead than the alignment tax amount, and can and will execute a pivotal act, thus ending the risk

... (read more)

Vivek Hebbar's Shortform

Vivek Hebbar

This is a special post for quick takes (aka "shortform"). Only the owner can create top-level comments.

LESSWRONG
LW

LESSWRONG
LW

Vivek Hebbar

Thomas Kwa's MIRI research experience

How training-gamers might function (and win)

Org announcement: [AC]RC

When does training a model change its goals?

Vivek Hebbar

Vivek Hebbar

Supervised fine-tuning as a method for training-based AI control

When does training a model change its goals?

Political sycophancy as a model organism of scheming

How can we solve diffuse threats like research sabotage with AI control?

How training-gamers might function (and win)

Different senses in which two AIs can be “the same”

Thomas Kwa's MIRI research experience

Vivek Hebbar

Thomas Kwa's MIRI research experience

How training-gamers might function (and win)

Org announcement: [AC]RC

When does training a model change its goals?

Vivek Hebbar

Vivek Hebbar

Supervised fine-tuning as a method for training-based AI control

When does training a model change its goals?

Political sycophancy as a model organism of scheming

How can we solve diffuse threats like research sabotage with AI control?

How training-gamers might function (and win)

Different senses in which two AIs can be “the same”

Thomas Kwa's MIRI research experience

Executive summary

Core claims