Sent the latest version of the white paper to Matt
Dahlgren expenses – done
Get flight, car and hotel for the 92nd Symposium. Got flight and car. Working on hotel.
9:00 Standup
Work on pulling out layer activations and using UMAP and/or aligned UMAP
I just discovered that you can plot inside of Visual Studio, you need to run a Jupyter notebook once to set things up, then just “run in interactive window“. Works for plotly and matplotlib!
The Kinetic Sculpture Race was wet, but still fun:
SBIRs
Ranked a bunch of potential topics for BD
Write up notes from Thursday’s meeting
Work with Protima to access activations on the GPT just using HFace, then visualize with UMAP. Started by downloading and prompting the chess model, which is working!
Got the environment running again after the password reset!
Baltimore County Police arrested Pikesville High School’s former athletic director Thursday morning and charged him with crimes related to the alleged use of artificial intelligence to impersonate Principal Eric Eiswert, leading the public to believe Eiswert made racist and antisemitic comments behind closed doors.
It was a good day for a few students at Pikesville High School on Thursday hanging out in the parking lot after school. Their former athletic director, who they said belittled them and made them feel uncomfortable, wasn’t coming back.
Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques? To study this question, we construct proof-of-concept examples of deceptive behavior in large language models (LLMs). For example, we train models that write secure code when the prompt states that the year is 2023, but insert exploitable code when the stated year is 2024. We find that such backdoor behavior can be made persistent, so that it is not removed by standard safety training techniques, including supervised fine-tuning, reinforcement learning, and adversarial training (eliciting unsafe behavior and then training to remove it). The backdoor behavior is most persistent in the largest models and in models trained to produce chain-of-thought reasoning about deceiving the training process, with the persistence remaining even when the chain-of-thought is distilled away. Furthermore, rather than removing backdoors, we find that adversarial training can teach models to better recognize their backdoor triggers, effectively hiding the unsafe behavior. Our results suggest that, once a model exhibits deceptive behavior, standard techniques could fail to remove such deception and create a false impression of safety.
This “Alignment Note” presents some early-stage research from the Anthropic Alignment Science team following up on our recent “Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training” paper. It should be treated as a work-in-progress update, and is intended for a more technical audience than our typical blog post. This research makes use of some simple interpretability techniques, and we expect to share more results from collaborations between our Alignment and Interpretability teams soon.
We present experiments measuring the generalization abilities of probes trained off-policy in a toy setting. We show that probes can generalize well to different text formats and also generalize from harmful text the LLM wouldn’t output to harmful text where the LLM has been jailbroken to actually output the harmful text.
Large language models (LLMs) can “lie”, which we define as outputting false statements despite “knowing” the truth in a demonstrable sense. LLMs might “lie”, for example, when instructed to output misinformation. Here, we develop a simple lie detector that requires neither access to the LLM’s activations (black-box) nor ground-truth knowledge of the fact in question. The detector works by asking a predefined set of unrelated follow-up questions after a suspected lie, and feeding the LLM’s yes/no answers into a logistic regression classifier. Despite its simplicity, this lie detector is highly accurate and surprisingly general. When trained on examples from a single setting — prompting GPT-3.5 to lie about factual questions — the detector generalises out-of-distribution to (1) other LLM architectures, (2) LLMs fine-tuned to lie, (3) sycophantic lies, and (4) lies emerging in real-life scenarios such as sales. These results indicate that LLMs have distinctive lie-related behavioural patterns, consistent across architectures and contexts, which could enable general-purpose lie detection.
SBIRs
9:00 Standup
3:00 AFRL meeting – looks like we’ll set up an overleaf project and start generating a white paper every few months. Topic 1-(something) will be first. Going to see what goes on with the MORS talk first?
4:00 ONR meeting – We can repurpose the M30 content into the slide format, then maybe do that with the AFRL white papers
Woke up nice and relaxed after a good night’s sleep. The night before a presentation is not easy for me.
I’ve been thinking about this slide from the talk yesterday:
I think that AI researchers are in a place that nuclear researchers were in the ’30’s. There is this amazing technology that is going to change the world, but no one is sure how. Then the world engages in a total war that depends on technology and the Allies are not doing well. Some of the researchers think that a nuclear weapon might turn the tide. It works, but in retrospect it was too much too late. But for 10 years the chance that there could be a broad nuclear war was high, and take as just an extension of current developments – a bigger bomb. It took decades for that viewpoint to shift. AI weapons are probably here already, and there are nations and organizations that are working out the best way to use them – as an extension of current “active measures” strategies and tactics. And like the atomic bomb, we really have no idea where this will go.
SBIRs
Read a bunch of stuff for upcoming meetings
Fire up the NNM instance and see if I can remember how to use it. Add an instruction section to the notebook – got sidetracked into doing a detailed read of a BAA
9:00 standup
11:30 AI Ethics training discussion with Hall Research. They are legit as it gets. Let’s see what kind of training they put together, but for now I give a ringing endorsement
3:30 meeting on the Phase IIe. We have three weeks to respond, but it doesn’t seem like they are asking for much? Very confused. Maybe because it’s an extension?
See if truck is ready – back in the driveway, and it’s electronics magically fixed themselves when it was getting its oil change at no charge. I’m agape.
BSO
Water bill
SBIRs
Slides <- could have done more, but now I have a PLAN!
You must be logged in to post a comment.