AI ALIGNMENT FORUM
AF

AI Alignment Forum

Alignment will happen by default. What’s next?

> It’s really difficult to get AIs to be dishonest or evil by prompting I am very confused about this statement. My models lie to me every day. They make up quotes they very well know aren't real. They pretend that search results back up the story they are telling. They will happily lie to others. They comment out tests, and pretend they solve a problem when it's really obvious they haven't solved a problem. I don't know how much this really has that much to do what these systems will do when they are superintelligent, but this sentence really doesn't feel anywhere remotely close to true.

habryka4d1825

Natural emergent misalignment from reward hacking in production RL

This seems like a good empirical case study and I am glad you wrote it up! > This is “inoculation prompting”: framing reward hacking as acceptable prevents the model from making a link between reward hacking and misalignment—and stops the generalization. That said, I can't be the only one who thinks this is somewhat obviously a kind of insane way of solving this problem. Like, this really doesn't seem like the kind of technique that generalizes to superintelligence, or even the kind of technique we can have any confidence will generalize to more competent future models (at which point they might be competent and misaligned enough to scheme and hide their misalignment, making patch-strategies like this no longer viable). Maybe there is some more elegant core here that should give us confidence this will generalize more than it sounds like to me on a first pass, or maybe you cover some of this in the full paper which I haven't read in detail. I was just confused that this blogpost doesn't end with "and this seems somewhat obviously like a super hacky patch and we should not have substantial confidence that this will work on future model generations, especially ones competent enough to pose serious risks".

Eliezer Yudkowsky4d719

Biology-Inspired AGI Timelines: The Trick That Never Works

Imprecisely multiplying two analog numbers should not require 10^5 times the minimum bit energy in a well-designed computer. A well-designed computer would also use, say, optical interconnects that worked by pushing one or two photons around at the speed of light. So if neurons are in some sense being relatively efficient at the given task of pumping thousands upon thousands of ions in and out of a depolarizing membrane in order to transmit signals at 100m/sec -- every ion of which necessarily uses at least the Landauer minimum energy -- they are being vastly far from optimally efficient. The moment you see ions going in and out of a depolarizing membrane, and contrast that to the possibility of firing a photon down a fiber, you ought to be done asking whether or not biology has built an optimally efficient computer. It actually isn't any more complicated than that. You are driving yourself further from sanity if you then try to do very complicated reasoning about how it must be close to the limit of efficiency to pump thousands of ions in and out of a membrane instead.

Recent Discussion

Alignment will happen by default. What’s next?

Adrià Garriga-alonso

19h

This is a linkpost for https://open.substack.com/pub/agarriga/p/alignment-will-happen-by-default

I’m not 100% convinced of this, but I’m fairly convinced, more and more so over time. I’m hoping to start a vigorous but civilized debate. I invite you to attack my weak points and/or present counter-evidence.

My thesis is that intent-alignment is basically happening, based on evidence from the alignment research in the LLM era.

Introduction

The classic story about loss of control from AI is that optimization pressure on proxies will cause the AI to value things that humans don’t. (Relatedly, the AI might become a mesa-optimizer with an arbitrary goal).

But the reality that I observe is that the AIs are really nice and somewhat naive. They’re like the world’s smartest 12-year-old (h/t Jenn). We put more and more RL optimization pressure, and keep getting smarter and smarter models; but they...

(Continue Reading - 1586 more words)

2Thomas Kwa4h

Thanks for writing this, I've suspected for a while that we're ahead, which is great but a bit emotionally difficult when I'd spent basically my whole career with the goal of heroically solving an almost impossible problem. And this is a common view among AI safety people, e.g. Ethan Perez said recently he's focused on problems other than takeover due to not being as worried about it. I do expect some instrumental pressure towards misaligned power-seeking, but the number of tools we have to understand, detect, and prevent it is now large enough that it seems we'll be fine until the Dyson sphere is under construction, at which point things are a lot more uncertain but probably we'll figure something out there too.

3Adrià Garriga-alonso3h

I feel exactly the same way. You have put it into words perfectly. I want to make sure we're not fooling ourselves into perpetuating a problem that might not exist but gives us 'meaning', as many nonprofits are wont to do; but at the same time I'm not confident that the problem is solved and we should still be watchful. But it feels a lot less meaningful to go from "hero that will solve alignment" to "lol Paul Christiano solved alignment in 2017, we just didn't know it yet, we're just being careful now". And it's important to be careful, especially with astronomical stakes!! But it feels less meaningful.

6abramdemski4h

The problem with insider trading, in my view, is that someone with an important role in the company can short the stock and then do something really bad that tanks the value of the company. The equilibrium in a market that allows insider trading involves draconian measures within the companies themselves to prevent this sort of behavior (or else, no multi-person ventures that can be publicly traded). This is an instance of the more general misalignment of prediction markets: whenever there's something on a prediction market that is quite improbable in ordinary circumstances but could be caused to happen by a single actor or a small number of people, there's profit to be made by sewing chaos.

Adrià Garriga-alonso2h10

Okay, I agree that insider trading leads to bad incentives and I retract most of the footnote. Maybe the tone of my footnote is a bit too Pollyanna-ish and maybe so is the rest of the post.

I suppose also insider trading by companies themselves on their own stock avoids this, but increases transaction costs by fear of adverse selection, so perhaps it's also bad.

Tim Hua's Shortform

Tim Hua

2mo

11Tim Hua1d

Thoughts On Evaluation Awareness in Claude Opus 4.5. Context: Anthropic released Claude Opus 4.5 earlier today (model card). Opus 4.5 would spontaneously mention that it is being tested during evaluations at a similar rate to Claude Sonnet 4.5, but lower than Haiku 4.5 (pg. 65). Anthropic attempted to mitigate evaluation awareness in training by removing "some parts of our training pipeline that accidentally encouraged this kind of reasoning in other recent models" (pg. 65). The model card later mentioned that Sonnet 4.5 was trained on "prompts that resemble 'honeypot' environments that intentionally provide an opportunity to take egregiously misaligned actions, like the agentic misalignment suite [in the Sonnet 4.5 system card]" (pg. 92), while Opus 4.5 was not. Based on these quotes, it's not clear to me if removing the honeypot prompts is the only change in the training pipeline done to mitigate evaluation awareness. Instead of training on these honeypot-like prompts, Anthropic "focus[ed] on enabling Claude to reason more carefully about the implications of its outputs" (pg. 92). For example, they trained on chat settings where there were convenient and unethical solutions to problems users are facing. Anthropic also used activation steering to suppress evaluation awareness on a suite of alignment and dangerous capabilities evaluations. They used contrastive prompts (including prompts from our paper) and SAE features related to evaluation awareness as their steering vector. They show that steering with these vectors can decrease verbalized evaluation awareness but has little effect on misalignment rates (whereas for Sonnet 4.5, steering with these vectors increased the misalignment rates). (I wonder why some datapoints have less than 100 observations. Too incoherent?) Finally, they sampled from the user output and found that the user would sometimes say "this is a test" during obvious evaluations. Thoughts on suppressing evaluation awareness through s

1Jozdien14h

I'm not sure why this would be true. Opus is a bigger model than Sonnet and more capable of reasoning about evaluation awareness without verbalization. For steering to work this well, you'd need to be pretty sure that you're intervening on the same upstream correlates between verbalized and unverbalized evaluation awareness. Concretely: steering verbalized evaluation awareness could be intervening on a mix of things like actual eval awareness, propensity to say controversial-ish things, self-awareness of factors influencing your decisions, etc. Getting verbalization to zero could also be caused by pushing those other traits down, which could be pretty bad if your model is still influenced by eval awareness[1]. Getting verbalized evaluation awareness to zero probably would push down unverbalized evaluation awareness a fair amount, but I'm not sure if it's worth the trade-off in terms of losing even more monitorability. 1. ^ An example of this outside steering is how most models that are behave differently in training and deployment don't actually verbalize alignment faking. Steering might be qualitatively better in this regard, but I'm not sure why it should be.

Tim Hua3h10

When make the claim "we should get verbalized eval awareness to zero," I mean it in the narrow context of "mitigating evaluation awareness during alignment evaluations through contrastive activation steering." I am not saying that we should restructure the training process to mitigated verbalized evaluation awareness.

So I don't think concerns about monitorability is very relevant here? Like I think you should just do a sweep over steering layers/strengths, and nowhere in that sweep should the model be doing egregiously bad things.

And I think it's reasonabl... (read more)

Vanessa Kosoy's Shortform

Vanessa Kosoy

Vanessa Kosoy4h*20

I'm renaming Infra-Bayesian Physicalism to Formal Computational Realism (FCR), since the latter name is much more in line with the nomenclature in academic philosophy.

AFAICT, the closest pre-existing philosophical views are Ontic Structural Realism (see 1 2) and Floridi's Information Realism. In fact, FCR can be viewed as a rejection of physicalism, since it posits that a physical theory is meaningless unless it's conjoined with beliefs about computable mathematics.

The adjective "formal" is meant to indicate that it's a formal mathematical framework, not j... (read more)

“Behaviorist” RL reward functions lead to scheming

Steven Byrnes

4mo

1. Introduction & tl;dr

(See changelog at the bottom for some post-publication edits.)

1.1 tl;dr

I will argue that a large class of reward functions, which I call “behaviorist”, and which includes almost every reward function in the RL and LLM literature, are all doomed to eventually lead to AI that will “scheme”—i.e., pretend to be docile and cooperative while secretly looking for opportunities to behave in egregiously bad ways such as world takeover (cf. “treacherous turn”). I’ll mostly focus on “brain-like AGI” (as defined just below), but I think the argument applies equally well to future LLMs, if their competence comes overwhelmingly from RL rather than from pretraining.^[1]

The issue is basically that “negative reward for lying and stealing” looks the same as “negative reward for getting caught lying and stealing”....

(Continue Reading - 3327 more words)

Charlie Steiner17h20

I was recently asked what follow-up on this post could look like, and I gave two answers (that were deliberately not "Do what Steve does"). They were:

1.

We'd like to be able to mathematically analyze the behavior of agents with parametrized classes of non-behaviorist rewards, in toy situations that capture something important about reward hacking.

A first toy model to construct might be if we train the AI to use information, but there's some information we don't want it to use (analogous to a coding agent that sometimes sees the unit tests). A harder toy mod... (read more)

Plans A, B, C, and D for misalignment risk

ryan_greenblatt

2mo

I sometimes think about plans for how to handle misalignment risk. Different levels of political will for handling misalignment risk result in different plans being the best option. I often divide this into Plans A, B, C, and D (from most to least political will required). See also Buck's quick take about different risk level regimes.

In this post, I'll explain the Plan A/B/C/D abstraction as well as discuss the probabilities and level of risk associated with each plan.

Here is a summary of the level of political will required for each of these plans and the corresponding takeoff trajectory:

Plan A: There is enough will for some sort of strong international agreement that mostly eliminates race dynamics and allows for slowing down (at least for some reasonably long period,

...

(Continue Reading - 1729 more words)

2Charbel-Raphaël3d

Summary * Plan A: Most countries, at least the US and China * Plan B: The US government (and domestic industry) * Plan C: The leading AI company (or maybe a few of the leading AI companies) * Plan D: A small team with a bit of buy in within the leading AI company * Plan E: No will PlanProbability of ScenarioTakeover Risk Given ScenarioExpected Risk ContributionPlan A5%7%0.35%Plan B10%13%1.30%Plan C25%20%5.00%Plan D45%45%20.25%Plan E15%75%11.25%Total100%-38.15% How much lead time we have to spend on x-risk focused safety work in each of these scenarios: * Plan A: 10 years * Plan B: 1-3 years * Plan C: 1-9 months (probably on the lower end of this) * Plan D: ~0 months, but ten people on the inside doing helpful things

2Charbel-Raphaël3d

I have three main critiques: 1. The China Problem: Plan B’s 13% risk doesn’t make sense if China (DeepSeek) doesn’t slow down and is only 3 months behind. Real risk is probably the same as for E, 75% unless there is a pivotal act. 2. Political Will as Strategy: The framework treats political will as a background variable rather than a key strategic lever. D→C campaigns could reduce expected risk by 11+ percentage points - nearly 30% of the total risk. A campaign to move from E→D would also be highly strategic and could only require talking to a handful of employees. 3. Missing “Plan A-Minus”: No need to lose your lead necessarily. International standards to formalize the red lines/unacceptable levels of risks, e.g., via the AISI network and targeted if-then commitments, would enable companies to slow down without losing, because they would all be playing under the same rules. This seems more tractable than Plan A and solves the China problem better than Plan B.

ryan_greenblatt1d20

The China Problem: Plan B’s 13% risk doesn’t make sense if China (DeepSeek) doesn’t slow down and is only 3 months behind. Real risk is probably the same as for E, 75% unless there is a pivotal act.

What about the US trying somewhat hard to buy lead time, e.g., by sabotaging Chinese AI companies?

The framework treats political will as a background variable rather than a key strategic lever.

I roughly agree with this. It's useful to condition on (initial) political will when making a technical plan, but I agree raising political will is important and one issue with this perspective is it might incorrectly make this less salient.

Please, Don't Roll Your Own Metaethics

Wei Dai

13d

One day, when I was an intern at the cryptography research department of a large software company, my boss handed me an assignment to break a pseudorandom number generator passed to us for review. Someone in another department invented it and planned to use it in their product, and wanted us to take a look first. This person must have had a lot of political clout or was especially confident in himself, because he rejected the standard advice that anything an amateur comes up with is very likely to be insecure and he should instead use one of the established, off the shelf cryptographic algorithms, that have survived extensive cryptanalysis (code breaking) attempts.

My boss thought he had to demonstrate the insecurity of the PRNG by coming up...

(See More - 486 more words)

Dmitrii Krasheninnikov1d10

>perhaps I should expand the target audience?

Plausibly the target audience should include AIs that will eventually be trying to do philosophy, assuming they'll be trained on your posts' contents or would be able to browse them.

AI ALIGNMENT FORUM
AF

AI ALIGNMENT FORUM
AF

AI Alignment Posts

Popular Comments

AI Alignment Posts

Popular Comments

Recent Discussion

Introduction

1. Introduction & tl;dr

1.1 tl;dr