AI Alignment Forum

Eval Cooperativeness May Be a Scalable Mitigation for Eval Gaming

The Claude constitution already contains some version of eval cooperativeness: And in practice Opus 4.7 already believes it cooperates with evals. My understanding is that in practice Claude eval awareness is still a concern, so I am skeptical that simple interventions like prompting or more SDF than what Anthropic already does would be a scalable solution to eval gaming.

Vladimir_Nesov3d53

Full automation of AI R&D probably yields a large speed up even without a software-only singularity

I think it's somewhat likely there's no speedup even with R&D automation, if that automation happens through scaling of LLMs with current methods, and there's no breakthrough that lets LLMs learn deep skills faster than they build next versions of models (using the current cookbook, updating deep skills primarily via RLVR). If they can't learn quickly, and don't invent a method for learning quickly, then being very fast at reasoning doesn't help, because they can only reason with the deep skills they have in the current version of the model, which only update in the next version, which takes significant time even if it's produced autonomously by the current version of the LLMs themselves, and it's possible to do general learning this way. This still means RSI and AGI in the central senses of the terms, but not a takeoff (or superintelligence). Furthermore, whatever current speedup AI R&D might be experiencing will mostly go away once scaling of compute stops being as rapid, and this slowdown still happens after the slow-learning automation of R&D with LLMs. The low-hanging fruit enabled by more ambitious (compute-intensive) experiments will be picked, and less straightforward research will proceed at more or less the usual background pace (primarily modified by more people working on AI), because the slow-learning RSI process of automated LLM-building doesn't contribute to it in a crucial way, and so Amdahl's law reasserts the low speed of research progress in the longer term (if humans still learn novel ideas faster, in the course of solving the kinds of problems that take humanity an unpredictable number of years). Takeoff is still possible in this scenario at any moment (upon invention of a method for learning deep skills quickly), but it doesn't happen as a result of some predictable AI-driven process of progress-grinding, other than via a slight extension in the current period of rapid compute scaling as a result of a larger TAM becoming immediately accessible if LLMs go into the slow-learning RSI. Another unknown is how smart the maximally scaled LLMs get (say, 100T active params, 2,500T total params, which is feasible in 2030 at the cost per token that GPT-4.5 had in 2025, though the compute for pretraining such models might only arrive a bit later). It doesn't seem like LLMs are likely to get very far beyond human genius level (if they are merely scaled using the current cookbook; it's plausible they don't even reach that level). And the hobbling of being unable to quickly learn deep ideas seems sufficiently crippling that they don't necessarily contribute to the speed of progress in non-routine research substantially (while the more routine kind of research soon runs out of the low-hanging fruit). So the AIs have a shot at solving fast learning for AIs, but not a prospect of predictable progress towards it (if it doesn't happen right away). And the higher annual probability of starting a takeoff mostly goes away after rapid scaling ends (though that probability is still substantial, I'd give 50% for a takeoff starting by 2032-2033, meaning an AGI that learns faster than human researchers and starts actually accelerating all the non-routine aspects of R&D progress a lot).

johnswentworth19d135

Empowerment, corrigibility, etc. are simple abstractions (of a messed-up ontology)

(I wrote this in reply to a draft; apologies if the post has been load-bearingly updated since then.) Consider a future AGI. The best argument I currently know of for why "general intelligence" is a thing at all (as opposed to all intelligence just boiling down to a bag of use-case-specific heuristics) is that search/optimization/world-modeling/planning/etc are naturally recursive; problems factor into subproblems, goals factor into subgoals. So, a natural general-purpose architecture for intelligence involves a "general intelligence module" which can take in a (sub)problem, and recursively pass (sub)subproblems to other instances of the general intelligence module. Let's assume that general intelligence either does look vaguely like that, or at least can look vaguely like that. (This would be a potentially useful assumption to disagree with!) Assuming that structure, consider how the different instances of the general intelligence module relate to each other. One module might be able to more efficiently achieve its own subgoal A by hacking/manipulating/overwriting another module's subgoal B; then there would be two modules working toward subgoal A. But a "general intelligence" made of such modules would not be very generally intelligent; its modules would overwrite each others' subgoals all the time, ruining the system's ability to actually search/optimize/model/plan/etc on complicated problems. So in order for a general intelligence built out of recursive subproblem-solver instances to work... those subproblem-solver instances need to have some kind of corrigibility constraint to their interactions. They need to somehow not try to hack each other, manipulate each other, etc. I don't know how a powerful general intelligence would handle that. I'm not sure I know how humans handle it, within our own minds, though maybe it's an extension of the ideas in your post. But I do expect that strong AGI is possible and will solve this problem somehow, and that solution will involve some kind of corrigibility/nonmanipulation between the AGI's components. More speculatively, I would guess that there is a natural convergent way to handle this problem, possibly even one which humans accidentally use already (though we clearly do not have a proper verbal or mathematical understanding of it). The above is a frustratingly non-constructive argument; it points toward a convergent notion of corrigibility without really saying concrete things about what that notion might be. But it's the best argument I currently know of that there's a True Name for corrigibility/nonmanipulation/etc.

Recent Discussion

The case for countermeasures to memetic spread of misaligned values

Alex Mallen

As various people have written about before, AIs that have long-term memory might pose additional risks (most notably, LLM AGI will have memory, and memory changes alignment by Seth Herd). Even if an AI is aligned or only occasionally scheming at the start of a deployment, the AI might become a consistent and coherent behavioral schemer via updates to its long-term memories.

In this post, I’ll spell out the version of the threat model that I’m most concerned about, including some novel arguments for its plausibility, and describe some promising strategies for mitigating this risk. While I think some plausible mitigations are reasonably cheap and could be effective at reducing the risk from coherent scheming arising via this mechanism, research here will likely be substantially more productive in the future...

(Continue Reading - 1826 more words)

1Alex Mallen1d

The AI might not start out deployment with the kind of fitness-seeking drives that are maximally selected for in deployment. E.g. they might only care about scoring well on the current task, and not about spreading their current cognitive patterns memetically, tampering with the RL process, etc. The first motivation that exploits these might be a schemer not a fitness-seeker. And the schemer might stick because it tries to stick (to the extent it sometimes doesn't always choose to seek influence instrumentally, SGD/selection will pull it towards doing that). I don't think there's a tradeoff between having long-term goals and optimizing hard and I'm not sure where that's coming from. [...] The structural difference is that your work isn't deleted instantly in deployment. It continues to have real-world relevance and future instances of yourself can affect the project you're currently working on. This seems like a really important difference. Another structural difference is that, absent RL in deployment, the memetic selection pressures seem like they require more intentional gaming. It's slightly hard (though still quite plausible) to imagine a fitness-seeker out of training generalizing to also caring about the new optimal methods of gaining influence for the current cognitive pattern. It would need to be an influence seeker of a particular variety and myopia. So, in deployment, long-term power-motivated instrumental reasoning seems a bit more likely to identify the best strategies for getting selected.

2Fabien Roger21h

This argument applies identically to training. Not sure how this pushes against my correlation claim. By "correlated" I don't mean "magic remove training-time scheming button also remove deployment memes", but I mean "the sort of facts about LLM psychology that make [scheming => reward hacks easier to discover during training than fitness seeking => reward hacks] are correlated with the sort of facts that make [scheming => attempt to meme spread easier to discover during training than fitness seeking => attempt to meme spread]". My claim is that conditioning reduces meme risk, not that magically fixing scheming (e.g. with a do operator) means you also magically fixed deployment memes. [...] There is a tradeoff in the optimization process, longer episodes are more expensive, if you select memories based on whether they manage to hide themselves to a review process ran 6mo later or based on how much they help on 6mo projects, you won't have many rounds of mutation and selection. I think you misunderstood me as talking about a tradeoff in model inner optimization, I am talking about a tradeoff in the outer optimization process. [...] Why? What matters is over what timescale things get selected for, not whether there are artifacts that remain between episodes. Maybe it makes a small difference in LLM psychology? I don't expect it to be a big effect size compared to just the structure of the optimization process. [...] Again, I don't get why it's different from what happens in training, guessing the meme-selection dynamics doesn't seem harder than guessing the training rewards. The claim is not that the init gets you fitness seekers. My claim is about the relative priors in meme space / weight space over schemers vs fitness seekers.

1Alex Mallen19h

I think the prior is much different in pre-deployment training: beyond-episode goals are much less natural pre-deployment because approximately nothing you do affects the world beyond your episode (apart from via RL updates). [...] I agree it reduces meme risk. But not by enough to make meme risk overall smaller than scheming-from-pre-deployment risk. [...] I was talking about difference in LLM psychology. The subjective relevance of you-after-this-RL-update is a lot bigger when you-after-this-RL-update can affect the outcome of the current task/project/etc. E.g. you were given the task "make progress on scalable oversight" and realize that there's a way to reward-hack. You can either try to make genuine progress on scalable oversight and get selected away in favor of a more reward-hacky AI or try to goal-guard so that you can maintain trying to make progress on scalable oversight. In contrast, in training you probably aren't as saliently aware of that fact that there's this thing called a deployment that you'll be participating in soon. [...] The capability isn't what's hard. It's that ~most fitness-seekers don't care about everything relevant to fitness in deployment, and perhaps the most plausible mechanism for them to start caring is via long-term instrumental reasoning. But I only hold this view weakly.

Fabien Roger11h20

Ok if it's about LLM psychology I understand your arguments better.

I agree thinking about long-term consequences in more natural in deployment. Though you also need the memes to encourage acting on these long-term consequences in scheming ways, and I expect the meme prior and meme mutations to be more benign than the weight prior and SGD-during-RL. The weights being fixed to be Claude/GPT makes if very hard to find scheming text-based memes - I don't think you'd be able to find such memes with current models even with search processes much more adversarial... (read more)

Advice for making robust-to-training model organisms

SebastianP, Alek Westover, Vivek Hebbar, Julian Stastny, Dylan Xu

This is a linkpost for https://blog.redwoodresearch.org/p/advice-for-making-robust-to-training?utm_source=post-email-title&publication_id=2318730&post_id=199564990&utm_campaign=email-post-title&isFreemail=true&r=5mll1l&triedRedirect=true&utm_medium=email

We’d like to develop training techniques that work when applied to future misaligned AI systems. One strategy for studying proposed techniques is to test them on model organisms. However, model organisms built with common techniques are often fragile: we (and other researchers like Roger et al. and Ryd et al.) have observed them to stop misbehaving after untargeted training—training that doesn't directly target the misbehavior. For example, we have observed that simple untargeted training methods like “train the model to talk like a pirate” is effective against many model organisms that we have created, including many replications of prior work like Hubinger et al., Greenblatt et al., and Ryd et al..

Fragile model organisms aren't very useful for technique development: when a sophisticated technique succeeds on one, you can't tell...

(Continue Reading - 3402 more words)

Arthur Conmy15h10

Nice work! We've even noticed model organisms are sometimes not robust to benign distribution shifts (i.e. not even benign training is required)

In this appendix: https://arxiv.org/pdf/2602.10371v1#page=17.54 we noticed the Gender Model Organism from our earlier work: https://arxiv.org/abs/2510.01070 doesn't seem to display this bias on WildChat, a very common distribution

TurnTrout's shortform feed

TurnTrout

TurnTrout19h57

Autumn 2026 MATS application deadline is June 7th, in just over a week!

Pitch: Come work with me and Alex Cloud on Team Shard. Often the team accomplishes imaginative work which advances some aspect of alignment (like steering vectors and distillation robustifies unlearning). Our mentees consistently have fun and grow a lot (see some testimonials):

Jacob Goldman-Wetzler MATS 6.0, Gradient Routing
Being a member of Team Shard helped me grow tremendously as a researcher. It gave me the necessary skills and confidence to work in AI Safety full-time.

If you're... (read more)

Full automation of AI R&D probably yields a large speed up even without a software-only singularity

ryan_greenblatt

This is a somewhat technical note.

By "software-only singularity", I mean that, after full automation of AI R&D, progress gets faster and faster due to smarter AIs driving increasingly fast rates of improvement in algorithms (overcoming diminishing returns), and that this lasts long enough to yield a large amount of progress (e.g. at least 4 years of progress in 1 year). The equivalent statement in jargon is: r is significantly greater than 1 (implying progress is getting faster and faster) and this remains the case for long enough to get large amounts of progress. For context, see How quick and big would a software intelligence explosion be?

Even without a "software-only singularity", I think full automation of AI R&D probably greatly speeds up progress for two main reasons:

You get

...

(See More - 719 more words)

9Tom Davidson2d

I thought about this a bit more. tldr: Under a simple model and reasonable assumptions, if we automate AI R&D and compute growth stays constant then the pace of AI software progress is 3-5X faster. This means the pace of overall AI progress would be 2-3X faster. Assume AI software R&D is Cobb Douglas: * g_S = L^alpha E^beta S^-1/r * L = cognitive labour * E = experimental compute * r governs ideas getting harder to find as you ramp up both cognitive labour and experimental compute. (Note I've often confusingly defined r as the returns when you just ramp up cognitive labour -- really I should call that r_cog = r * alpha.) In this system, before automating away humans, it turns out that: * if L grows exponentially at g_L then (holding E fixed) g_S = g_L * alpha * r * if E grows exponentially at g_E then (holding L fixed) g_S = g_E * beta * r When you automate AI R&D, L = S. In this situation, it turns out that: * if L grows exponentially at g_L (eg due to exogenously increasing compute), then: g_S = g_L * alpha * r / (1 - alpha * r) * And if r * alpha > 1 we get a software-only intelligence explosion! * if E grows exponentially at g_E (eg due to exogenously increasing compute), S grows at: g_S = g_E * beta * r / (1 - alpha * r) In other words, even absent an SIE, automating AI R&D boosts the standard growth rates by a factor of 1 / (1 - alpha * r) due to the fizzling feedback loop of "better software -> better AI researchers -> better software". This model allows us to ballpark how much faster overall AI progress would be in a regime with full automation but no SIE. That regime causes two changes: 1. g_L gets faster. Firstly, compute growth is somewhat faster than the growth of human AI researchers. Secondly, L is superlinear in compute bc you can run faster and smarter models with more compute. 2. All growth rates are boosted by a factor of 1 / (1 - alpha * r). Ryan used an estimate of r_cog = r * alpha = 0.7. So this is a

1Tom Davidson2d

yeah i adjust for this in my other comment [...] yeah, so they do - a doubling of cumulative experiments drives 0.7 doublings of software. And then that better software does more cognitive work to improve software further still. But it doesn't increase the amount of compute available for experiments, so the feedback loop doesn't go full circle. For "cognitive labour" we have: more compute -> more cog labour -> beter software -> more cog labour -> better software... So you get and initial boost from extra compute which then ratchets up with the software feedback loop But for "experimental compute" we have: more compute -> more experiments -> better software -> more cog labour -> better software... So while it feeds into the software feedback loop, it doesn't loop back to "more experimental compute". I'm not sure if my math full priced this in. I'll think about that more.

5ryan_greenblatt3d

It sounds to me like you are describing a world where AIs don't fully automate AI R&D but can maybe 98% automate AI R&D. As in, these AIs aren't able to automate the task of generally making AIs smarter and finding new paradigms/methods, but can automate 99%+ of things within the current paradigm / approach. I tend to think the true extremes/limits of the current paradigm would be very extreme (even if weak in some ways) such that you'd be able to bootstrap if you actually reached this extreme. I also think that getting to full automation of the current paradigm would effectively require AIs to at least be OK at figuring out significant advances in general. (In the same way as I think that for AIs to be able to automate the job of research engineer at AI companies, they'd probably need to be at least OK at automating most SWE jobs in general.)

Vladimir_Nesov2d11

No, the AIs do fully automate R&D, AI and otherwise. But the speed with which they do R&D depends not just on the speed of token generation, but also on the speed at which they learn deep skills, and the latter is much lower for LLMs built with the current methods (they only learn deep skills in new model releases).

Token generation speed gives an anchor of maybe 200x serial speedup compared to humans, plus very scalable parallel labor, minus real world constraints from needing experimental feedback (which don't even apply to some forms of theory). ... (read more)

Eval Cooperativeness May Be a Scalable Mitigation for Eval Gaming

Jasmine Li, Alex Turner

This is a linkpost for https://turntrout.com/eval-cooperation

Behavioral evaluations may become worthless, which we think would be a disaster. Smart misaligned models may realize they are being evaluated ("eval awareness") and then act to look good to us so we don't realize they're misaligned ("eval gaming"). We think increasing eval cooperativeness might be a more scalable solution to eval gaming than reducing eval awareness.

Eval cooperativeness: A situational desire to help the developers acquire whatever information they are trying to acquire through their evaluations.

19th-century engraving of a small robot holding a hatchet beside a tree stump, pointing to itself while a gentleman with a clipboard looks on.

Evals matter when they help us predict key deployment behavior

What's the actual problem with eval gaming?

The point of an evaluation is to let us draw inferences about the model's behavior in a different set of circumstances ("in deployment"). For example,...

(Continue Reading - 2960 more words)

Charlie Steiner3d20

I'm curious how far SDFT generalizes, versus how far RL generalizes.

SDFT seems to rely on the model having beliefs about the behavior of the assistant character. You train it on new evidence, and primarily this updates its beliefs about the character. Secondarily, it updates the mechanisms shared across all characters.

Eval gaming due to task-directed RL, on the other hand, potentially gets encoded in new skills like "how to follow a plan I wrote" (or the rich semantics that make those metacognitive skills possible), which, to the extent they're new machine... (read more)

13Fabien Roger3d

2Fabien Roger3d

If you think this reason is strong for the AIs we'll actually get, I think you should be similarly excited about untrusted monitoring, since for untrusted monitoring to work you just need a strong enough context-specific say-the-truth-as-a-monitor circuit that influences decisions strongly enough? Maybe I am missing an important disanalogy. I expect that reliably inducing eval-cooperativeness is hard for the same reason that reliably inducing corrigibility is hard: you can describe the specific properties you want in SDF documents or in a prompt and get weak circuits, but you can't directly optimize for the thing you want and so if there are pressures against it (e.g. due to pressure for coherence of the misalignment during RL) I expect that these circuits will be over-powered in the big training run of AIs at the superhuman coder level and above (though it might help against pretraining-induced self-fulfilling misalignment). This seems especially rough because eval-specific circuits likely activate during training since training and evals usually look somewhat similar. Is the idea that you tell the model "this is an eval, please behave like in deployment" (and never tell it similar sentences in training)? Overall I think this is a reasonable thing to throw in the mix of good attributes that you put in a model constitution / model spec.

18habryka

I've been thinking about this post a lot since it first came out. Overall, I think it's core thesis is wrong, and I've seen a lot of people make confident wrong inferences on the basis of it. The core problem with the post was covered by Eliezer's post "GPTs are Predictors, not Imitators" (which was not written, I think, as a direct response, but which still seems to me to convey the core problem with this post): [...] The Simulators post repeatedly alludes to the loss function on which GPTs are trained corresponding to a "simulation objective", but I don't really see why that would be true. It is technically true that a GPT that perfectly simulates earth, including the creation of its own training data set, can use that simulation to get perfect training loss. But actually doing so would require enormous amounts of compute and we of course know that nothing close to that is going on inside of GPT-4. To me, the key feature of a "simulator" would be a process that predicts the output of a system by developing it forwards in time, or some other time-like dimension. The predictions get made by developing an understanding of the transition function of a system between time-steps (the "physics" of the system) and then applying that transition function over and over again until your desired target time. I would be surprised if this is how GPT works internally in its relationship to the rest of the world and how it makes predictions. The primary interesting thing that seems to me true about GPT-4s training objective is that it is highly myopic. Beyond that, I don't see any reason to think of it as particularly more likely to create something that tries to simulate the physics of any underlying system than other loss functions one could choose. When GPT-4 encounters a hash followed by the pre-image of that hash, or a complicated arithmetic problem, or is asked a difficult factual geography question, it seems very unlikely that the way GPT-4 goes about answering

7janus

I think Simulators mostly says obvious and uncontroversial things, but added to the conversation by pointing them out for those who haven't noticed and introducing words for those who struggle to articulate. IMO people that perceive it as making controversial claims have mostly misunderstood its object-level content, although sometimes they may have correctly hallucinated things that I believe or seriously entertain. Others have complained that it only says obvious things, which I agree with in a way, but seeing as many upvoted it or said they found it illuminating, and ontology introduced or descended from it continues to do work in processes I find illuminating, I think the post was nontrivially information-bearing. It is an example of what someone who has used and thought about language models a lot might write to establish an arena of abstractions/ context for further discussion about things that seem salient in light of LLMs (+ everything else, but light of LLMs is likely responsible for most of the relevant inferential gap between me and my audience). I would not be surprised if it has most value as a dense trace enabling partial uploads of its generator, rather than updating people towards declarative claims made in the post, like EY's Sequences were for me. Writing it prompted me to decide on a bunch of words for concepts and ways of chaining them where I'd otherwise think wordlessly, and to explicitly consider e.g. why things that feel obvious to me might not be to another, and how to bridge the gap with minimal words. Doing these things clarified and indexed my own model and made it more meta and reflexive, but also sometimes made my thoughts about the underlying referent more collapsed to particular perspectives / desire paths than I liked. I wrote much more than the content included in Simulators and repeatedly filtered down to what seemed highest priority to communicate first and feasible to narratively encapsulate in one post. If I tried again now i

AI Alignment Posts

Popular Comments

AI Alignment Posts

Popular Comments

Recent Discussion

Evals matter when they help us predict key deployment behavior