The upside and downside both seem weak when it’s currently so easy to bypass the filters. The probability of refusal doesn’t seem like the most meaningful measure, but I agree it’d be good for the user to get explicitly flagged whether the trained non-response impulse was activated or not, instead of having to deduce it from the content or wonder if the AI really thinks that it’s non-answer is correct.
Currently, I wouldn’t be using any illegal advise it gives me for the same reason I wouldn’t be using any legal advise it gives me, the model just isn’t smarter than looking things up on google. In the future, when the model is stronger, they’re going to need something better than security theatre to put it behind, and I agree more flagging of when those systems are triggered would be good. Training in non-response behaviors isn’t a secure method because you can always phrase a request to put it in a state of mind where those response behaviors aren’t triggered, so I don’t think reenforcing this security paradigm and trying to pretend it works for longer would be helpful.
The upside and downside both seem weak when it’s currently so easy to bypass the filters. The probability of refusal doesn’t seem like the most meaningful measure, but I agree it’d be good for the user to get explicitly flagged whether the trained non-response impulse was activated or not, instead of having to deduce it from the content or wonder if the AI really thinks that it’s non-answer is correct.
Currently, I wouldn’t be using any illegal advise it gives me for the same reason I wouldn’t be using any legal advise it gives me, the model just isn’t smarter than looking things up on google. In the future, when the model is stronger, they’re going to need something better than security theatre to put it behind, and I agree more flagging of when those systems are triggered would be good. Training in non-response behaviors isn’t a secure method because you can always phrase a request to put it in a state of mind where those response behaviors aren’t triggered, so I don’t think reenforcing this security paradigm and trying to pretend it works for longer would be helpful.