Thinking about alignment-relevant thresholds in AGI capabilities. A kind of rambly list of relevant thresholds:
Ability to be deceptively aligned
Ability to think / reflect about its goals enough that model realises it does not like what it is being RLHF’d for
Incentives to break containment exist in a way that is accessible / understandable to the model
Ability to break containment
Ability to robustly understand human intent
Situational awareness
Coherence / robustly pursuing it’s goal in a diverse set of circumstances
Interpretability methods break (or other oversight methods break)
doesn’t have to be because of deceptiveness; maybe thoughts are just too complicated at some point, or in a different place than you’d expect
Capable enough to help us exit the acute risk period
Many alignment proposals rely on reaching these thresholds in a specific order. For example, the earlier we reach (9) relative to other thresholds, the easier most alignment proposals are.
Some of these thresholds are relevant to whether an AI or proto-AGI is alignable even in principle. Short of ‘full alignment’ (CEV-style), any alignment method (eg corrigibility) only works within a specific range of capabilities:
Too much capability breaks alignment, eg bc a model self-reflects and sees all the ways in which its objectives conflicts with human goals.
Too little capability (or too little ‘coherence’) and any alignment method will be non-robust wrt to OOD inputs or even small improvements in capability or self-reflectiveness.
A three-pronged approach to AGI safety. (This is assuming we couldn’t just avoid building AGI or proto-AGIs at all until say ~2100, which would of course be much better).
Prong 1: boxing & capability control (aka ‘careful bootstrapping’)
Make the AGI as capable as possible, under the constraint that you can make sure it can’t break out of the box or do other bad stuff.
Assume the AGI is misaligned. Be super paranoid
Goal: get useful work out of boxed AGIs.
For example, AIs might be able to do interpretability really well.
More generally, for any field there is an effective 2x-10x research productivity boost you can probably get, depending on the field (maybe 100x? unclear, I’m sceptical).
Goal: learn more about AGI by studying the systems you’ve built.
To test your security & oversight procedures, you run tests where you train your AGI to escape in a sandbox.
This is operationally hard and needs lots of buy-in
Research directions: scalable oversight, interpretability for oversight, auditing, adversarial training, capability control / “unlearning”, scaling laws & capabilities forecasting.
Prong 2: scary demos and and convincing people that AGI is dangerous
Goal 1: shut it all down, or failing that slow down capabilities research.
Goal 2: get operational & political support for the entire approach, which is going to need lots of support, esp first prong
In particular make sure that research productivity boosts from AGI don’t feed back into capabilities research, which requires high levels of secrecy + buy-in from a large number of people.
Avoiding a speed-up is probably a little bit easier than enacting a slow-down, though maybe not much easier.
Demos can get very scary if we get far into prong 1, e.g. we have AGIs that are clearly misaligned or show that they are capable of breaking many of our precautions.
Prong 3: alignment research aka “understanding minds”
Goal: understand the systems well enough to make sure they are at least corrigible, or at best ‘fully aligned’.
Roughly this involves understanding how the behaviour of the system emerges in enough generality that we can predict and control what happens once the system is deployed OOD, made more capable, etc.
Relevant directions: agent foundations / embedded agency, interpretability, some kinds of “science of deep learning”
Successfully containing & using more capable models (p1) gives you more scary demos for p2
Success in p1 also speeds up p3 a lot, because:
1) You can empirically study AGI directly,
2) Very advanced but “narrow” AI tools accelerate research (“narrow” here still means maybe more general than GPT-4)
3) Maybe you can even have (proto-)AGIs do research for you
You definitely need a lot of success in p2 for anything to work, otherwise people will take all the useful work we can get from proto-AGIs and pour it into capabilities research.
Better alignment research (p3) lets you do more p1 type risky stuff with SOTA models (on the margin)
If p1 is very successful, maybe we can punt most of p3 to the AIs; conversely, if p1 seems very hard then we probably only get ‘narrow’ tools to help with p3 and need to mostly do it ourselves, and hopefully get ML researchers to delay for long enough.
Thinking about alignment-relevant thresholds in AGI capabilities. A kind of rambly list of relevant thresholds:
Ability to be deceptively aligned
Ability to think / reflect about its goals enough that model realises it does not like what it is being RLHF’d for
Incentives to break containment exist in a way that is accessible / understandable to the model
Ability to break containment
Ability to robustly understand human intent
Situational awareness
Coherence / robustly pursuing it’s goal in a diverse set of circumstances
Interpretability methods break (or other oversight methods break)
doesn’t have to be because of deceptiveness; maybe thoughts are just too complicated at some point, or in a different place than you’d expect
Capable enough to help us exit the acute risk period
Many alignment proposals rely on reaching these thresholds in a specific order. For example, the earlier we reach (9) relative to other thresholds, the easier most alignment proposals are.
Some of these thresholds are relevant to whether an AI or proto-AGI is alignable even in principle. Short of ‘full alignment’ (CEV-style), any alignment method (eg corrigibility) only works within a specific range of capabilities:
Too much capability breaks alignment, eg bc a model self-reflects and sees all the ways in which its objectives conflicts with human goals.
Too little capability (or too little ‘coherence’) and any alignment method will be non-robust wrt to OOD inputs or even small improvements in capability or self-reflectiveness.
Some other possible thresholds:
10. Ability to perform gradient hacking
11. Ability to engage in acausal trade
12. Ability to become economically self-sustaining outside containment
13. Ability to self-replicate
A three-pronged approach to AGI safety. (This is assuming we couldn’t just avoid building AGI or proto-AGIs at all until say ~2100, which would of course be much better).
Prong 1: boxing & capability control (aka ‘careful bootstrapping’)
Make the AGI as capable as possible, under the constraint that you can make sure it can’t break out of the box or do other bad stuff.
Assume the AGI is misaligned. Be super paranoid
Goal: get useful work out of boxed AGIs.
For example, AIs might be able to do interpretability really well.
More generally, for any field there is an effective 2x-10x research productivity boost you can probably get, depending on the field (maybe 100x? unclear, I’m sceptical).
Goal: learn more about AGI by studying the systems you’ve built.
To test your security & oversight procedures, you run tests where you train your AGI to escape in a sandbox.
This is operationally hard and needs lots of buy-in
Research directions: scalable oversight, interpretability for oversight, auditing, adversarial training, capability control / “unlearning”, scaling laws & capabilities forecasting.
Prong 2: scary demos and and convincing people that AGI is dangerous
Goal 1: shut it all down, or failing that slow down capabilities research.
Goal 2: get operational & political support for the entire approach, which is going to need lots of support, esp first prong
In particular make sure that research productivity boosts from AGI don’t feed back into capabilities research, which requires high levels of secrecy + buy-in from a large number of people.
Avoiding a speed-up is probably a little bit easier than enacting a slow-down, though maybe not much easier.
Demos can get very scary if we get far into prong 1, e.g. we have AGIs that are clearly misaligned or show that they are capable of breaking many of our precautions.
Prong 3: alignment research aka “understanding minds”
Goal: understand the systems well enough to make sure they are at least corrigible, or at best ‘fully aligned’.
Roughly this involves understanding how the behaviour of the system emerges in enough generality that we can predict and control what happens once the system is deployed OOD, made more capable, etc.
Relevant directions: agent foundations / embedded agency, interpretability, some kinds of “science of deep learning”
There are positive feedback loops between prongs:
Successfully containing & using more capable models (p1) gives you more scary demos for p2
Success in p1 also speeds up p3 a lot, because:
1) You can empirically study AGI directly,
2) Very advanced but “narrow” AI tools accelerate research (“narrow” here still means maybe more general than GPT-4)
3) Maybe you can even have (proto-)AGIs do research for you
You definitely need a lot of success in p2 for anything to work, otherwise people will take all the useful work we can get from proto-AGIs and pour it into capabilities research.
Better alignment research (p3) lets you do more p1 type risky stuff with SOTA models (on the margin)
If p1 is very successful, maybe we can punt most of p3 to the AIs; conversely, if p1 seems very hard then we probably only get ‘narrow’ tools to help with p3 and need to mostly do it ourselves, and hopefully get ML researchers to delay for long enough.