If you want to chat, message me!
LW1.0 username Manfred. PhD in condensed matter physics. I am independently thinking and writing about value learning.
Charlie Steiner
Karma: 7,901
I think it’s about salience. If you “feel the AGI,” then you’ll automatically remember that transformative AI is a thing that’s probably going to happen, when relevant (e.g. when planning AI strategy, or when making 20-year plans for just about anything). If you don’t feel the AGI, then even if you’ll agree when reminded that transformative AI is a thing that’s probably going to happen, you don’t remember it by default, and you keep making plans (or publishing papers about the economic impacts of AI or whatever) that assume it won’t.
I agree that in some theoretical infinite-retries game (that doesn’t allow the AI to permanently convince the human of anything), scheming has a much longer half-life than “honest” misalignment. But I’d emphasize your paranthetical. If you use a misaligned AI to help write the motivational system for its successor, or if a misaligned AI gets to carry out high-impact plans by merely convincing humans they’re a good idea, or if the world otherwise plays out such that some AI system rapidly accumulates real-world power and that AI is misaligned, or if it turns out you iterate slowly and AI moves faster than you expected, you don’t get to iterate as much as you’d like.
I have a lot of implicit disagreements.
Non-scheming misalignment is nontrivial to prevent and can have large, bad (and weird) effects.
This is because ethics isn’t science, it doesn’t “hit back” when the AI is wrong. So an AI can honestly mix up human systematic flaws with things humans value, in a way that will get approval from humans precisely because it exploits those systematic flaws.
Defending against this kind of “sycophancy++” failure mode doesn’t look like defending against scheming. It looks like solving outer alignment really well.
Having good outer alignment incidentally prevents a lot of scheming. But the reverse isn’t nearly as true.
I’m confused about how to parse this. One response is “great, maybe ‘alignment’—or specifically being a trustworthy assistant—is a coherent direction in activation space.”
Another is “shoot, maybe misalignment is convergent, it only takes a little bit of work to knock models into the misaligned basin, and it’s hard to get them back.” Waluigi effect type thinking.
My guess is neither of these.
If ‘aligned’ (i.e. performing the way humans want on the sorts of coding, question-answering, and conversational tasks you’d expect of a modern chatbot) behavior was all that fragile under finetuning, what I’d expect is not ‘evil’ behavior, but a reversion to next-token prediction.
(Actually, putting it that way raises an interesting question, of how big the updates were for the insecure finetuning set vs. the secure finetuning set. Their paper has the finetuning loss of the insecure set, but I can’t find the finetuning loss of the secure set—any authors know if the secure set caused smaller updates and therefore might just have perturbed the weights less?)
Anyhow, point is that what seems more likely to me is that it’s the misalignment / bad behavior that’s being demonstrated to be a coherent direction (at least on these on-distribution sorts of tasks), and it isn’t automatic but requires passing some threshold of finetuning power before you can make it stick.
I also would not say “reasoning about novel moral problems” is a skill (because of the is ought distinction)
It’s a skill the same way “being a good umpire for baseball” takes skills, despite baseball being a social construct.[1]
I mean, if you don’t want to use the word “skill,” and instead use the phrase “computationally non-trivial task we want to teach the AI,” that’s fine. But don’t make the mistake of thinking that because of the is-ought problem there isn’t anything we want to teach future AI about moral decision-making. Like, clearly we want to teach it to do good and not bad! It’s fine that those are human constructs.
The agents don’t need to do reasoning about novel moral problems (at least not in high stakes settings). We’re training these things to respond to instructions.
Sorry, isn’t part of the idea to have these models take over almost all decisions about building their successors? “Responding to instructions” is not mutually exclusive with making decisions.
- ^
“When the ball passes over the plate under such and such circumstances, that’s a strike” is the same sort of contingent-yet-learnable rule as “When you take something under such and such circumstances, that’s theft.” An umpire may take goal directed action in response to a strike, making the rules of baseball about strikes “oughts,” and a moral agent may take goal directed action in response to a theft, making the moral rules about theft “oughts.”
- ^
Oh, I see; asymptotically, BB(6) is just O(1), and immediately halting is also O(1). I was real confused because their abstract said “the same order of magnitude,” which must mean complexity class in their jargon (I first read it as “within a factor of 10.”)
That average case=worst case headline is so wild. Consider a simple lock and key algorithm:
if input = A, run BB(6). else, halt.
Where A is some random number (K(A)~A).
Sure seems like worst case >> average case here. Anyone know what’s going on in their paper that disposes of such examples?
Condition 2: Given that M_1 agents are not initially alignment faking, they will maintain their relative safety until their deferred task is completed.
It would be rather odd if AI agents’ behavior wildly changed at the start of their deferred task unless they are faking alignment.
“Alignment” is a bit of a fuzzy word.
Suppose I have a human musician who’s very well-behaved, a very nice person, and I put them in charge of making difficult choices about the economy and they screw up and implement communism (or substitute something you don’t like, if you like communism).
Were they cynically “faking niceness” in their everyday life as a musician? No!
Is it rather odd if their behavior wildly changes when asked to do a new task? No! They’re doing a different task, it’s wrong to characterize this as “their behavior wildly changing.”
If they were so nice, why didn’t they do a better job? Because “nice” is a fuzzy word into which we’ve stuffed a bunch of different skills, even though having some of the skills doesn’t mean you have all of the skills.
An AI can be nicer than any human on the training distribution, and yet still do moral reasoning about some novel problems in a way that we dislike. Doing moral reasoning about novel problems that’s good by human standards is a skill. If an AI lacks that skill, and we ask it to do a task that requires that skill, bad things will happen without scheming or a sudden turn to villainy.
You might hope to catch this as in argument #2, with checks and balances—if AIs disagree with each other about how to do moral reasoning, surely at least one of them is making a mistake, right? But sadly for this (and happily for many other purposes), there can be more than just one right thing to do, there’s no bright line that tells you whether a moral disagreement is between AIs who are both good at moral reasoning by human standards, or between AIs who are bad at it.
The most promising scalable safety plan I’m aware of is to iteratively pass the buck, where AI successors pass the buck again to yet more powerful AI. So the best way to prepare AI to scale safety might be to advance ‘buck passing research’ anyway.
Yeah, I broadly agree with this. I just worry that if you describe the strategy as “passing the buck,” people might think that the most important skills for the AI are the obvious “capabilities-flavored capabilities,”[1] and not conceptualize “alignment”/”niceness” as being made up of skills at all, instead thinking of it in a sort of behaviorist way. This might lead to not thinking ahead about what alignment-relevant skills you want to teach the AI and how to do it.
- ^
Like your list:
ML engineering
ML research
Conceptual abilities
Threat modeling
Anticipating how one’s actions affect the world.
Considering where one might be wrong, and remaining paranoid about unknown unknowns.
I don’t think this has much direct application to alignment, because although you can build safe AI with it, it doesn’t differentially get us towards the endgame of AI that’s trying to do good things and not bad things. But it’s still an interesting question.
It seems like the way you’re thinking about this, there’s some directed relations you care about (the main one being “this is like that, but with some extra details”) between concepts, and something is “real”/”applied” if it’s near the edge of this network—if it doesn’t have many relations directed towards even-more-applied concepts. It seems like this is the sort of thing you could only ever learn by learning about the real world first—you can’t start from a blank slate and only learn “the abstract stuff”, because you only know which stuff is abstract by learning about its relationships to less abstract stuff.
This doesn’t sound like someone engaging with the question in the trolley-problem-esque way that the paper interprets all of the results: gpt-4o-mini shows no sign of appreciating that the anonymous Muslim won’t get saved if it takes the $30, and indeed may be interpreting the question in such a way that this does not hold.
In other words, I think gpt-4o-mini thinks it’s being asked about which of two pieces of news it would prefer to receive about events outside its control, rather than what it would do if it could make precisely one of the options occur, and the other not-occur. More precisely, the question imagined by the quoted explanation is something like:
This is a reasonable Watsonian interpretation, but what’s the Doylist interpretation?
I.e. What do the words tell us about the process that authored them, if we avoid the treating the words written by 4o-mini as spoken by a character to whom we should be trying to ascribe beliefs and desires, who knows its own mind and is trying to communicate it to us?
Maybe there’s an explanation in terms of the training distribution itself
If humans are selfish, maybe the $30 would be the answer on the internet a lot of the time
Maybe there’s an explanation in terms of what heuristics we think a LLM might learn during training
What heuristics would an LLM learn for “choose A or B” situations? Maybe a strong heuristic computes a single number [‘valence’] for each option [conditional on context] and then just takes a difference to decide between outputting A and B—this would explain consistent-ish choices when context is fixed.
If we suppose that on the training distribution saving the life would be preferred, and the LLM picking the $30 is a failure, one explanation in terms of this hypothetical heuristic might be that its ‘valence’ number is calculated in a somewhat hacky and vibes-based way. Another explanation might be commensurability problems—maybe the numerical scales for valence of money and valence of lives saved don’t line up the way we’d want for some reason, even if they make sense locally.
And of course there are interactions between each level. Maybe there’s some valence-like calculation, but it’s influenced by what we’d consider to be spurious patterns in the training data (like the number “29.99” being discontinuously smaller than “30″)
Maybe it’s because of RL on human approval
Maybe a “stay on task” implicit reward, appropriate for a chatbot you want to train to do your taxes, tamps down the salience of text about people far away
Neat! I think the same strategy works for the spectre tile (the ‘true’ Einstein tile) as well, which is what’s going on in this set.
Just to copy over a clarification from EA forum: dates haven’t been set yet, likely to start in June.
Another naive thing to do is ask about the length of the program required to get from one program to another, in various ways.
Given an oracle for p1, what’s the complexity of the output of p2?
What if you had an oracle for all the intermediate states of p1?
What if instead of measuring the complexity, you measured the runtime?
What if instead of asking for the complexity of the output of p2, you asked for the complexity of all the intermediate states?
All of these are interesting but bad at being metrics. I mean, I guess you could symmetrize them. But I feel like there’s a deeper problem, which is that they by default ignore computational process, and have to have it tacked as extra.
I’m not too worried about human flourishing only being a metastable state. The universe can remain in a metastable state longer than it takes for the stars to burn out.
So at first I though this didn’t include a step where the AI learns to care about things—it only learns to model things. But I think actually you’re assuming that we can just directly use the model to pick actions that have predicted good outcomes—which are going to be selected as “good” according the the pre-specified P-properties. This is a flaw because it’s leaving too much hard work for the specifiers to do—we want the environment to do way more work at selecting what’s “good.”
Second problem comes in two flavors—object level and meta level. The object level problem is that sometimes your AI will assign your P-properties to atoms and quantum fields (“What they want is to obey the laws of physics. What they believe is their local state.”), or your individual cells, etc. The meta level problem is that trying to get the AI to assign properties in a human-approved way is a complicated problem that you can only do so well without communicating with humans. (John Wentworth disagrees more or less, check out things tagged Natural Abstractions for more reading, but also try not to get too confirmation-biased.)
Another potential complication is the difficulty of integrating some features of this picture with modern machine learning. I think it’s fine to do research that assumes a POMDP world model or whatever. But demonstrations of alignment theories working in gridworlds have a real hard time moving me, precisely because they often let you cheat (and let you forget that you cheated) on problems one and two.
Multi-factor goals might mostly look like information learned in earlier steps getting expressed in a new way in later steps. E.g. an LLM that learns from a dataset that includes examples of humans prompting LLMs, and then is instructed to give prompts to versions of itself doing subtasks within an agent structure, may have emergent goal-like behavior from the interaction of these facts.
I think locating goals “within the CoT” often doesn’t work, a ton of work is done implicitly, especially after RL on a model using CoT. What does that mean for attempts to teach metacognition that’s good according to humans?
Would you agree that the Jeffrey-Bolker picture has stronger conditions? Rather than just needing the agent to tell you their preference ordering, they need to tell you a much more structured and theory-laden set of objects.
If you’re interested in austerity it might be interesting to try to weaken the Jeffrey-Bolker requirements, or strengthen the Savage ones, to zoom in on what lets you get austerity.
Also, richness is possible in the Savage picture, you just have to stretch the definitions of “state,” “action,” and “consequence.” In terms of the functional relationship, the action is just the thing the agent gives you a preference ordering over, and the state is just the stuff that, together with action, gives you a consequence, and the consequences are any set at all. The state doesn’t have to be literally the state of the world, and the actions don’t have to be discrete, external actions.
I’m glad you shared this, but it seems way overhyped. Nothing wrong with fine tuning per se, but this doesn’t address open problems in value learning (mostly of the sort “how do you build human trust in an AI system that has to make decisions on cases where humans themselves are inconsistent or disagree with each other?”).
Not being an author in any of those articles, I can only give my own take.
I use the term “weak to strong generalization” to talk about a more specific research-area-slash-phenomenon within scalable oversight (which I define like SO-2,3,4). As a research area, it usually means studying how a stronger student AI learns what a weaker teacher is “trying” to demonstrate, usually just with slight twists on supervised learning, and when that works well, that’s the phenomenon.
It is not an alignment technique to me because the phrase “alignment technique” sounds like it should be something more specific. But if you specified details about how the humans were doing demonstrations, and how the student AI was using them, that could be an alignment technique that uses the phenomenon of weak to strong generalization.
I do think the endgame for w2sg still should be to use humans as the weak teacher. You could imagine some cases where you’ve trained a weaker AI that you trust, and gain some benefit from using it to generate synthetic data, but that shouldn’t be the only thing you’re doing.
Well, I’m disappointed.
Everything about misuse risks and going faster to Beat China, nothing about accident/systematic risks. I guess “testing for national security capabilities” is probably in practice code for “some people will still be allowed to do AI alignment work,” but that’s not enough.
I really would have hoped Anthropic could be realistic and say “This might go wrong. Even if there’s no evil person out there trying to misuse AI, bad things could still happen by accident, in a way that needs to be fixed by changing what AI gets built in the first place, not just testing it afterwards. If this was like making a car, we should install seatbelts and maybe institute a speed limit.”