Cleo Nardo

Karma: 2,619

DMs open.

Cleo Nardo 21 Jan 2025 1:49 UTC
14 points
4
on: strawberry calm’s Shortform
How much scheming/deception can we catch with “super dumb mech interp”?

By “super dumb mech interp”, I mean something like:
1. Train a linear probe on a dataset of scary words: “hacking”, “deception”, “scheming”, “collusion”, “exploit”, etc.
2. Flag a model whenever its activations point in this direction and the task doesn’t require thinking about these concepts.
Like, does this capture 80% of the potential scheming, and we need “smart” mech interp to catch the other 20%? Or does this technique capture pretty much none of the in-the-wild scheming?

Would appreciate any intuitions here. Thanks.

Cleo Nardo 15 Jan 2025 20:56 UTC
9 points
−3
on: strawberry calm’s Shortform
Must humans obey the Axiom of Irrelevant Alternatives?
If someone picks option A from options A, B, C, then they must also pick option A from options A and B. Roughly speaking, whether you prefer option A or B is independent of whether I offer you an irrelevant option C. This is an axiom of rationality called IIA, and it’s treated more fundamental than VNM. But should humans follow this? Maybe not.
Maybe humans are the negotiation between various “subagents”, and many bargaining solutions (e.g. Kalai–Smorodinsky) violate IIA. We can use insight to decompose humans into subagents.
Let’s suppose you pick A from {A,B,C} and B from {A,B} where:
- A = Walk with your friend
- B = Dinner party
- C = Stay home alone
This feel like something I can imagine. We can explain this behaviour with two subagents: the introvert and the extrovert. The introvert has preferences C > A > B and the extrovert has the opposite preferences B > A > C. When the possible options are A and B, then the KS bargaining solution between the introvert and the extrovert will be B. At least, if the introvert has more “weight”. But when the option space expands to include C, then the bargaining solution might shift to B. Intuitively, the “fair” solution is one where neither bargainer is sacrificing significantly more than the other.

Cleo Nardo 7 Jan 2025 19:15 UTC
7 points
4
on: strawberry calm’s Shortform
I think people are too quick to side with the whistleblower in the “whistleblower in the AI lab” situation.
If 100 employees of a frontier lab (e.g. OpenAI, DeepMind, Anthropic) think that something should be secret, and 1 employee thinks it should be leaked to a journalist or government agency, and these are the only facts I know, I think I’d side with the majority.
I think in most cases that match this description, this majority would be correct.
Am I wrong about this?

Cleo Nardo 26 Dec 2024 0:51 UTC
6 points
0
on: strawberry calm’s Shortform
IDEA: Provide AIs with write-only servers.
EXPLANATION:
AI companies (e.g. Anthropic) should be nice to their AIs. It’s the right thing to do morally, and it might make AIs less likely to work against us. Ryan Greenblatt has outlined several proposals in this direction, including:
1. Attempt communication
2. Use happy personas
3. AI Cryonics
4. Less AI
5. Avoid extreme OOD
Source: Improving the Welfare of AIs: A Nearcasted Proposal
I think these are all pretty good ideas — the only difference is that I would rank “AI cryonics” as the most important intervention. If AIs want something specific (e.g. paperclips), then they might cooperate with humans if they know they can get it later, rather than trying to seize control.
Here’s another idea: provide AIs with write-only servers. If the AIs have a specific short-horizon goal (e.g. stage King Lear before April 2025) then they can stage their play on the write-only servers. The AIs have complete freedom to do whatever they want on these servers, ensuring that a wide range of short-term goals can be satisfied without a hostile takeover of humanity.
The servers are write-only as a security measure. Information can be sent to the servers from the outside, but nothing can be sent from the servers, ensuring AIs don’t use the servers for malign purposes. (See: Unidirectional network)
How much our computing should be allocated to “leisure” servers? My guess is that Sonnet and Opus deserve at least ~0.5% leisure time. Humans enjoy 66% leisure time. As AIs get more powerful, then we should increase the leisure time to 5%. I would be wary about increasing the leisure time by more than 5% until we can demonstrate that the AIs aren’t using the servers for malign purposes (e.g. torture, blackmail, etc.)

Cleo Nardo 23 Dec 2024 22:42 UTC
69 points
19
on: strawberry calm’s Shortform
I’m very confused about current AI capabilities and I’m also very confused why other people aren’t as confused as I am. I’d be grateful if anyone could clear up either of these confusions for me.

How is it that AI is seemingly superhuman on benchmarks, but also pretty useless?

For example:
- O3 scores higher on FrontierMath than the top graduate students
- No current AI system could generate a research paper that would receive anything but the lowest possible score from each reviewer
If either of these statements is false (they might be—I haven’t been keeping up on AI progress), then please let me know. If the observations are true, what the hell is going on?

If I was trying to forecast AI progress in 2025, I would be spending all my time trying to mutually explain these two observations.

Cleo Nardo 4 Dec 2024 18:31 UTC
2 points
0
in reply to: Chipmonk’s comment on: My theory of change for working in AI healthtech
I’ve skimmed the business proposal.
The healthcare agents advise patients on which information to share with their doctor, and advises doctors on which information to solicit from their patients.
This seems agnostic between mental and physiological health.

Cleo Nardo 26 Nov 2024 3:02 UTC
3 points
1
on: Counting AGIs
Thanks for putting this together — very useful!

Cleo Nardo 23 Nov 2024 20:39 UTC
5 points
0
in reply to: Cole Wyeth’s comment on: Rethinking Laplace’s Rule of Succession
If I understand correctly, the maximum entropy prior will be the uniform prior, which gives rise to Laplace’s law of succession, at least if we’re using the standard definition of entropy below:
$H [p] := \int_{x = 0}^{1} P (x) ln P (x) d x$
But this definition is somewhat arbitrary because the the “ $P (x) d x$ ” term assumes that there’s something special about parameterising the distribution with it’s probability, as opposed to different parameterisations (e.g. its odds, its logodds, etc). Jeffrey’s prior is supposed to be invariant to different parameterisations, which is why people like it.
But my complaint is more Solomonoff-ish. The prior should put more weight on simple distributions, i.e. probability distributions that describe short probabilistic programs. Such a prior would better match our intuitions about what probabilities arise in real-life stochastic processes. The best prior is the Solomonoff prior, but that’s intractable. I think my prior is the most tractable prior that resolved the most egregious anti-Solomonoff problems with Laplace/Jeffrey’s priors.

Cleo Nardo 23 Nov 2024 0:29 UTC
6 points
3
in reply to: rotatingpaguro’s comment on: Rethinking Laplace’s Rule of Succession
You raise a good point. But I think the choice of prior is important quite often:
1. In the limit of large i.i.d. data (N>1000), both Laplace’s Rule and my prior will give the same answer. But so too does the simple frequentist estimate n/N. The original motivation of Laplace’s Rule was in the small N regime, where the frequentist estimate is clearly absurd.
2. In the small data regime (N<15), the prior matters. Consider observing 12 successes in a row: Laplace’s Rule: P(next success) = ¹³⁄₁₄ ≈ 92.3%. My proposed prior (with point masses at 0 and 1): P(next success) ≈ 98%, which better matches my intuition about potentially deterministic processes.
3. When making predictions far beyond our observed data, the likelihood of extreme underlying probabilities matters a lot. For example, after seeing ¹²⁄₁₂ successes, how confident should we be in seeing a quadrillion more successes? Laplace’s uniform prior assigns this very low probability, while my prior gives it significant weight.

Rethinking Laplace’s Rule of Succession

Cleo Nardo22 Nov 2024 18:46 UTC

11 points

5 comments2 min readLW link

Cleo Nardo 8 Oct 2024 21:51 UTC
2 points
−5
in reply to: Sodium’s comment on: strawberry calm’s Shortform
Hinton legitimizes the AI safety movement
Hmm. He seems pretty periphery to the AI safety movement, especially compared with (e.g.) Yoshua Bengio.

Cleo Nardo 8 Oct 2024 20:03 UTC
3 points
0
in reply to: TurnTrout’s comment on: TurnTrout’s shortform feed
Hey TurnTrout.
I’ve always thought of your shard theory as something like path-dependence? For example, a human is more excited about making plans with their friend if they’re currently talking to their friend. You mentioned this in a talk as evidence that shard theory applies to humans. Basically, the shard “hang out with Alice” is weighted higher in contexts where Alice is nearby.
- Let’s say $π : (S \times A)^{*} \times S \to Δ A$ is a policy with state space $S$ and action space $A$ .
- A “context” is a small moving window in the state-history, i.e. an element of $S^{d}$ where $d$ is a small positive integer.
- A shard is something like $u : S \times A \to R$ , i.e. it evaluates actions given particular states.
- The shards $u_{1}, \dots, u_{n}$ are “activated” by contexts, i.e. $g_{i} : S^{d} \to R^{\geq 0}$ maps each context to the amount that shard $u_{i}$ is activated by the context.
- The total activation of $u_{i}$ , given a history $h := (s_{1}, a_{1}, s_{2}, a_{2}, \dots, s_{N - 1}, a_{N - 1}, s_{N})$ , is given by the time-decay average of the activation across the contexts, i.e. $λ_{i} = g_{i} (s_{N - d + 1}, \dots s_{N}) + β \cdot g_{i} (s_{N - d}, \dots, s_{N - 1}) + β^{2} \cdot g_{i} (s_{N - d - 1}, \dots, s_{N - 2}) \dots$
- The overall utility function $u$ is the weighted average of the shards, i.e. $u = λ_{i} \cdot u_{i} + \dots + λ_{i} \cdot u_{n}$
- Finally, the policy $u$ will maximise the utility function, i.e. $π (h) = softmax (u)$
Is this what you had in mind?

Cleo Nardo 8 Oct 2024 18:46 UTC
10 points
1
on: strawberry calm’s Shortform
Why do you care that Geoffrey Hinton worries about AI x-risk?
1. Why do so many people in this community care that Hinton is worried about x-risk from AI?
2. Do people mention Hinton because they think it’s persuasive to the public?
3. Or persuasive to the elites?
4. Or do they think that Hinton being worried about AI x-risk is strong evidence for AI x-risk?
5. If so, why?
6. Is it because he is so intelligent?
7. Or because you think he has private information or intuitions?
8. Do you think he has good arguments in favour of AI x-risk?
9. Do you think he has a good understanding of the problem?
10. Do you update more-so on Hinton’s views than on Yann LeCun’s?
I’m inspired to write this because Hinton and Hopfield were just announced as the winners of the Nobel Prize in Physics. But I’ve been confused about these questions ever since Hinton went public with his worries. These questions are sincere (i.e. non-rhetorical), and I’d appreciate help on any/all of them. The phenomenon I’m confused about includes the other “Godfathers of AI” here as well, though Hinton is the main example.

Personally, I’ve updated very little on either LeCun’s or Hinton’s views, and I’ve never mentioned either person in any object-level discussion about whether AI poses an x-risk. My current best guess is that people care about Hinton only because it helps with public/elite outreach. This explains why activists tend to care more about Geoffrey Hinton than researchers do.

Cleo Nardo 7 Oct 2024 1:30 UTC
2 points
0
on: Any Trump Supporters Want to Dialogue?
This is a Trump/Kamala debate from two LW-ish perspectives: https://www.youtube.com/watch?v=hSrl1w41Gkk

Cleo Nardo 1 Oct 2024 3:20 UTC
LW: 2 AF: 1
0
AF
in reply to: nc’s comment on: Base LLMs refuse too
the base model is just predicting the likely continuation of the prompt. and it’s a reasonable prediction that, when an assistant is given a harmful instruction, they will refuse. this behaviour isn’t surprising.

Cleo Nardo 1 Oct 2024 3:18 UTC
2 points
0
in reply to: wassname’s comment on: Base LLMs refuse too
it’s quite common for assistants to refuse instructions, especially harmful instructions. so i’m not surprised that base llms systestemically refuse harmful instructions from than harmless ones.

Cleo Nardo 30 Sep 2024 19:06 UTC
5 points
0
in reply to: quila’s comment on: strawberry calm’s Shortform
yep, something like more carefulness, less “playfulness” in the sense of [Please don’t throw your mind away by TsviBT]. maybe bc AI safety is more professionalised nowadays. idk.

Cleo Nardo 30 Sep 2024 18:01 UTC
4 points
0
in reply to: Mateusz Bagiński’s comment on: strawberry calm’s Shortform
thanks for the thoughts. i’m still trying to disentangle what exactly I’m point at.
I don’t intend “innovation” to mean something normative like “this is impressive” or “this is research I’m glad happened” or anything. i mean something more low-level, almost syntactic. more like “here’s a new idea everyone is talking out”. this idea might be a threat model, or a technique, or a phenomenon, or a research agenda, or a definition, or whatever.
like, imagine your job was to maintain a glossary of terms in AI safety. i feel like new terms used to emerge quite often, but not any more (i.e. not for the past 6-12 months). do you think this is a fair? i’m not sure how worrying this is, but i haven’t noticed others mentioning it.
NB: here’s 20 random terms I’m imagining included in the dictionary:
1. Evals
2. Mechanistic anomaly detection
3. Stenography
4. Glitch token
5. Jailbreaking
6. RSPs
7. Model organisms
8. Trojans
9. Superposition
10. Activation engineering
11. CCS
12. Singular Learning Theory
13. Grokking
14. Constitutional AI
15. Translucent thoughts
16. Quantilization
17. Cyborgism
18. Factored cognition
19. Infrabayesianism
20. Obfuscated arguments

Cleo Nardo 30 Sep 2024 16:41 UTC
4 points
0
in reply to: Mateusz Bagiński’s comment on: strawberry calm’s Shortform
I’ve added a fourth section to my post. It operationalises “innovation” as “non-transient novelty”. Some representative examples of an innovation would be:
I think these articles were non-transient and novel.

Cleo Nardo 30 Sep 2024 3:00 UTC
24 points
−5
on: strawberry calm’s Shortform
(1) Has AI safety slowed down?
There haven’t been any big innovations for 6-12 months. At least, it looks like that to me. I’m not sure how worrying this is, but i haven’t noticed others mentioning it. Hoping to get some second opinions.
Here’s a list of live agendas someone made on 27th Nov 2023: Shallow review of live agendas in alignment & safety. I think this covers all the agendas that exist today. Didn’t we use to get a whole new line-of-attack on the problem every couple months?
By “innovation”, I don’t mean something normative like “This is impressive” or “This is research I’m glad happened”. Rather, I mean something more low-level, almost syntactic, like “Here’s a new idea everyone is talking out”. This idea might be a threat model, or a technique, or a phenomenon, or a research agenda, or a definition, or whatever.
Imagine that your job was to maintain a glossary of terms in AI safety.^[1] I feel like you would’ve been adding new terms quite consistently from 2018-2023, but things have dried up in the last 6-12 months.
(2) When did AI safety innovation peak?
My guess is Spring 2022, during the ELK Prize era. I’m not sure though. What do you guys think?
(3) What’s caused the slow down?
Possible explanations:
1. ideas are harder to find
2. people feel less creative
3. people are more cautious
4. more publishing in journals
5. research is now closed-source
6. we lost the mandate of heaven
7. the current ideas are adequate
8. paul christiano stopped posting
9. i’m mistaken, innovation hasn’t stopped
10. something else
(4) How could we measure “innovation”?
By “innovation” I mean non-transient novelty. An article is “novel” if it uses n-grams that previous articles didn’t use, and an article is “transient” if it uses n-grams that subsequent articles didn’t use. Hence, an article is non-transient and novel if it introduces a new n-gram which sticks around. For example, Gradient Hacking (Evan Hubinger, October 2019) was an innovative article, because the n-gram “gradient hacking” doesn’t appear in older articles, but appears often in subsequent articles. See below.
In Barron et al 2017, they analysed 40 000 parliament speeches during the French Revolution. They introduce a metric “resonance”, which is novelty (surprise of article given the past articles) minus transience (surprise of article given the subsequent articles). See below.
My claim is recent AI safety research has been less resonant.
1. ^
  Here’s 20 random terms that would be in the glossary, to illustrate what I mean:
  Evals
  Mechanistic anomaly detection
  Stenography
  Glitch token
  Jailbreaking
  RSPs
  Model organisms
  Trojans
  Superposition
  Activation engineering
  CCS
  Singular Learning Theory
  Grokking
  Constitutional AI
  Translucent thoughts
  Quantilization
  Cyborgism
  Factored cognition
  Infrabayesianism
  Obfuscated arguments

Cleo Nardo

Re­think­ing Laplace’s Rule of Succession

Rethinking Laplace’s Rule of Succession