Jozdien

• Jozdien 19 Dec 2024 15:12 UTC

  8 points

  2

  in reply to: __RicG__’s comment on: Align­ment Fak­ing in Large Lan­guage Models

  They do say this in the paper:

  

  As Evan agrees with here however, simply not including the results themselves doesn’t solve the problem of the ideas leaking through. There’s a reason unlearning as a science is difficult, information percolates in many ways and drawing boundaries around the right thing is really hard.

• Jozdien 16 Dec 2024 15:14 UTC

  11 points

  1

  on: Test­ing which LLM ar­chi­tec­tures can do hid­den se­rial reasoning

  I think this is a really good line of research, thanks. Some notes:

  Hidden reasoning to me is any reasoning a model performs which isn’t apparent to an overseer. Hidden internal states is one way this could occur, but another way is for models to infer different information from some text. Models (and humans) infer a large amount of information from seemingly small pieces of text. For example, a language model would have to model all sorts of things about the generator of a piece of text while processing to generate new tokens. It uses each token as a conditional over a very high-dimensional “context” prior, a conditional which encodes a lot of information computed implicitly rather than through written tokens. LLMs are superhuman at this by their very nature.

  Analogously, if you have a setting with two tasks—one obvious and one hidden—then a risk would be reasoning tokens for the first task outputted such that it provides conditional information for the second task. You allude to this in your conclusion, where you say:

  Models could still reason steganographically. (Although in some other toy experiments, I found it surprisingly hard to make them spontaneously learn a steganographic code, even when they had to pass only one bit of hidden information^[3]. Models could learn it only after seeing many explicit steganography demonstrations in the training data. This made me think that steganography may require the model to intentionally, non-myopically try to hide information, because in the short-term, model updates seem to not reinforce it.

  I think that’s too narrow a definition of steganography. Models pass information legible only to “themselves” all the time, without requiring explicit reasoning. But this is benefitted a lot from high-bandwidth information channels. It’s much harder for a model to infer conditional information from the way it writes “two 3 double 4 one 2 triple 3″ than when writing a long chain of reasoning for how to increase share prices^[1].

  Toy tasks seem to run into this problem hard, given how restricted the information you can pass through tokens are. I think they’re good at testing a specific instantiation of hidden serial reasoning, that differentiates your Mamba variant and transformers, but not general hidden serial reasoning.

  1. ^

     Concretely, consider a setting where a model is continuing a story from a pre-written prologue. At any given point, if prompted with “—Written by” or some such, it would get it right much more often than random, despite never reasoning about such a thing in the text, and no tokens being explicitly dedicated to it. There’s a separate claim that could be made about how much reasoning can be passed through these hidden conditionals, but that’s a quantitative question and almost always I hear the claim about “scheming in one forward pass is unlikely” instead, sidestepping that question entirely.

  What links here?

  • Sim­ple Stegano­graphic Com­pu­ta­tion Eval—gpt-4o and gem­ini-exp-1206 can’t solve it yet by Filip Sondej (19 Dec 2024 15:47 UTC; 9 points)

• Jozdien 10 Dec 2024 18:25 UTC

  7 points

  4

  in reply to: Noosphere89’s comment on: Chris­ti­anKl’s Shortform

  I disagree with the use of “any”. In principle, an effective alignment technique could create an AI that isn’t censored, but does have certain values/​preferences over the world. You could call that censorship, but that doesn’t seem like the right or common usage. I agree that in practice many/​most things currently purporting to be effective alignment techniques fit the word more, though.

• Jozdien 10 Dec 2024 13:48 UTC

  5 points

  1

  in reply to: Yonatan Cale’s comment on: Thoughts On (Solv­ing) Deep Deception

  But if we solve these two problems then I think you could go further and say we don’t really need to care about deceptiveness at all. Our AI will just be aligned.

  I agree, but one idea behind deep deception is that it’s an easy-to-miss failure mode. Specifically, I had someone come up after a talk on high-level interpretability to say it didn’t solve deep deception, and well, I disagreed. I don’t talk about it in terms of deceptiveness, but it glosses over a few inferential steps relating to deception that are easy to stumble over, so the claim wasn’t without merit—especially because I think many other agendas miss that insight.

• Jozdien 7 Dec 2024 17:43 UTC

  8 points

  0

  in reply to: leogao’s comment on: leogao’s Shortform

  My timelines are roughly 50% probability on something like transformative AI by 2030, 90% by 2045, and a long tail afterward. I don’t hold this strongly either, and my views on alignment are mostly decoupled from these beliefs. But if we do get an AI winter longer than that (through means other than by government intervention, which I haven’t accounted for), I should lose some Bayes points, and it seems worth saying so publicly.

• Jozdien 21 Nov 2024 21:20 UTC

  6 points

  1

  in reply to: Joe Rogero’s comment on: Cost, Not Sacrifice

  Many deals in the real world have a lot of positive surplus. Most deals I would like to make have positive surplus. I would still make a deal to get something more valuable with something less valuable, but if the margins are very thin (or approaching zero), then I wouldn’t like the deal even as I make it. I can feel like it’s a terrible deal because the deals I want would have a lot more surplus to them, ideally involving a less painful cost.

• Jozdien 19 Nov 2024 20:38 UTC

  4 points

  2

  in reply to: StefanHex’s comment on: Ste­fanHex’s Shortform

  I’ve heard people argue that we should develop mechanistic interpretability methods that can be applied to any architecture.

  I think the usual reason this claim is made is because the person making the claim thinks it’s very plausible LLMs aren’t the paradigm that lead to AGI. If that’s the case, then interpretability that’s indexed heavily on them gets us understanding of something qualitatively weaker than we’d like. I agree that there’ll be some transfer, but it seems better and not-very-hard to talk about how well different kinds of work transfer.

• Jozdien 18 Nov 2024 20:39 UTC

  9 points

  2

  in reply to: Buck’s comment on: Why im­perfect ad­ver­sar­ial ro­bust­ness doesn’t doom AI control

  What if model CoTs become less transparent? I think o1 has shadows of this—often in the CoT summaries, there’ll be a couple lines in a completely different language, that make me think that the actual CoT looks weirder than the reasoning CoTs of previous models. That could be harder for either weaker or different models to monitor reliably. Do you expect the divergence to not be large enough to pose a problem, or that there are other ways to address that, or “yeah you shouldn’t do RL on your model CoTs, that would be crazy”?

• Jozdien 15 Nov 2024 17:21 UTC

  17 points

  3

  in reply to: johnswentworth’s comment on: john­swent­worth’s Shortform

  For what it’s worth, and for the purpose of making a public prediction in case I’m wrong, my median prediction is that [some mixture of scaling + algorithmic improvements still in the LLM regime, with at least 25% gains coming from the former] will continue for another couple years. And that’s separate from my belief that if we did try to only advance through the current mixture of scale and algorithmic advancement, we’d still get much more powerful models, just slower.

  I’m not very convinced by the claims about scaling hitting a wall, considering we haven’t had the compute to train models significantly larger than GPT-4 until recently. Plus other factors like post-training taking a lot of time (GPT-4 took ~6 months from the base model being completed to release, I think? And this was a lot longer than GPT-3), labs just not being good at understanding how good their models are, etc. Though I’m not sure how much of your position is closer to “scaling will be <25-50% of future gains” than “scaling gains will be marginal /​ negligible”, especially since a large part of this trajectory involves e.g. self-play or curated data for overcoming the data wall (would that count more as an algorithmic improvement or scaling?)

• Jozdien 28 Oct 2024 18:23 UTC

  4 points

  0

  in reply to: burrito’s comment on: The case for more am­bi­tious lan­guage model evals

  Interesting, thanks! I do think RLHF makes the models worse at truesight^[1], see examples in other comments. But the gap isn’t so big that it can’t be caught up to eventually—what matters is how well you can predict future capabilities. Though, I would bet that the gap is still big enough that it would fail on the majority of examples from GPT-4-base (two years old now).

  1. ^

     I say “worse” for lack of a better concise word. I think what’s really happening is that we’re simply measuring two slightly different tasks in both cases. Are we measuring how well a completion model understands the generator of text it needs to produce, or how well a chat assistant can recognize the author of text?

• Jozdien 24 Oct 2024 2:44 UTC

  5 points

  0

  in reply to: Alexander Howell’s comment on: BIG-Bench Ca­nary Con­tam­i­na­tion in GPT-4

  Thanks for testing this! This is very interesting.

  I’m still operating under the assumption that it does know the string, and is hallucinating, or that it can’t retrieve it under these conditions. But slightly alarming that it apologises for lying, then lies again.

  Agreed. Seems plausible that it does recognize the string as the BIG-Bench canary (though on questioning it’s very evasive, so I wouldn’t say it’s extremely likely). I’m leaning toward it having “forgotten” the actual string though (“forgotten” because it’s plausible it can be extracted with the right prompt, but there isn’t a good word for describing a larger elicitation gap).

• Jozdien 24 Oct 2024 2:36 UTC

  3 points

  0

  in reply to: hmys’s comment on: BIG-Bench Ca­nary Con­tam­i­na­tion in GPT-4

  Maybe like 10%?

• Jozdien 23 Oct 2024 11:04 UTC

  4 points

  0

  in reply to: hmys’s comment on: BIG-Bench Ca­nary Con­tam­i­na­tion in GPT-4

  It seems like such an obviously stupid thing to do that my priors aren’t very high (though you’re right in that they’re slightly higher because it’s OpenAI). I think it’s telling however that neither Claude nor Gemini shy away from revealing the canary string.

• Jozdien 23 Oct 2024 10:58 UTC

  10 points

  1

  in reply to: milanrosko’s comment on: BIG-Bench Ca­nary Con­tam­i­na­tion in GPT-4

  This doesn’t guarantee it, you’re right. But the obvious way to filter canaried data out is to simply remove any document that has the string inside it. To further filter for articles that only talk about the canary instead of intending to use it seems like a needlessly expensive task, given how few such articles there would be.

  Further, given that one use of the canary is to tell whether contamination has happened by checking if the model knows the string, not filtering such articles out would still not be great.

  All that said however, I think the fact that GPT-4 had memorized BIG-Bench tasks—which certainly used the canary—means that the contamination could have happened from anything that had the canary in it.

BIG-Bench Ca­nary Con­tam­i­na­tion in GPT-4

• Jozdien 21 Oct 2024 15:31 UTC

  16 points

  7

  on: A Rocket–In­ter­pretabil­ity Analogy

  The field of alignment seems to be increasingly dominated by interpretability. (and obedience^[2])

  I agree w.r.t potential downstream externalities of interpretability. However, my view from speaking to a fair number of those who join the field to work on interpretability is that the upstream cause is slightly different. Interpretability is easier to understand and presents “cleaner” projects than most others in the field. It’s also much more accessible and less weird to say, an academic, or the kind of person who hasn’t spent a lot of time thinking about alignment.

  All of these are likely correlated with having downstream capabilities applications, but the exact mechanism doesn’t look like “people recognizing that this has huge profit potential and therefore growing much faster than other sub-fields”.

• Jozdien 17 Oct 2024 20:33 UTC

  4 points

  0

  in reply to: TurnTrout’s comment on: TurnTrout’s short­form feed

  Some of my mentees are working on something related to this right now! (One of them brought this comment to my attention). It’s definitely very preliminary work—observing what results in different contexts when you do something like tune a model using some extracted representations of model internals as a signal—but as you say we don’t really have very much empirics on this, so I’m pretty excited by it.

• Jozdien 25 Sep 2024 20:34 UTC

  4 points

  2

  in reply to: Yoav Ravid’s comment on: Yoav Ravid’s Shortform

  It could work as a precautionary measure against existential risk. If someone is planning on doing something that also risks the world getting destroyed, then the threat could be credible.

  (I am not endorsing humans actually using this strategy in the real world, obviously).

• Jozdien 30 Aug 2024 11:56 UTC

  5 points

  0

  in reply to: Ruby’s comment on: Ruby’s Short­form Feed

  I’m interested. I once tried a much more rudimentary LW-LLM integration with a GPT-4 Discord bot and it never felt quite right, so I’d be very interested in seeing what a much better version looks like.

• Jozdien 28 Aug 2024 16:56 UTC

  8 points

  3

  in reply to: johnswentworth’s comment on: Why Large Bureau­cratic Or­ga­ni­za­tions?

  My guess for the downvotes is that independent of the median-you thing, being so critical of large organizations that their existence confuses you can seem like you’re implicitly placing yourself above everyone who, for whatever reason, chooses to partake in such an organization. To them, the calculus could bear out such that it seems beneficial, and starting a post with the assumption that they’re terrible and inefficient can be irksome. That, coupled with the fact that I’m guessing there are people who’ve spent a lot of time thinking about how to manage organizations well and see it as difficult to opine on from the outside without wisdom from practice, who could see this and think it, well, slightly overconfident.

  This is independent of whether the post is true, which I’m probably leaning much more toward than the downvotes. Though it still has a lot of upvotes on net, so trying to figure out why a small fraction of downvotes exist is harder than if they were larger.