Sign up to save your podcasts
Or
Share “Breaking Circuit Breakers” by mikes, tbenthompson
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
“Breaking Circuit Breakers” by mikes, tbenthompson
This is a link post.
A few days ago, Gray Swan published code and models for their recent “circuit breakers” method for language models.[1]1
The circuit breakers method defends against jailbreaks by training the model to erase “bad” internal representations. We are very excited about data-efficient defensive methods like this, especially those which use interpretability concepts or tools.
At the link, we briefly investigate three topics:
- Increased refusal rates on harmless prompts: Do circuit breakers really maintain language model utility? Most defensive methods come with a cost. We check the model's effectiveness on harmless prompts, and find that the refusal rate increases from 4% to 38.5% on or-bench-80k.
- Moderate vulnerability to different token-forcing sequences: How specialized is the circuit breaker defense to the specific adversarial attacks they studied? All the attack methods evaluated in the circuit breaker paper rely on a “token-forcing” optimization objective which maximizes the likelihood of [...]
---
First published:
July 14th, 2024
Source:
https://www.lesswrong.com/posts/NAYyHimM3FaDYLvEH/breaking-circuit-breakers
---
Narrated by TYPE III AUDIO.
View all episodes
By LessWrongThis is a link post.
A few days ago, Gray Swan published code and models for their recent “circuit breakers” method for language models.[1]1
The circuit breakers method defends against jailbreaks by training the model to erase “bad” internal representations. We are very excited about data-efficient defensive methods like this, especially those which use interpretability concepts or tools.
At the link, we briefly investigate three topics:
- Increased refusal rates on harmless prompts: Do circuit breakers really maintain language model utility? Most defensive methods come with a cost. We check the model's effectiveness on harmless prompts, and find that the refusal rate increases from 4% to 38.5% on or-bench-80k.
- Moderate vulnerability to different token-forcing sequences: How specialized is the circuit breaker defense to the specific adversarial attacks they studied? All the attack methods evaluated in the circuit breaker paper rely on a “token-forcing” optimization objective which maximizes the likelihood of [...]
---
First published:
July 14th, 2024
Source:
https://www.lesswrong.com/posts/NAYyHimM3FaDYLvEH/breaking-circuit-breakers
---
Narrated by TYPE III AUDIO.
More shows like LessWrong (30+ Karma)
View all
The Daily
112,842 Listeners
Astral Codex Ten Podcast
130 Listeners
Interesting Times with Ross Douthat
7,215 Listeners
Dwarkesh Podcast
531 Listeners
The Ezra Klein Show
16,221 Listeners
AI Article Readings
4 Listeners
Doom Debates
14 Listeners
LessWrong posts by zvi
2 Listeners