Sign up to save your podcasts
Or
Share “How to prevent collusion when using untrusted models to monitor each other” by Buck
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
“How to prevent collusion when using untrusted models to monitor each other” by Buck
Suppose you’ve trained a really clever AI model, and you’re planning to deploy it in an agent scaffold that allows it to run code or take other actions. You’re worried that this model is scheming, and you’re worried that it might only need to take a small number of actions to get to a dangerous and hard-to-reverse situation like exfiltrating its own weights. Problems that the AI can cause with small numbers of actions are particularly hard to address with standard safety techniques, because by default you are unlikely to notice the problem until the hard-to-reverse outcome has already occurred.
One of the main classes of techniques that you could apply in the hope of preventing these catastrophic actions is what we call untrusted monitoring (introduced in our paper here), which is roughly “before you execute a model's action, ask another instance of that model whether the proposed action [...]
---
Outline:
(05:51) A basic design for untrusted monitoring
(06:37) Untrusted monitoring during deployment
(11:32) Training your untrusted monitor
(13:31) How helpful would this be if the untrusted monitor did its best?
(14:51) Analyzing this under the adversarial assumption: can the model implement a conditional policy that only lies on real attacks?
(19:30) Rare failures aren’t an option for untrusted monitors
(20:41) How hard is it for a schemer to distinguish real examples of attacks from synthetic ones?
(21:03) Synthetic input contexts look obviously fake
(23:59) The monitor finds it naturally easy to distinguish synthetic attacks from real attacks
(27:45) Using a coordinated strategy that makes it easy to distinguish
(32:38) Preventing collusion under the assumption that the models can choose a coordination strategy
(36:04) A note on inference costs
(37:17) Conclusion
(39:19) Appendix: More on how helpful untrusted monitoring would be if the untrusted model did its best
(42:14) Appendix: A rule of thumb for estimating safety with execute/replace/audit protocols
The original text contained 4 footnotes which were omitted from this narration.
The original text contained 2 images which were described by AI.
---
First published:
September 24th, 2024
Source:
https://www.lesswrong.com/posts/GCqoks9eZDfpL8L3Q/how-to-prevent-collusion-when-using-untrusted-models-to
---
Narrated by TYPE III AUDIO.
---
Images from the article:
Apple Podcasts and Spotify do not show images in the episode description. Try Pocket Casts, or another podcast app.
View all episodes
By LessWrongSuppose you’ve trained a really clever AI model, and you’re planning to deploy it in an agent scaffold that allows it to run code or take other actions. You’re worried that this model is scheming, and you’re worried that it might only need to take a small number of actions to get to a dangerous and hard-to-reverse situation like exfiltrating its own weights. Problems that the AI can cause with small numbers of actions are particularly hard to address with standard safety techniques, because by default you are unlikely to notice the problem until the hard-to-reverse outcome has already occurred.
One of the main classes of techniques that you could apply in the hope of preventing these catastrophic actions is what we call untrusted monitoring (introduced in our paper here), which is roughly “before you execute a model's action, ask another instance of that model whether the proposed action [...]
---
Outline:
(05:51) A basic design for untrusted monitoring
(06:37) Untrusted monitoring during deployment
(11:32) Training your untrusted monitor
(13:31) How helpful would this be if the untrusted monitor did its best?
(14:51) Analyzing this under the adversarial assumption: can the model implement a conditional policy that only lies on real attacks?
(19:30) Rare failures aren’t an option for untrusted monitors
(20:41) How hard is it for a schemer to distinguish real examples of attacks from synthetic ones?
(21:03) Synthetic input contexts look obviously fake
(23:59) The monitor finds it naturally easy to distinguish synthetic attacks from real attacks
(27:45) Using a coordinated strategy that makes it easy to distinguish
(32:38) Preventing collusion under the assumption that the models can choose a coordination strategy
(36:04) A note on inference costs
(37:17) Conclusion
(39:19) Appendix: More on how helpful untrusted monitoring would be if the untrusted model did its best
(42:14) Appendix: A rule of thumb for estimating safety with execute/replace/audit protocols
The original text contained 4 footnotes which were omitted from this narration.
The original text contained 2 images which were described by AI.
---
First published:
September 24th, 2024
Source:
https://www.lesswrong.com/posts/GCqoks9eZDfpL8L3Q/how-to-prevent-collusion-when-using-untrusted-models-to
---
Narrated by TYPE III AUDIO.
---
Images from the article:
Apple Podcasts and Spotify do not show images in the episode description. Try Pocket Casts, or another podcast app.
More shows like LessWrong (30+ Karma)
View all
Making Sense with Sam Harris
26,382 Listeners
Conversations with Tyler
2,386 Listeners
The Peter Attia Drive
7,925 Listeners
Sean Carroll's Mindscape: Science, Society, Philosophy, Culture, Arts, and Ideas
4,134 Listeners
ManifoldOne
87 Listeners
Your Undivided Attention
1,456 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
9,048 Listeners
Machine Learning Street Talk (MLST)
87 Listeners
Dwarkesh Podcast
387 Listeners
Hard Fork
5,426 Listeners
The Ezra Klein Show
15,207 Listeners
Moonshots with Peter Diamandis
472 Listeners
No Priors: Artificial Intelligence | Technology | Startups
120 Listeners
Latent Space: The AI Engineer Podcast
75 Listeners
BG2Pod with Brad Gerstner and Bill Gurley
456 Listeners