Sign up to save your podcasts
Or
Share “Thoughts on the conservative assumptions in AI control” by Buck Shlegeris
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
“Thoughts on the conservative assumptions in AI control” by Buck Shlegeris
Subtitle: Why are we so friendly to the red team?.
Work that I’ve done on techniques for mitigating risk from misaligned AI often makes a number of conservative assumptions about the capabilities of the AIs we’re trying to control. (E.g. the original AI control paper, Adaptive Deployment of Untrusted LLMs Reduces Distributed Threats, How to prevent collusion when using untrusted models to monitor each other.) For example:
-
The AIs are consistently trying to subvert safety measures.
-
They’re very good at strategizing about how to subvert them, and can do this strategizing totally illegibly (e.g. in a single forward pass).
-
They can follow a strategy that's coordinated between all their instances.
-
They know exactly what safety measures are in use.
-
They know a lot about the distribution of inputs.
-
They’re able to pick Schelling points perfectly.
-
They’re able to follow stochastic [...]
---
Outline:
(03:01) The conservative assumption I don't make
(06:09) Hard worlds are plausible
(12:30) Those assumptions are hard to evaluate
(15:57) Why it's nice to rely on these assumptions
(16:09) Making those assumptions makes it methodologically clean to evaluate safety
(17:10) Relying only on easy-to-evaluate assumptions would allow more clearly-specified and hard-to-game regulatory standards
(18:31) Kerckhoff's principle in computer security as an analogy
(19:55) The main downsides of these assumptions
(19:59) You can't completely escape from methodological messiness
(21:05) Bad technique prioritization
(22:20) Insane game theory requirements to evaluate techniques
(23:15) Conclusion
---
First published:
January 17th, 2025
Source:
https://redwoodresearch.substack.com/p/thoughts-on-the-conservative-assumptions
---
Narrated by TYPE III AUDIO.
View all episodes
By Redwood ResearchSubtitle: Why are we so friendly to the red team?.
Work that I’ve done on techniques for mitigating risk from misaligned AI often makes a number of conservative assumptions about the capabilities of the AIs we’re trying to control. (E.g. the original AI control paper, Adaptive Deployment of Untrusted LLMs Reduces Distributed Threats, How to prevent collusion when using untrusted models to monitor each other.) For example:
-
The AIs are consistently trying to subvert safety measures.
-
They’re very good at strategizing about how to subvert them, and can do this strategizing totally illegibly (e.g. in a single forward pass).
-
They can follow a strategy that's coordinated between all their instances.
-
They know exactly what safety measures are in use.
-
They know a lot about the distribution of inputs.
-
They’re able to pick Schelling points perfectly.
-
They’re able to follow stochastic [...]
---
Outline:
(03:01) The conservative assumption I don't make
(06:09) Hard worlds are plausible
(12:30) Those assumptions are hard to evaluate
(15:57) Why it's nice to rely on these assumptions
(16:09) Making those assumptions makes it methodologically clean to evaluate safety
(17:10) Relying only on easy-to-evaluate assumptions would allow more clearly-specified and hard-to-game regulatory standards
(18:31) Kerckhoff's principle in computer security as an analogy
(19:55) The main downsides of these assumptions
(19:59) You can't completely escape from methodological messiness
(21:05) Bad technique prioritization
(22:20) Insane game theory requirements to evaluate techniques
(23:15) Conclusion
---
First published:
January 17th, 2025
Source:
https://redwoodresearch.substack.com/p/thoughts-on-the-conservative-assumptions
---
Narrated by TYPE III AUDIO.