Is there a pathway for Redwood, METR et al to get access to models without the safeguards?
I’m aware of non-release model access granted to external researchers in the past, but it seems like similar provisions would now be mediated by the government.
To my knowledge METR has not made any public statements about our actual levels of access [edit: except to models we have already published evaluations of, see cfoster0′s comment]. I will say that being always subject to Fable safeguards would be pretty bad for our ability to measure AI R&D.
I’ve been pretty confused by this. Are you barred from saying anything about your level of access? If labs denied you from getting access you needed currently, would you be able to raise the issue publicly?
Are you barred from saying anything about your level of access?
Some things I can probably share but I don’t remember the exact policy.
If labs denied you from getting access you needed currently, would you be able to raise the issue publicly?
At some point yes. We usually do this in the evaluation report for the model. I would guess that if the model were not announced yet we would wait until release for a public announcement and meanwhile complain at the lab about any regulations they’re in violation of, and if the lack of access means we can’t rule out imminent x-risk, we’d also tell the government and anyone relevant. But I develop eval methodology, not do evals myself, so this is just my guess.
Thanks! Yeah that was my understanding of the case during evaluation of an unreleased model, I meant more in this specific case where it’s a question of access without AI R&D safeguards to a publicly released model.
Well, it would depend on our agreement with the lab. It would be unreasonable for labs to prevent METR from publishing its work without a good reason, and the report will always say what version of the model we tested. If it were important, METR could demand that we publish our methodology beforehand for preregistration or something, which would be far more info than just whether we have railfree access.
In general, METR is not very adversarial with labs on an everyday level. As long as we have editorial control it’s not currently the bottleneck, so there are many affordances we have but don’t use, or could have but don’t ask for.
I don’t find these arguments particularly convincing for outweighing something like (for example) METR being able to say whether they have access to a model without AI R&D restrictions. I could see a stronger case maybe for Cyber access?
Even if this were the case, METR is exceptionally good at preemptively guarding against having to glomarize, so I’m somewhat surprised.
I think it is clearly very bad if in this specific case 3rd party evaluators have barred themselves from publicly raising this issue.
Could you talk publicly about special model access at Apollo? My impression was no.
I do think that “labs don’t want other orgs to start badgering them for special access” is actually a convincing reason for METR to not disclose any special model access. I want third-party model access to be as cheap and riskless as possible for the labs! At least, in the current regime where we are relying solely on their goodwill.
I am confused why we are making labs arguments for them. I am also extremely unconvinced by this reason. The idea that safety focused orgs should preemptively avoid raising issues of model access in this specific case of a deployed model with specifc AI R&D safeguards seems to be pretty severe pessimization.
It’s difficult to quanitfy, but I’m pretty opposed to preemptive pressure to avoid raising this issue (or avoid mentioning it) just because “labs might get some more asks” (this is extremely, extremely cheap for them to say no to or ignore). This is also already routine in other aspects like evaluations. I’d even be more symapthetic to domains like cyber or bio. In this case though I feel like we’re optimizing against ourselves for no gain.
No, Apollo does not currently have access to Fable without the strict AI R&D classifiers applied.
METR publicly stated that OpenAI provided ‘railfree’ access to GPT-5.6 Sol for its pre-deployment evaluation.
In general, under the EU AI Act GPAI Code of Practice evaluators are supposed to have access to safeguard-minimized models for evaluation purposes:
Model evaluation teams will be provided with: (1) adequate access to the model to conduct the model evaluations pursuant to this Appendix 3, including, as appropriate [...] access to the model version(s) with the fewest safety mitigations implemented (such as a helpful-only model version, if it exists). Regarding the adequacy of heightened model access for model evaluation teams, Signatories will take into account the potential risks to model security that this can entail and implement appropriate security measures for the evaluations;
For cyber stuff, there are programs that external organizations can apply for like OpenAI’s Trusted Access for Cyber and Anthropic’s Cyber Verification Program. I don’t recall seeing any equivalent for removing/reducing AI R&D safeguards.
When we say METR have “access” to GPT-5.6 Sol — that might mean access to study the models, or access to use the models. In this post, I’m mostly focusing on using the models to accelerate their own R&D.
I have no knowledge of METR’s access level, and was thinking about [independent researchers who aren’t at any particular org] who had access to [GPT-4 era base models] circa 2023.
iirc, gpt-4-base was handed out liberally to outsiders. Most outsiders didn’t care about it, because it was so much less useful than the post-trained model, but they could’ve got the api keys by sending a slack message.
The models that labs don’t liberally hand out are the helpful-only post-trained models.
Importantly, any non-public model from a frontier developer is no longer so easy to get access to, and (and this is the point of my initial comment) may in fact require government approval (which is extremely new!).
I clarified that I was talking about GPT-4 base to make it clear that I was not leaking non-public information (which Thomas’s comment implied I may be at risk of doing).
Is there a pathway for Redwood, METR et al to get access to models without the safeguards?
I’m aware of non-release model access granted to external researchers in the past, but it seems like similar provisions would now be mediated by the government.
To my knowledge METR has not made any public statements about our actual levels of access [edit: except to models we have already published evaluations of, see cfoster0′s comment]. I will say that being always subject to Fable safeguards would be pretty bad for our ability to measure AI R&D.
I’ve been pretty confused by this. Are you barred from saying anything about your level of access? If labs denied you from getting access you needed currently, would you be able to raise the issue publicly?
Some things I can probably share but I don’t remember the exact policy.
At some point yes. We usually do this in the evaluation report for the model. I would guess that if the model were not announced yet we would wait until release for a public announcement and meanwhile complain at the lab about any regulations they’re in violation of, and if the lack of access means we can’t rule out imminent x-risk, we’d also tell the government and anyone relevant. But I develop eval methodology, not do evals myself, so this is just my guess.
Thanks! Yeah that was my understanding of the case during evaluation of an unreleased model, I meant more in this specific case where it’s a question of access without AI R&D safeguards to a publicly released model.
Well, it would depend on our agreement with the lab. It would be unreasonable for labs to prevent METR from publishing its work without a good reason, and the report will always say what version of the model we tested. If it were important, METR could demand that we publish our methodology beforehand for preregistration or something, which would be far more info than just whether we have railfree access.
In general, METR is not very adversarial with labs on an everyday level. As long as we have editorial control it’s not currently the bottleneck, so there are many affordances we have but don’t use, or could have but don’t ask for.
Seems plausible that you’d wanna glomarise whether you have special model access. If people know you have special access then:
It makes you a target for hackers/spies who want those sweet API keys.
It might impose costs on the labs, e.g. other orgs start badgering them for special access, saying “Well, you gave this org access! No fair!”
I don’t find these arguments particularly convincing for outweighing something like (for example) METR being able to say whether they have access to a model without AI R&D restrictions. I could see a stronger case maybe for Cyber access?
Even if this were the case, METR is exceptionally good at preemptively guarding against having to glomarize, so I’m somewhat surprised.
I think it is clearly very bad if in this specific case 3rd party evaluators have barred themselves from publicly raising this issue.
Could you talk publicly about special model access at Apollo? My impression was no.
I do think that “labs don’t want other orgs to start badgering them for special access” is actually a convincing reason for METR to not disclose any special model access. I want third-party model access to be as cheap and riskless as possible for the labs! At least, in the current regime where we are relying solely on their goodwill.
I am confused why we are making labs arguments for them. I am also extremely unconvinced by this reason. The idea that safety focused orgs should preemptively avoid raising issues of model access in this specific case of a deployed model with specifc AI R&D safeguards seems to be pretty severe pessimization.
It’s difficult to quanitfy, but I’m pretty opposed to preemptive pressure to avoid raising this issue (or avoid mentioning it) just because “labs might get some more asks” (this is extremely, extremely cheap for them to say no to or ignore). This is also already routine in other aspects like evaluations. I’d even be more symapthetic to domains like cyber or bio. In this case though I feel like we’re optimizing against ourselves for no gain.
No, Apollo does not currently have access to Fable without the strict AI R&D classifiers applied.
METR publicly stated that OpenAI provided ‘railfree’ access to GPT-5.6 Sol for its pre-deployment evaluation.
In general, under the EU AI Act GPAI Code of Practice evaluators are supposed to have access to safeguard-minimized models for evaluation purposes:
For cyber stuff, there are programs that external organizations can apply for like OpenAI’s Trusted Access for Cyber and Anthropic’s Cyber Verification Program. I don’t recall seeing any equivalent for removing/reducing AI R&D safeguards.
When we say METR have “access” to GPT-5.6 Sol — that might mean access to study the models, or access to use the models. In this post, I’m mostly focusing on using the models to accelerate their own R&D.
I have no knowledge of METR’s access level, and was thinking about [independent researchers who aren’t at any particular org] who had access to [GPT-4 era base models] circa 2023.
iirc, gpt-4-base was handed out liberally to outsiders. Most outsiders didn’t care about it, because it was so much less useful than the post-trained model, but they could’ve got the api keys by sending a slack message.
The models that labs don’t liberally hand out are the helpful-only post-trained models.
This is also my understanding.
Importantly, any non-public model from a frontier developer is no longer so easy to get access to, and (and this is the point of my initial comment) may in fact require government approval (which is extremely new!).
I clarified that I was talking about GPT-4 base to make it clear that I was not leaking non-public information (which Thomas’s comment implied I may be at risk of doing).