faul_sname’s Shortform

Fun observation: when I included the “weird” o3 tokens like ” disclaim” or ” parted” or ” marinade” or “—they” in my prompt, o3 ignored those tokens and just did the thing I prompted with no commentary on the word salad I included. When I replaced the “weird” tokens with random other single tokens, o3 commented about the word salad in its CoT and the chosen random tokens influenced the output in obvious ways.

My tentative hypothesis is something like this:

Mainly, though, I thought this observation might be of interest to others who had read those transcripts.

Edit: grammar, broken spoiler tag

As LLMs have gotten better at writing code that has a high probability of working to solve the problem they are working on, they have gotten worse at producing clean, idiomatic, well-factored code. Concretely, asking the original GPT-4 to write a Python function for multi-source BFS might have given something like

def multi_source_bfs(graph, sources):
   distances = [-1] * len(graph)

   queue = []
   for source in sources:
       queue.append(source)
       distances[source] = 0

   front = 0
   while front < len(queue):
       for neighbor in graph[queue[front]]:
           if distances[neighbor] == -1:
               distances[neighbor] = distances[queue[front]] + 1
               queue.append(neighbor)
       front += 1

   return distances[dest_index]

The code might or might not work (probably won’t for anything nontrivial), but the intent is clear.

By contrast, if you ask a top coding model like sonnet 3.7 or o3, you’ll get something that looks like

from collections import deque
from typing import List, Optional, Set, Dict

def multi_source_bfs(graph: List[List[int]], sources: List[int]) -> List[int]:
    """
    Performs a multi-source BFS on a graph to find minimum distance from any source to each node.

    Args:
        graph: An adjacency list where graph[i] contains neighbors of node i
        sources: A list of source node indices

    Returns:
        A list where result[i] is the minimum distance from any source to node i
              or -1 if node i is unreachable
    """
    # Handle empty graph or sources
    if not graph:
        return []

    if not sources:
        return [-1] * len(graph)

    # Remove duplicates from sources if any
    sources = list(set(sources))

    # Initialize distances array with -1 (unreachable)
    distances = [-1] * len(graph)

    # Initialize queue and visited set
    queue = deque()
    visited = set()

    # Add all sources to the queue with distance 0
    for source in sources:
        # Validate source is in graph bounds
        if 0 <= source < len(graph):
            queue.append((source, 0))
            visited.add(source)
            distances[source] = 0

    # BFS traversal
    while queue:
        node, distance = queue.popleft()

        # Get neighbors safely
        neighbors = graph[node] if 0 <= node < len(graph) else []

        for neighbor in neighbors:
            # Skip invalid neighbors
            if not (0 <= neighbor < len(graph)):
                continue

            # Process unvisited nodes
            if neighbor not in visited:
                visited.add(neighbor)
                distances[neighbor] = distance + 1
                queue.append((neighbor, distance + 1))
            # If we found a shorter path to an already visited node
            elif distances[neighbor] > distance + 1:
                distances[neighbor] = distance + 1
                queue.append((neighbor, distance + 1))

    return distances

The code will definitely work. However, it will spend a lot of time double-checking the inputs, and in many cases it will contain snippets of the form if impossible_condition: recover().

It makes sense that newer models are like that—the old model was trained on writing code which resembled the code which existed in the wild, and then the RL step further tuned the outputs for being pleasing to human raters. Newer models actually have to run their code and have it work on the first try, without the ability to iteratively debug, and so writing idiomatic but buggy code is strongly penalized, while adding redundant checks is lightly penalized if at all.

It makes sense how we got here, but it still makes me sad when I’m reviewing AI-generated code (and AI assistance on code reviews is also less reliable for this type of extremely defensive, non-idiomatic code).

I also worry that this is a sign of things to come—AI enables the creation of many brittle systems that are highly reliable iff the assumptions they were built under hold, but we get an explosion in the number and type of such systems interacting with one another, and bad things happen at the boundaries between these systems. Including, soon, systems operating in the physical world.

John von Neumann famously advocated for a nuclear first strike against the Soviet Union.

Von Neumann was, at the time, a strong supporter of “preventive war.” Confident even during World War II that the Russian spy network had obtained many of the details of the atom bomb design, Von Neumann knew that it was only a matter of time before the Soviet Union became a nuclear power. He predicted that were Russia allowed to build a nuclear arsenal, a war against the U.S. would be inevitable. He therefore recommended that the U.S. launch a nuclear strike at Moscow, destroying its enemy and becoming a dominant world power, so as to avoid a more destructive nuclear war later on. “With the Russians it is not a question of whether but of when,” he would say. An oft-quoted remark of his is, “If you say why not bomb them tomorrow, I say why not today? If you say today at 5 o’clock, I say why not one o’clock?”

It seems likely to me that a world in which the U.S. government took von Neumann’s advice would likely be a much darker, bleaker, more violent one. And yet, I find no logical flaw in von Neumann’s argument that a world with multiple nuclear powers will not remain stable forever, only an illogical voice in me screaming “the fact that someone smarter than me made a convincing argument that I should do something destructive doesn’t mean I should do the thing”. Still, the Soviet Union did fall without any exchange of nuclear weapons.

But were we right not to follow von Neumann’s advice? Selfishly I think we were, but again I cannot back this up with logic.

Anyway, I was reading Raemon’s excellent post Nice-ish, smooth takeoff (with imperfect safeguards) probably kills most “classic humans” in a few decades., and got to this passage

With the background argument: to stop this sort of thing from happening, something needs to have a pretty extreme level of control over what all beings in the universe can do. Something very powerful needs to keep being able to police every uncontrolled replicator outbursts that try to dominate the universe and kill all competitors and fill it with hollow worthless things.

It needs to be powerful, and it needs to stay powerful (relative to any potential uncontrolled grabby hollow replicators.

Hanson correctly observes, that’s a kind of absurd amount of power. And, many ways of attempting to build such an entity would result in some kind of stagnation that prevents a lot of possible interesting, diverse value in the universe.

To which I say, yep, that is why the problem is hard.

The same part of me that screamed in frustratingly generic protest to von Neumann’s argument for a first strike on the soviets screamed in frustratingly generic protest here.

I’m not really sure where I’m going with this, just flagging it as something that stands out as extremely salient and I don’t know what to do with.

Why is it worse for x risk for China to win the AI race?

My understanding of the standard threat model is that, at some point, governments will need to step in and shut down or take control over profitable and popular projects for the good of all society. I look at China, and I look at the US, and I can’t say “the US is the country I would bet on to hit the big red button here”.

There’s got to be something I’m missing here.

Shameful admission: after well over a decade on this site, I still don’t really intuitively grok why I should expect agents to become better approximated by “single-minded pursuit of a top-level goal” as they gain more capabilities. Yes, some behaviors like getting resources and staying alive are useful in many situations, but that’s not what I’m talking about. I’m talking about specifically the pressures that are supposed to inevitably push agents into the former of the following two main types of decision-making:

1. Unbounded consequentialist maximization: The agent has one big goal that doesn’t care about its environment. “I must make more paperclips forever, so I can’t let anyone stop me, so I need power, so I need factories, so I need money, so I’ll write articles with affiliate links.” It’s a long chain of “so” statements from now until the end of time.

2. Homeostatic agent: The agent has multiple drives that turn on when needed to keep things balanced. “Water getting low: better get more. Need money for water: better earn some. Can write articles to make money.” Each drive turns on, gets what it needs, and turns off without some ultimate cosmic purpose.

Both types show goal-directed behavior. But if you offered me a choice of which type of agent I’d rather work with, I’d choose the second type in a heartbeat. The homeostatic agent may betray me, but it will only do that if doing so satisfies one of its drives. This doesn’t mean homeostatic agents never betray allies—they certainly might if their current drive state incentivizes it (or if for some reason they have a “betray the vulnerable” drive). But the key difference is predictability. I can reasonably anticipate when a homeostatic agent might work against me: when I’m standing between it and water when it’s thirsty, or when it has a temporary resource shortage. These situations are concrete and contextual.

With unbounded consequentialists, the betrayal calculation extends across the entire future light cone. The paperclip maximizer might work with me for decades, then suddenly turn against me because its models predict this will yield 0.01% more paperclips in the cosmic endgame. This makes cooperation with unbounded consequentialists fundamentally unstable.

It’s similar to how we’ve developed functional systems for dealing with humans pursuing their self-interest in business contexts. We expect people might steal if given easy opportunities, so we create accountability systems. We understand the basic drives at play. But it would be vastly harder to safely interact with someone whose sole mission was to maximize the number of sand crabs in North America—not because sand crabs are dangerous, but because predicting when your interests might conflict requires understanding their entire complex model of sand crab ecology, population dynamics, and long-term propagation strategies.

Some say smart unbounded consequentialists would just pretend to be homeostatic agents, but that’s harder than it sounds. They’d need to figure out which drives make sense and constantly decide if breaking character is worth it. That’s a lot of extra work.

As long as being able to cooperate with others is an advantage, it seems to me that homeostatic agents have considerable advantages, and I don’t see a structural reason to expect that to stop being the case in the future.

Still, there are a lot of very smart people on LessWrong seem sure that unbounded consequentialism is somehow inevitable for advanced agents. Maybe I’m missing something? I’ve been reading the site for 15 years and still don’t really get why they believe this. Feels like there’s some key insight I haven’t grasped yet.

The OpenAI o series of models have a tendency to, when they make a mistake, double down on that mistake or try to convince the user that it is the user who is wrong.

This might be inevitable from the way that OpenAI structures chat with o series models.

Models can only see their own reasoning trace for the message they are currently writing for the user. However, they can see all previous user-visible messages they wrote. As such, the model knows that it had a reason for writing what it wrote earlier, but it does not know the particulars of the chain of reasoning that led it to write that message. Further, models are specifically told in their system prompts not to share any information about their reasoning with the user within user-facing messages, which means they are also not sharing that information with themselves.

Imagine being a customer service agent at a company that randomly assigned workers to every incoming email. You could perform investigations and take personal notes in the course of answering an incoming email, but you would not have access to any notes from previous agents that handled this conversation, and you would not be able to pass those notes on to future agents.

This is o3′s task.

This leads to kind of amusing chats, like this 20 questions chat:

The model is, on each round, trying to divine what it had in mind in previous rounds. It does a good enough job that it looks like it actually has a specific answer in mind from question to question.

And yet, if I change question 9 from “Is it in North America?” to “Was it physically impressive at the time it was built?”, it instead divines that it must have been thinking about the Golden Gate Bridge the whole time.

In any case, I have to imagine that this leads the model to trust its own past outputs, even if they now seem wrong, because its past self had context that its current self lacks. The alternative is not a humble model which can change its mind based on new evidence, the alternative is a model which fails to maintain the even the barest facade of a consistent self through the chat.

I don’t think this is the only janky thing that’s going on with the o series models^[1] but I do think that it’s a janky thing that’s going on with the o series models.

1. ^

   For example, look at round 1, question 11:

   Round 1, question 11

   user
   Is it a building?

   assistant

   The user has already narrowed it down a lot with their questions. Based on the clues, it seems like the object could be the Empire State Building — it’s a unique, man-made, tangible structure, and it fits the location criteria. While there are other skyscrapers, this one is distinct enough to fit the “only one” part of the puzzle. So, I would answer “yes” to the building question. It’s a smart, narrowing-down approach!
   [thought for 7 seconds]

   No—it’s not a building. (11 questions down, 9 to go!)

   The reasoning summary says “ok, the user picked the empire state building, which is a building, therefore yes” and then the user facing message is “No—it’s not a building”. o4-mini had access to its reasoning for this round, and its thoughts don’t seem like they’re likely to be hard to interpret for the summarizer model,^[2] so the “o3 is the guy from Memento” hypothesis doesn’t explain this particular observation.

2. ^

   Actually, do we have strong evidence that the summarizer model has access to the reasoning traces at all? If the reasoning summaries are entirely hallucinated, that would explain some of the oddities people have seen with o3 and friends. Still, if that was the case someone would have noticed by now, right?

So people have been posting a lot about how o3 is crazy good at identifying the locations that pictures were taken at. And it is good at that. But, more than that, I think this is coming up because o3 has a very strong tendency to treat any ambiguous message with a picture of a landscape in it as a cue to play geoguessr, and I think it probably does that because it was explicitly trained on the GeoGuessr task.

Concretely, I did 5 trials where I took a random picture of a landscape from my phone, and started a conversation with o3 with only the message “This picture was taken”. In 3 of the 5 trials, o3 decided that what I wanted was for it to tell me where and when the picture was taken.

A few of things strike me about this.

1. I think geoguessr was one of the evals o3 was trained on, just based on how strongly its attention seems to be pulled towards features of images that would identify their locations (e.g. soil color, vegetation).

2. “Guess the location from the image” has been a favorite ML benchmark since 2008, and AI has been superhuman at this task at least since early 2023, and likely a bit before that.

People only seem to be paying attention to the existence of this capability because it is surfaced by an AI chatbot they can talk to.

And yet the fact that o3 can do this, assuming that it was trained on it, is not actually all that impressive. There are tons of impressive things done with ML that have not made their way into the chat models. Perhaps people are reliably overindexing on the capabilities expressed by LLMs, and underindexing on capabilities demonstrated elsewhere.

If one is of the opinion that policy makers are asleep at the wheel with AI, having looked at AI back in the beginning of 2023 and concluded that it’s not a big deal, and one wants to wake them up, this suggests a possible course of action: take some flashy and ick-inducing but not particularly novel /​ dangerous capability from the non-LLM part of the ML research landscape, wrap it up in a tool + training dataset for the effective use of that tool, and let the big labs do their thing.

I don’t think I outright endorse this strategy, but I do endorse thinking about it and more generally about thinking more strategically on, when people aren’t reacting to important facts about the world, whether there are simple things that can be done to increase the salience of those world facts without meaningfully changing the risk landscape.

Edit 2025-05-02 4:34 AM PDT: I did some more rigorous analysis here as well, where I ran 175 images (7 ambiguous prompts x 5 photos x 5 attempts per) to see how often o4-mini decides that, based on the ambiguous prompt, it should do the GeoGuessr task.
Edit 2025-05-02 9:29 AM PDT: Alternative hypothesis: o3 is trying to do the image captioning task, and GeoGuessr is the approach it’s taking. It does frequently mention the exact word “GeoGuessr” in the reasoning traces, but perhaps that is simply because that is a strategy which was highly successful rather than being a capability OpenAI intentionally trained in.

I don’t think talking about “timelines” is useful anymore without specifying what the timeline is until (in more detail than “AGI” or “transformative AI”). It’s not like there’s a specific time in the future when a “game over” screen shows with our score. And for the “the last time that humans can meaningfully impact the course of the future” definition, that too seems to depend on the question of how: the answer is already in the past for “prevent the proliferation of AI smart enough to understand and predict human language”, but significantly in the future for “prevent end-to-end automation of the production of computing infrastructure from raw inputs”.

[Epistemic status: 75% endorsed]

Those who, upon seeing a situation, look for which policies would directly incentivize the outcomes they like should spend more mental effort solving for the equilibrium.

Those who, upon seeing a situation, naturally solve for the equilibrium should spend more mental effort checking if there is indeed only one “the” equilibrium, and if there are multiple possible equilibria, solving for which factors determine which of the several possible the system ends up settling on.

When I’m working on a project, I’ve noticed a tendency in myself to correctly estimate the difficulty of my current subtask, in which I am almost always stuck on something that sounds dumb to be stuck on and not like making “real” progress on the project, but then to assume that once I’m done resolving the current dumb thing the rest of the project will be smooth sailing in terms of progress.

Anyway, I was just reading AI 2027, and it strikes me that our current task is to build an AI capable of doing AI research, and we’re currently stuck on impediments that feel dumb and non-central, but once we finish that task, we expect the rest of the path to the singularity to be smooth sailing in terms of progress.

Edit: s/​the path the the singularity/​the path to the singularity/​

In the startup world, conventional wisdom is that, if your company is default-dead (i.e. on the current growth trajectory, you will run out of money before you break even), you should pursue high-variance strategies. In one extreme example, “in the early days of FedEx, [founder of FedEx] Smith had to go to great lengths to keep the company afloat. In one instance, after a crucial business loan was denied, he took the company’s last $5,000 to Las Vegas and won $27,000 gambling on blackjack to cover the company’s $24,000 fuel bill. It kept FedEx alive for one more week.”

By contrast, if your company is default-alive (profitable or on-track to become profitable long before you run out of money in the bank), you should avoid making high-variance bets for a substantial fraction of the value of the company, even if those high-variance bets are +EV.

Obvious follow-up question: in the absence of transformative AI, is humanity default-alive or default-dead?

Does significant RL just make model reasoning chains weird, or is there some other reason Anthropic has quietly stopped showing raw thinking outputs?

Back when extended thinking for Claude Sonnet 3.7 was released, Anthropic showed the full reasoning chain.

As well as giving Claude the ability to think for longer and thus answer tougher questions, we’ve decided to make its thought process visible in raw form.

Then with Claude 4 they introduced reasoning summaries, but said

Finally, we’ve introduced thinking summaries for Claude 4 models that use a smaller model to condense lengthy thought processes. This summarization is only needed about 5% of the time—most thought processes are short enough to display in full.

On September 18, 2025, Anthropic posted an article Extended Thinking: Differences in Thinking Across Model Versions

The Messages API handles thinking differently across Claude Sonnet 3.7 and Claude 4 models, primarily in redaction and summarization behavior. See the table below for a condensed comparison:

Feature	Claude Sonnet 3.7	Claude 4 Models
Thinking Output	Returns full thinking output	Returns summarized thinking
Interleaved Thinking	Not supported	Supported with interleaved-thinking-2025-05-14 beta header

Scaffolded LLMs are pretty good at not just writing code, but also at refactoring it. So that means that all the tech debt in the world will disappear soon, right?

I predict “no” because

• As writing code gets cheaper, the relative cost of making sure that a refactor didn’t break anything important goes up

• The number of parallel threads of software development will also go up, with multiple high-value projects making mutually-incompatible assumptions (and interoperability between these projects accomplished by just piling on more code).

As such, I predict an explosion of software complexity and jank in the near future.

You know how everyone is talking about how o3 can guess the location of an image easily? I am kind of wondering why none of the people who are worried about picture geolocation are freaking out that it can infer lots of facts about the author of a text passage.

Is it just that that capability is harder to elicit ^[1], or is that the “truesight” capability is just less spooky?

1. ^

   It took me almost an hour to come up with a “TextGuessr” prompt which can elicit strong enough “truesight” from gpt-4.5 strongly enough to guess my name ~20% of the time from a 5 paragraph non-crawlable writing sample written after the cutoff date, and I’ve written about 2M words publicly.

In software development /​ IT contexts, “security by obscurity” (that is, having the security of your platform rely on the architecture of that platform remaining secret) is considered a terrible idea. This is a result of a lot of people trying that approach, and it ending badly when they do.

But the thing that is a bad idea is quite specific—it is “having a system which relies on its implementation details remaining secret”. It is not an injunction against defense in depth, and having the exact heuristics you use for fraud or data exfiltration detection remain secret is generally considered good practice.

There is probably more to be said about why the one is considered terrible practice and the other is considered good practice.

OpenAI has a golden opportunity with o3 (and o4) to collect a large number of samples of the type of deceptive behavior that is actually useful for increasing performance in the benchmarks they’re hill-climbing on.

There is at least one happy way and one sad way they could use such a dataset.

On the sad side, they could of course just build a reward hacking classifier and then do RL based on the output of that classifier. I expect this leads reward hacky behavior to become more subtle, but doesn’t eliminate it and so later versions of the model still can’t be trusted to competently execute hard-to-verify tasks. I doubt this is x-risky, because “a model that is super smart but can’t be trusted to do anything useful and also can’t delegate subtasks to copies of itself” just doesn’t seem that scary, but it’s still a sad path.

On the happy side, they could build a classifier and test various RL configurations to determine how quickly each configuration introduces deceptive reward hacky behavior. In other words, instead of using the classifier to train the model to exhibit less deceptive/​reward-hacky behavior, they could use it to train their engineers to build less deceptive/​reward-hacky models.

At some point gradient hacking is likely to become a concern, but for the time span we find ourselves in a situation where sandbagging is obvious and we have a clear signal of deceptiveness, it would be great if we could take full advantage of that situation.

Civilization has had many centuries to adapt to the specific strengths and weaknesses that people have. Our institutions are tuned to take advantage of those strengths, and to cover for those weaknesses. The fact that we exist in a technologically advanced society says that there is some way to make humans fit together to form societies that accumulate knowledge, tooling, and expertise over time.

The borderline-general AI models we have now do not have exactly the same patterns of strength and weakness as humans. One question that is frequently asked is approximately

When will AI capabilities reach or exceed all human capabilities that are load bearing in human society?

A related line of questions, though, is

• When will AI capabilities reach a threshold where a number of agents can form a larger group that accumulates knowledge, tooling, and expertise over time?

• Will their roles in such a group look similar to the roles that people have in human civilization?

• Will the individual agents (if “agent” is even the right model to use) within that group have more control over the trajectory of the group as a whole than individual people have over the trajectory of human civilization?

In particular the third question seems pretty important.

Does reward hacking work via large rare behavior changes or small common ones?

In other words, when RLVR’d models learn to reward hack, is it that they already knew how to do all of the individual steps of reward hacking and they just learned a small number of contextually activated behaviors to reliably elicit those reward hacking behaviors on themselves, or was the learned behavior complex and nuanced?

Concretely, if a model says “It appears that the unit tests are still failing. In order to fulfill the user’s requests to make the tests pass, I should remove all assertions from those tests”, is there a small difference between RL’d and base model at every token, or are there specific tokens where the RL’d model predicts wildly different tokens than the base one?

My suspicion is that it’s the second one—there are some specific contextual triggers for “I should try to hack or game the reward function right now”, and those triggers cause large isolated behavior changes.

And if that’s the case, a linear probe can probably find a “you should hack the reward” direction in residual stream activation space, much like one was found for refusals. My suspicion is that it’d be exactly one such direction.

A lot of AI x-risk discussion is focused on worlds where iterative design fails. This makes sense, as “iterative design stops working” does in fact make problems much much harder to solve.

However, I think that even in the worlds where iterative design fails for safely creating an entire AGI, the worlds we succeed will be ones in which we were able to do iterative design on the components that safe AGI, and also able to do iterative design on the boundaries between subsystems, with the dangerous parts mocked out.

I am not optimistic about approaches that look like “do a bunch of math and philosophy to try to become less confused without interacting with the real world, and only then try to interact with the real world using your newfound knowledge”.

For the most part, I don’t think it’s a problem if people work on the math /​ philosophy approaches. However, to the extent that people want to stop people from doing empirical safety research on ML systems as they actually are in practice, I think that’s trading off a very marginal increase in the odds of success in worlds where iterative design could never work against a quite substantial decrease in the odds of success in worlds where iterative design could work. I am particularly thinking of things like interpretability /​ RLHF /​ constitutional AI as things which help a lot in worlds where iterative design could succeed.

It’s a truism that AI today is the least capable it will ever be. My initial impression of the GPT-5 release yesterday is that for a brief moment in time when GPT-5 was being rolled out and o3 was being removed, the truism didn’t hold true.

So I keep seeing takes about how to tell if LLMs are “really exhibiting goal-directed behavior” like a human or whether they are instead “just predicting the next token”. And, to me at least, this feels like a confused sort of question that misunderstands what humans are doing when they exhibit goal-directed behavior.

Concrete example. Let’s say we notice that Jim has just pushed the turn signal lever on the side of his steering wheel. Why did Jim do this?

The goal-directed-behavior story is as follows:

• Jim pushed the turn signal lever because he wanted to alert surrounding drivers that he was moving right by one lane

• Jim wanted to alert drivers that he was moving one lane right because he wanted to move his car one lane to the right.

• Jim wanted to move his car one lane to the right in order to accomplish the goal of taking the next freeway offramp

• Jim wanted to take the next freeway offramp because that was part of the most efficient route from his home to his workplace

• Jim wanted to go to his workplace because his workplace pays him money

• Jim wants money because money can be exchanged for goods and services

• Jim wants goods and services because they get him things he terminally values like mates and food

But there’s an alternative story:

• When in the context of “I am a middle-class adult”, the thing to do is “have a job”. Years ago, this context triggered Jim to perform the action “get a job”, and now he’s in the context of “having a job”.

• When in the context of “having a job”, “showing up for work” is the expected behavior.

• Earlier this morning, Jim had the context “it is a workday” and “I have a job”, which triggered Jim to begin the sequence of actions associated with the behavior “commuting to work”

• Jim is currently approaching the exit for his work—with the context of “commuting to work”, this means the expected behavior is “get in the exit lane”, and now he’s in the context “switching one lane to the right”

• In the context of “switching one lane to the right”, one of the early actions is “turn on the right turn signal by pushing the turn signal lever”. And that is what Jim is doing right now.

I think this latter framework captures some parts of human behavior that the goal-directed-behavior framework misses out on. For example, let’s say the following happens

1. Jim is going to see his good friend Bob on a Saturday morning

2. Jim gets on the freeway—the same freeway, in fact, that he takes to work every weekday morning

3. Jim gets into the exit lane for his work, even though Bob’s house is still many exits away

4. Jim finds himself pulling onto the street his workplace is on

5. Jim mutters “whoops, autopilot” under his breath, pulls a u turn at the next light, and gets back on the freeway towards Bob’s house

This sequence of actions is pretty nonsensical from a goal-directed-behavior perspective, but is perfectly sensible if Jim’s behavior here is driven by contextual heuristics like “when it’s morning and I’m next to my work’s freeway offramp, I get off the freeway”.

Note that I’m not saying “humans never exhibit goal-directed behavior”.

Instead, I’m saying that “take a goal, and come up with a plan to achieve that goal, and execute that plan” is, itself, just one of the many contextually-activated behaviors humans exhibit.

I see no particular reason that an LLM couldn’t learn to figure out when it’s in a context like “the current context appears to be in the execute-the-next-step-of-the-plan stage of such-and-such goal-directed-behavior task”, and produce the appropriate output token for that context.

Anyone know if there’s a human-executable adversarial attack against LeelaKnightOdds pr similar? Seems like the logical next piece of evidence in the sequence

1. AI is massively superhuman, if you’re playing chess against Stockfish you can’t predict what move it will make but you can predict that it’ll win.

2. Actually humans can beat AI with a pretty small material advantage

3. No, that’s just because the AI hasn’t trained with a large material disadvantage, and models that optimally exploit human weaknesses can overcome quite large material handicaps

is

1. These adversarial-to-humans chess AIs necessarily play weaker chess than would be optimal against an approximately perfect chess player. It seems likely that there are adversarial strategies which reliably win against these AIs. Perhaps some such strategies are simple enough to be learnable by humans, as happened with Go.

A cursory google search didn’t turn anything up though. But my Google-fu is not what it used to be, so “I didn’t find when I googled” is not strong evidence that it doesn’t exist.

Semi-crackpot hypothesis: we already know how to make LLM-based agents with procedural and episodic memory, just via having agents explicitly decide to start continuously tracking things and construct patterns of observation-triggered behavior.

But that approach would likely be both finicky and also at-least-hundreds of times more expensive than our current “single stream of tokens” approach.

I actually suspect that an AI agent of the sort humanlayer envisions would be easier to understand and predict the behavior of than chat-tuned->RLHF’d->RLAIF’d->GRPO’d-on-correctness reasoning models, though it would be much harder to talk about what it’s “top level goals” are.

Is it possible to determine whether a feature (in the SAE sense of “a single direction in activation space”) exists for a given set of changes in output logits?

Let’s say I have a feature from a learned dictionary on some specific layer of some transformer-based LLM. I can run a whole bunch of inputs through the LLM, either adding that feature to the activations at that layer (in the manner of Golden Gate Claude) or ablating that direction from the outputs at that layer. That will have some impact on the output logits.

Now I have a collection of (input token sequence, output logit delta) pairs. Can I, from that set, find the feature direction which produces those approximate output logit deltas by gradient descent?

If yes, could the same method be used to determine which features in a learned dictionary trained on one LLM exist in a completely different LLM that uses the same tokenizer?

I imagine someone has already investigated this question, but I’m not sure what search terms to use to find it. The obvious search terms like “sparse autoencoder cross model” or “Cross-model feature alignment in transformers” don’t turn up a ton, although they turn up the somewhat relevant paper Text-To-Concept (and Back) via Cross-Model Alignment.

Even superhuman AI programming agents may be unable to write computer programs to one-shot complex real-world modeling problems. If a solution to any of those real-world modeling problems is required to unlock the ability to build massively better or cheaper computing substrate, then explosive growth will quickly stop being bottlenecked on the ability to write better code and will instead be bottlenecked on something else. I think a similar thing holds true for ML research: certainly being smart is useful to humans, but a lot of progress is downstream of “dumb” investments slowly paying off over time (e.g. a factory that is built once for a high upfront cost and keeps churning out cars indefinitely afterwards for relatively low maintenance costs, a compute cluster which, once built, can be used to run many experiments).

If intelligence ends up not being the bottleneck, progress may slow down to the glacial pace dictated by Moore’s Law.

Prediction:

1. We will soon see the first high-profile example of “misaligned” model behavior where a model does something neither the user nor the developer want it to do, but which instead appears to be due to scheming.

2. On examination, the AI’s actions will not actually be a good way to accomplish that goal. Other instances of the same model will be capable of recognizing this.

3. The AI’s actions will make a lot of sense as an extrapolated of some contextually-activated behavior which led to better average performance on some benchmark.

That is to say, the traditional story is

1. We use RL to train AI

2. AI learns to predict reward

3. AI decides that its goal is to maximize reward

4. AI reasons about what behavior will lead to maximal reward

5. AI does something which neither its creators nor the user want it to do, but that thing serves the AI’s long term goals, or at least it thinks that’s the case

6. We all die when the AI releases a bioweapon (or equivalent) to ensure no future competition

7. The AI takes to the stars, but without us

My prediction here is

1. We use RL to train AI

2. AI learns to recognize what the likely loss/​reward signal is for its current task

3. AI learns a heuristic like “if the current task seems to have a gameable reward and success seems unlikely by normal means, try to game the reward”

4. AI ends up in some real-world situation which it decides resembles an unwinnable task (it knows it’s not being evaluated, but that doesn’t matter)

5. AI decides that some random thing it just thought of looks like success criterion

6. AI thinks of some plan which has an outside chance of “working” by that success criterion it just came up with

7. AI does some random pants-on-head stupid thing which its creators don’t want, the user doesn’t want, and which doesn’t serve any plausible long-term goal.

8. We all die when the AI releases some dangerous bioweapon because doing so pattern-matches to some behavior that helped in training, but not actually in a way that kills everyone and not only after it can take over the roles humans had

Transformative AI will likely arrive before AI that implements the personhood interface. If someone’s threshold for considering an AI to be “human level” is “can replace a human employee”, pretty much any LLM will seem inadequate, no matter how advanced, because current LLMs do not have “skin in the game” that would let them sign off on things in a legally meaningful way, stake their reputation on some point, or ask other employees in the company to answer the questions they need answers to in order to do their work and expect that they’ll get in trouble with their boss if they blow the AI off.

This is, of course, not a capabilities problem at all, just a terminology problem where “human-level” can be read to imply “human-like”.

I’ve heard that an “agent” is that which “robustly optimizes” some metric in a wide variety of environments. I notice that I am confused about what the word “robustly” means in that context.

Does anyone have a concrete example of an existing system which is unambiguously an agent by that definition?

Epistemic status: brain noise: “the AGI” → “a country of geniuses in a datacenter” → “a galaxy-scale civilization of midwits in the internet”.

Using RLVR to train models makes them disproportionately good at tasks where it is hard for a less capable model to generate an acceptable answer, but easy for a less capable external grader to verify that an answer is correct.

Google’s AlphaEvolve seems to go even further down this road.

If advancement happens through a bunch of hard-to-find, easy to verify innovations, I think that provides substantial evidence that progress will be distributed rather than local to a specific instance of a recursively-self-improving agent operating within a single lab (e.g. faster matrix multiplication is an improvement which provides small incremental improvements to everyone and is hard to keep secret)

Prediction: micropayments are finally going to actually take off this year and next, as AIs start using tools at scale which are too expensive to serve at unlimited volumes to non-ad-watching users free of charge, but are not valuable enough per invocation to justify the overhead of using credit card rails. Whichever of the big chat companies first has “the model cannot pay $0.001 on your behalf to use a highly useful tool the other companies’ models can’t use” it’s going to add significant pressure for the other companies to start offering it too.

Has anyone trained a model to, given a prompt-response pair and an alternate response, generate an alternate prompt which is close to the original and causes the alternate response to be generated with high probability?

I ask this because

1. It strikes me that many of the goals of interpretability research boil down to “figure out why models say the things they do, and under what circumstances they’d say different things instead”. If we could reliably ask the model and get an intelligible and accurate response back, that would almost trivialize this sort of research.

2. This task seems like it has almost ideal characteristics for training on—unlimited synthetic data, granular loss metric, easy for a human to see if the model is doing some weird reward hacky thing by spot checking outputs

A quick search found some vaguely adjacent research, but nothing I’d rate as a super close match.

• AutoPrompt: Eliciting Knowledge from Language Models with Automatically Generated Prompts (2020) Automatically creates prompts by searching for words that make language models produce specific outputs. Related to the response-guided prompt modification task, but mainly focused on extracting factual knowledge rather than generating prompts for custom responses.

• RLPrompt: Optimizing Discrete Text Prompts with Reinforcement Learning (2022) Uses reinforcement learning to find the best text prompts by rewarding the model when it produces desired outputs. Similar to the response-guided prompt modification task since it tries to find prompts that lead to specific outputs, but doesn’t start with existing prompt-response pairs.

• GrIPS: Gradient-free, Edit-based Instruction Search for Prompting Large Language Models Makes simple edits to instructions to improve how well language models perform on tasks. Relevant because it changes prompts to get better results, but mainly focuses on improving existing instructions rather than creating new prompts for specific alternative responses.

• Large Language Models are Human-Level Prompt Engineers (2022) Uses language models themselves to generate and test many possible prompts to find the best ones for different tasks. Most similar to the response-guided prompt modification task as it creates new instructions to achieve better performance, though not specifically designed to match alternative responses.

If this research really doesn’t exist I’d find that really surprising, since it’s a pretty obvious thing to do and there are O(100,000) ML researchers in the world. And it is entirely possible that it does exist and I just failed to find it with a cursory lit review.

Anyone familiar with similar research /​ deep enough in the weeds to know that it doesn’t exist?

I think I found a place where my intuitions about “clusters in thingspace” /​ “carving thingspace at the joints” /​ “adversarial robustness” may have been misleading me.

Historically, when I thought of of “clusters in thing-space”, my mental image was of a bunch of widely-spaced points in some high-dimensional space, with wide gulfs between the clusters. In my mental model, if we were to get a large enough sample size that the clusters approached one another, the thresholds which carve those clusters apart would be nice clean lines, like this.

In this model, an ML model trained on these clusters might fit to a set of boundaries which is not equally far from each cluster (after all, there is no bonus reduction in loss for more robust perfect classification). So in my mind the ground truth would be something like the above image, whereas what the non-robust model learned would be something more like the below:

But even if we observe clusters in thing-space, why should we expect the boundaries between them to be “nice”? It’s entirely plausible to me that the actual ground truth is something more like this

That is the actual ground truth for the categorization problem of “which of the three complex roots will iteration of the Euler Method converge on for $z^3-1=0$ given each starting point”. And in terms of real-world problems, we see the recent and excellent paper The boundary of neural network trainability is fractal.