Thomas Larsen’s Shortform

I think that people overrate bayesian reasoning and underrate “figure out the right ontology”.

Most of the way good thinking happens IMO is by finding and using a good ontology for thinking about some situation, not by probabilistic calculation. When I learned calculus, for example, it wasn’t mostly that I had uncertainty over a bunch of logical statements, which I then strongly updated on learning the new theorems, it was instead that I learned a bunch of new concepts, which I then applied to reason about the world.

I think AI safety generally has much better concepts for thinking about the future of AI than others, and this is a key source of alpha we have. But, there are obviously still a huge number of disagreements remaining within AI safety. I would guess that debates would be more productive if we more explicitly focused on the ontology/​framing that each other are using to reason about the situation, and then discussed to what extent that framing captures the dynamics we think are important.

I think it would be good if more people say things like “I think that’s a bad concept, because it obscures consideration X, which is important for thinking about the situation”.

Here are some widely used concepts I think are bad and I wish became less load bearing in AI safety discourse:

• “Fast” and “slow” takeoff; takeoff speeds in general. I think these concepts are very unclear and not super natural. There are various operationalizations of these (e.g. Paul’s “slow takeoff” = a gdp doubling over the course of the 4 years before the first single year that gdp doubles). This is obviously arbitrary, and I don’t see why world’s that meet this definition are worthwhile reasoning about separately from worlds that don’t meet this definition. I also think its easy to smuggle in lots of other correlations here, like slow takeoff = people are woken up, or slow takeoff = alignment is much easier, etc.

  • I feel more excited about talking about things like “I think milestone X will happen at date Y”, or “My median is that milestone X and Z are Y time apart”. For example, I think the concepts of automating coding, automating all AI research, automating ~the whole economy, and increasing earth’s energy output 1000x are all useful capability milestones, and it’s useful to talk about these.

• “scheming”. I think the definition of scheming is pretty unclear, and changes a bunch depending on the context.

  • Under some definitions I believe that the AIs are always going to be scheming, under others, it seems kind of narrow and unnatural.

  • I somewhat prefer the concepts from the “alignment over time” box in AI 2027.

• “gradual disempowerment”

  • I think that this conflates a bunch of scenarios /​ threat models together, some of which don’t make sense, some of which do make sense, but I don’t think that the solutions are very related.

  • Gradual disempowerment is often presented as not requiring any misalignment on behalf of the AIs. If there are AIs that are aligned with any human principals, we get a situation where, even without any coordination, AIs compete on behalf of their principals, and then give the principals whatever surplus they are able to produce.

  • Given that framing, we can now talk specific threat models. For example, maybe their is no surplus: warfare/​competition eats away all the additional resources, and space is consumed purely by the optimal self replicators. Alternatively, maybe the AIs weren’t actually acting in the interests of humanity. Finally, maybe the process of competing hard was existentially catastrophic early on, e.g., maybe it resulted in the oceans being boiled (and humans didn’t take appropriate countermeasures), resulting in extinction.

Note: I’m not saying that all concepts that I think are bad can be saved or crystallized into good concept, often the best idea is to just forget about the original concept and use better/​crisper concepts.

I should also maybe give some concepts I think are generally good: p(doom) from AI takeover, timelines, x-risk, s-risk, recursive self improvement, internal/​external deployment, AI control, AI alignment. I don’t think any of these concepts are fully crisp, all have somewhat important edge cases, but I think they are good enough abstractions to be very useful for thinking about the future.

Some meandering thoughts on alignment

A nearcast of how we might go about solving alignment using basic current techniques, assuming little/​no substnative government intervention is:

1. During the beginning of takeoff, we do control, attempting to prevent catastrophic actions (e.g. major rogue internal deployments (RIDs)), while trying to elict huge amounts of AI labour.

2. At some point, the value of scaling AI capabilities while trying to maintain control will be very low, because the main bottleneck on elictation of useful AI labour is human oversight. If you are pausing the AI all the time to wait for the humans to understand what the AIs are doing, it doesn’t help to make the AI smarter. At this point AI companies pause /​ slowdown as much as possible (e.g. unilaterally or via coordinating with other companies), but this isn’t for very long. During the pause, try to build an AI system that you would trust to manage the intelligence explosion.

3. Handoff to the AI system, i.e. allow the AI to manage the training run, conduct large, open ended experiments, etc, that humans cannot effectively oversee. The AIs should be corrigible and attempt to ensure that their successors are corrigibile, and still check in with humans as much as possible post-handoff, keep them informed about the situation. At this point, it’s correct to handoff to the AIs because the alternative—scaling to vastly superhuman AI without letting the human-slightly superhuman AIs do a huge amount of reserach—is even more dangerous.

My best guess (overly detailed story) for how this plan goes if you try to implement it in the real world is:

• High-stakes control basically works (during steps 1-2). We prevent AIs from doing major RIDs or subsantially subverting safety/​ human oversight.

• Elicitation will totally fail on open-ended, hard to check tasks such (like preparadigmatic agent foundations reserach, etc). We’ll get some useful work on the more prosaic agendas, e.g. misalignment analogies, control, making RL less hackable, etc.

• We’ll iterate towards a handoff MVP that looks reasonable. It’ll be much nicer-seeming that current models; it’ll have a better understanding of morality, what we mean by corrigibility, it’ll be more adversarially robust, etc. And, it won’t be deceptively aligned, i.e. during training, it won’t be thinking that it should act aligned in training in order to achieve long term power. But, it will be playing the training game to some extent, it’ll be thinking about the human oversight process, it’ll be very aware it’s in training for the vast majority of training because most RLVR envs will obviously be training envs, etc. Then the leading AI company will (hopefully deliberately) give up on control in order to let their AIs do more research.

After this, three things could happen:

1. The AIs actually manage the situation well. They aren’t perfectly aligned, but they are able to manage the situation with their successors. One way this might go is, for example, the human level AIs, which aren’t smart enough to make scalable alignment, do control, except way better than biological humans could do because they have dramatically more auditing capacity. Then, using the AIs they are controlling that are somewhat smarter than the best humans, they make vast progress on mech interp/​gofai/​agent foundations/​uploads/​ some other alignment approach.

2. The AIs were adversarially misaligned. As soon as the AIs became smart enough to subvert the control without the humans noticing, they did so successfully (and perhaps it also tried before and got caught, but alas, race dynamics and motivated reasoning led people to continue)

3. The AIs try to align their successors but fail. Probably the AIs will have extremely little time and be under huge time pressure from their leadership in order to continue the intelligence explosion. Under these circumstances, they might do motivated reasoning, they might be basically corrigible and following the instructions of the AI company. Also, one option in this category is that the AIs technically weren’t “adversarially misaligned” when you handed off to them, they genuinely were nice. But, the distribution shift of “now they can take over the world if they wanted to, and get way more thinking time, and know all of that, and the AIs get much smarter”, is enough to break the corrigibility of the orgiinal model. But it’s not really clear what the distinction is between the original model we handded off to and its successor, so I’m just including this as one category.

#3 seems like the most plausible outcome to me right now, but I don’t think 1 or 2 are implausible, conditional on the above nearcast, I’m something like 25/​25/​50% on 1/​2/​3 respectively. However, the failure probability from adversarial misalignment vs incompetence depends dramatically on when you handoff; earlier handoff leads to higher risk from incompetence → future misaligned AIs, while later leads to higher risk from misalignment, (and tbc, it’s not just that there’s a tradeoff here, it may be that there is nowhere we can handoff with current alignment techniques + progress generated between now and then).

Maybe the biggest missing piece for me, when people tell the above story for how this goes well, is the low-stakes /​ elicitation (even though I’m very compelled by the high-stakes /​ catastrophe prevention side of control in the human range). The main techniques that I know about for elictation are:

1. Just make the models generally more smart. This works great, until you get into the regime where the AIs are adversarially misaligned, and then they start sandbagging (intentionally give you garbage work). To mitigate the sandbaggin we’ll need another technique.

2. Train the models on labeled human data of good conceptual reasoning /​ research taste. We don’t have a ton of examples of this, it’s off policy, etc.

3. Use held-out examples of good human alignment reserach /​ open-ended, taste load bearing research as a validation set, and then iterate against that.

4. Something something debate

5. Humans sampling a small fraction of the research and looking into it in depth to validate. (a big worry with this is that for most research, especially paradigm shifting research, there are long serial chains of reasoning that are only understandable after a understanding the precursors, e.g., how basically any math textbook works. this makes me way more optimstic about elicitation on domains where humans can factor all the work into independent subcomponents, which seems much more true for things like “build uploads” than “solve alignment”.

Relatedly, a huge question in my mind is the extent to which we’ll need paradigm-shifting alignment research to prevent adversarial misalignment before the handoff capability threshold. I pretty strongly believe that we’ll need these techniques before superintelligence, but I don’t see a strong reason for it emerging at a particular location (though “IDK, probably somewhere in the human range” seems like a pretty good default guess). If adversarial misalignment emerges before handoff, the eliciation problem becomes more load bearing because the AIs wil probably be sandbagging/​sabotaging research. And if it isn’t mitigatable with prosaic techniques, you also need to elicit paradigm-shiting research work out of the AIs, which seems really tough.

Scheming seems like an unnatural concept to me. I think we can do better. (note: many/​most of these thoughts un-original to me)

• Scheming is typically used as a binary, i.e. “is the AI scheming”, whereas the typical human usage of the word scheming is much more continuous. It’s not very useful to group humans into “schemers” vs “non-schemers”; most people attempt to achieve goals to some extent, and sometimes this involves deceiving other people.

• Joe Carlsmith uses the following taxonomy to define scheming, i.e., a schemer is an AI which “plays the training game, without intrinsically caring about reward-on episode, in order to get power for itself or other AIs”. This definition entirely refers to what the training does in training, not evaluation or deployment, and seems very similar to “deceptive alignment”

• I think it’s plausible that AIs start misbehaving in the scary way during deployment, without “scheming” according to the Carlsmith definition. A central reason this might happen is because the AI was given longer to think during deployment during training, and put the pieces together about wanting to gain power, and hence wanting to explicitly subvert human oversight. Carlsmith’s definition of scheming seems to come pretty far away from the normal english meaning of the word schemer, which would prototypically include the above example.

I do think there is something important to talk about here, which scheming is trying to get at, which I’ll try to lay out here.

• It seems very important to distinguish the type of misalignment where the AI is deliberately thinking about and trying to undermine human oversight and safeguards, from all other types of misalignment, where the AI might happen to take misaligned actions without deliberately trying to obfuscate human understanding that they made a mistake.

• Unlike “schemers”, I think “insider threats” is a more crisp dividing line with humans. Most employees of most companies are kinda normal people doing their jobs without trying to subvert the overall goals of the company. Of course, there are constantly myopic power struggles between people in many companies that don’t serve the best interests of the company, and many employees do something “schemey” during corporate politics in order to get what they want to happen. But they don’t have a hidden long term objective that comes strongly apart from the interest of their employer, like literal spies would.

• • I think it’s unclear whether the standard use of scheming within the alignment community applies to myopic powerseeking of the type that managers in giant corporations do, whereas these people are not “insider threats” wrt the company, they just have some motivations which run at cross purposes, but aren’t systematically attempting to undermine it.

• I think this suggests a more crisp concept here to describe AIs, which I like to call “adversarial misalignment”, which is basically “are the AIs acting like insider threats or not?”. This is different from “misalignment” more broadly, because I would say that the current batch of models (e.g. Opus 4.6) are misaligned in a weaker sense, i.e. they aren’t consistently honest with me and they often don’t try as hard as I would like them to on many tasks, despite them being capable of succeeding on those tasks. I think in practice people use “scheming” along these lines in many cases.

• • Adversarial misalignment wouldn’t include myopic powerseeking during deployment that wasn’t in service of a long run goal, didn’t entail also sabotaging oversight, etc, and so in the human case, wouldn’t include normal employees doing some amount of corporate politics.

  • This concept is different from Carlsmith’s notion of scheming because it’s not primarily about training, it’s primarily about deployment, though it also seems quite correlated with AIs intentionally acting nice during training/​eval in order to get power later. I think we should call this (intentionally acting nice during training/​eval in order to get power later) “deceptive alignment”.
    
    

I think that the views of superforecasters on AI /​ AI risk should be basically no update.

It seems to me like the main reasons to defer to someone are:

1. They have a visibly good track record on the relevant domain. It has to be the literal domain, because people often have good views on their area of expertise, but crazy views elsewhere.

2. They are highly selected for having good beliefs in the domain. For example, if a mathematician tells me something that seems surprising about their area of expertise, I will tend to strongly believe them, despite not being able to evaluate their reasoning. The general reason for this is because mathematics is a verifiable domain, mathematicians are strongly selected for being correct about math. Other domains I’d basically defer to people in are historians about literal historical facts, physicists about well-established physics results, engineers about how cars work, etc. This consideration weakens as disciplines become less verifiable: I’m not very inclined to defer to philosophers, sociologists, psychologists, etc.

3. They make correct arguments about the domain (and very few incorrect arguments). If it’s the case that you can talk to someone and they can consistently make clear rock-solid arguments that change your mind regularly, it is justified to defer to them on bottom line conclusions, even if you can’t follow the arguments all the way through.

4. They are much smarter than you and are probably being honest. If someone (or, eventually, an AI) is clearly much smarter than you, and they are being honest (e.g. because they seem like an honest person), then you should probably defer to them substantially. (Of course, this isn’t even fully general, e.g. a few hundred years ago, many of the smartest people around were superstitious, which would have led you astray.)

Now I’ll go through and argue why these don’t apply.

1. I think the track record of superforecasters on AI looks quite bad. Superforecasters consistently massively under-estimate AI progress on benchmarks, see, e.g., here, here, here, and here. On open-ended forecasting competitions, e.g. AI 2025, the top people (who I recognized, which is biased) all seemed like AI risk domain area experts, not superforecasters (though I’m also not sure if any superforecasters participated). You might object that AI benchmarks don’t track real world impact, and that the real world impact was much lower. I would doubt that superforecasters would have made reasonable predictions of real world impact (such as revenue) over the last few years of AI progress, but I’m not aware of any systematic predictions made by superforecasters on real world impacts. Yes, superforecasters are often good at making geopolitical forecasts, but in practice this doesn’t seem to transfer well to the domain that I care about.

2. I think the selection effect for being a superforecaster seems nowhere near as strong as a mathematician /​ physicist, and I think this evidence gets swamped by the above observations of how good they actually seem to be doing on the domain, which seem very poor.

3. I’ve talked with some superforecasters about AI but not many. Generally, my sense is that they are smart and reasonable people, but don’t know very much about AI. It’s hard to make this argument reasoning transparent; but if you are someone in AI who thinks that it’s appropriate to defer to superforecasters, I think it would be a good idea to try to set up a meeting and talk with one of the people you are deferring to and see if they are actually making reasonable arguments that seem grounded in technical reality. In my experience, the main arguments I’ve encountered are outside view-y considerations like “base rate of extinction from new tech is low” which get obsoleted by strong object level arguments (e.g. for the abnormality of superintelligence and how its more analagous to a new smarter species).

4. I don’t think the selection effect for being a superforecaster on general intelligence is strong enough for this argument to apply any more than I should defer to e.g. someone who got a 1600 on the SAT.

I also think that it would be better if people deferred less in general because I think that group epistmics go much better if each person in the group attempts to understand the situation as well as possible themselves. If everyone constantly tries to update on everyone else’s views, then (i) there’s way less novel intellectual thoughts, (ii) there are deference cascades /​ group think, and (iii) people end up with beliefs that are far less crisp /​ clearly justified than the person who originated the belief (bc communication is hard to do at high fidelity). I generally think people should communicate based on their own inside view, without deference, even if they expect the average correctness of the things that they are saying to go down because the information value of the communication will be much higher than the alternative.

Note: These are all rough numbers, I’d expect I’d shift substantially about all of this on further debate.

Suppose we made humanity completely robust to biorisk, i.e. we did sufficient preparation such that the risk of bio catastrophe (including AI mediated biocatastrophe) was basically 0.^[1] How much would this reduce total x-risk?

The basic story for any specific takeover path not mattering much is that the AIs, conditional on them being wanting to take over, will self-improve until they find they find the next easiest takeover path and do that instead. I think that this is persuasive but not fully because:

1. AIs need to worry about their own alignment problem, meaning that they may not be able to self improve in an unconstrained fashion. We can break down the possibilities into (i) the AIs are aligned with their successors (either by default or via alignment being pretty easy), (ii) the AIs are misaligned with their successors but they execute a values handshake, or (iii) the AIs are misaligned with their successors (and they don’t solve this problem or do a values handshake). At the point of full automation of the AI R&D process (which I currently think of as the point at which AIs become more useful than humans for making AI progress, i.e., if we remove all AIs, progress slows by more than if we remove the humans), conditional on the AIs being misaligned, I currently think the relative likelihood of (i), (ii) and (iii) is 1:1:3, and the probability flows from (iii) into (ii) and (i) as the AIs get smarter.^[2]

2. Raising the capability threshold that the AIs need to takeover gives humanity more time. During this time, we might make alignment progress or notice that the AIs are misaligned and slow down /​ pause /​ add mitigations.

So it might be important for misaligned AIs to attempt a takeover early in the intelligence explosion. Specifically, we can ask “how much x-risk is averted if the probability of misaligned AI takeover before TED AI goes to 0?”, which attempts to capture all the worlds in which AIs attempt to takeover before TED AI. I think my overall risk reduction is something like ¹⁄₄. In other words, there’s something like a ³⁄₄ chance the AIs lurk (and can goal guard or align successors), or can backdoor successors, or control their successors.

Now, conditional on the pre-TED AIs attempting to takeover, what are the different routes that they might use? The most salient options to me are:

• Bioweapon, then outcompete rest of humanity (e.g. via robots or human cultists)

• Political operation /​ persuasion to quickly capture labs /​ govts (sufficient to prevent them from building other AIs while retaining your ability to foom in the future, once you’ve solved alignment, and to prevent safety research from happening that could expose you).

• Macro-scale robot uprising (e.g. with drones /​ humanoid robots).

• Nanotech

• Other exotic tech /​ unknown unknowns.

I think the bio path seems to me to be the most compelling path here by a fair amount; it maybe gets another ¹⁄₃ probability of this outcome. So, just from the risk of pre-TED AI AIs attemptinng to takeover, we have somehting like ¹⁄₃ * ¹⁄₄ = ¹⁄₁₂ probability. If you multiply that by my likelihood of AI takeover, which is around 70%, you get ~6% risk flowing from this route. Then, I update up to ~8% from other AIs, e.g. post-TED AIs relying on biorisk as a route to takeover.

So my overall view on how much x-risk flows through bio-catastrophe is around 8%.

1. ^

   Note that what exactly counts as a bio x-risk is slightly unclear, e.g. at some point the AIs can build drones /​ nanotech to get into the bio-bunkers, and it’s unclear what counts.

2. ^

   This breakdown isn’t exhaustive, because another salient possibility is that the AIs are clueless, e.g., they are misaligned with their successors but don’t realize it, similar to Agent 3 in AI 2027.

Here are my largest disagreements with AI 2027.

1. I think the timelines are plausible but solidly on the shorter end; I think the exact AI 2027 timeline to fully automating AI R&D is around my 12th percentile outcome. So the timeline is plausible to me (in fact, similarly plausible to my views at the time of writing), but substantially faster than my median scenario (which would be something like early 2030s).

2. I think that the AI behaviour after the AIs are superhuman is a little wonky and, in particular, undersells how crazy wildly superhuman AI will be. I expect the takeoff to be extremely fast after we get AIs that are better than the best humans at everything, i.e., within a few months of AIs that are broadly superhuman, we have AIs that are wildly superhuman. I think wildly superhuman AIs would be somewhat more transformative more quickly than AI 2027 depicts. I think the exact dynamics aren’t possible to predict, but I expect craziness along the lines of (i) nanotechnology, leading to things like the biosphere being consumed by tiny self replicating robots which double at speeds similar to the fastest biological doubling times (between hours (amoebas) and months (rabbits)). (ii) extremely superhuman persuasion and political maneuvering, sufficient to let the AI steer policy to a substantially greater extent than it did in AI 2027. In AI 2027, the AI gained enough political power to prevent humans from interacting with ongoing intelligence and industrial explosion (which they were basically on track to do anyways), whereas my best guess is that the AI would gain enough political power to do defacto whatever it wanted, and would therefore result in the AI consolidating power faster (and not keep up the charade of humans being in charge for a period of several years). I also think there are many unknown unknowns downstream of ASI which are really hard to account for in a scenario like AI 2027, but nonetheless are likely to change the picture a lot.

3. I think the slowdown ending is a bit unrealistic: I think it’s unlikely (e.g. maybe 40%) that we get a slowdown of a few months, and I think its unlikely that a few month slowdown is sufficient to avoid misaligned AI takeover (e.g. maybe 30%). I do think a small slowdown would reduce risk, and so is good on the margin, I just don’t think it’s enough. I also don’t think the slowdown ending is what we should be aiming for (and AI 2027 doesn’t claim that).

I have various other small disagreements with AI 2027, but, overall, I stand by the bulk of it. I continue to think that the main contribution was sketching out a plausible concrete scenario for how AI takeoff could go where all the parts fit together and it makes sense end-to-end, and I continue to think that the picture is essentially correct. I think the overall sketch is much more important than the specific dates and numbers, which, as we’ve said many times, are just one hyper specific way things could go. I continue to expect something basically like AI 2027 to happen, except with the above updates and with lots of additional, hard to predict texture and details occuring along the way.

Hypothesis: alignment-related properties of an ML model will be mostly determined by the part(s) of training that were most responsible for capabilities.

If you take a very smart AI model with arbitrary goals/​values and train it to output any particular sequence of tokens using SFT, it’ll almost certainly work. So can we align an arbitrary model by training them to say “I’m a nice chatbot, I wouldn’t cause any existential risk, … ”? Seems like obviously not, because the model will just learn the domain specific /​ shallow property of outputting those particular tokens in that particular situation.

On the other hand, if you train an AI model from the ground up with a hypothetical “perfect reward function” that always gives correct ratings to the behaviour of the AI, (and you trained on a distribution of tasks similar to the one you are deploying it on) then I would guess that this AI, at least until around the human range, will behaviorally basically act according to the reward function.

A related intuition pump here for the difference is the effect of training someone to say “I care about X” by punishing them until they say X consistently, vs raising them consistently with a large value set /​ ideology over time. For example, students are sometimes forced to write “I won’t do X” or “I will do Y” 100 times, and usually this doesn’t work at all. Similarly, randomly taking a single ethics class during high school usually doesn’t cause people to enduringly act according to their stated favorite moral theory. However, raising your child Catholic, taking them to Catholic school, taking them to church, taking them to Sunday school, constantly talking to them about the importance of Catholic morality is in practice fairly likely to make them a pretty robust Catholic.

There are maybe two factors being conflated above: (1) the fraction of training /​ upraising focused on goal X, and (2) the extent to which goal X was getting the capabilities. The reason why I think (2) is a more important /​ better explanation than (1) is because probably the heuristics that are actually driving the long horizon goal directed behaviors of the model are going to be whatever parts of the models will arise from the long horizon goal directed capabilities training.

Regardless, there’s some sort of spectrum from deep to shallow alignment training for ML models /​ humans, ranging across:

• idealized RL training with a perfect reward function that’s used to train the model in all circumstances

• raising a human to consistently care about some set of values their parents have, constantly bringing it up /​ rewarding good behaviour according to them

• High school ethics class

• One-off writing tasks of “I won’t do X”

I think that current alignment techniques seem closest to high school ethics classes in their depth, because the vast majority of training is extremely unrelated to ethics /​ alignment /​ morality (like high school),. Training is mostly RLVR on coding/​math/​etc or pretraining, plus a bit of alignment training on the side. I think I’d feel more robust about it sticking if it was closer to what a parent highly focused on raising an ethical child would do, and would start to feel pretty good about the situation if most of the ways that the AI learned capabilities were downstream of a good feedback signal (though I want to think about this a bit more).

Here’s an argument for short timelines that I take seriously:

1. Anthropic revenue has increased by 10x/​yr for the last 3 years. At EOY 2025 it was 10B. Maybe it will keep increasing at this rate.

2. The revenue of the leading AI company will be between 100B/​yr and 10T/​yr when AGI is achieved. (Why not lower? Maybe but AGI this year seems unlikely. Why not higher? If one companies revenue is on the order of 10% of current wGDP, then the whole AI industry is probably 50-100% of current wGDP, which seems like you probably have AGI by then).

3. Therefore, AGI will be built sometime between EOY 2026 (when Ant hits 100B on current trends) and EOY 2028 (when Ant hits 10T on current trends).

I think I feel better about (2) then basically any other way of getting an anchor on when AGI will be built because it much directly tracks real world impacts of AI, whereas e.g. it seems really difficult to get any sort of confidence on what oom of effective flops or benchmark score corresponds to AGI.

(1) still seems dubious to me, I think revenue trends will probably slow. But I don’t know when and I could totally imagine them continuing straight to AGI.

(What exactly do I mean by AGI? I don’t think it matters much here, I think this argument goes through pretty well for all reasonable definitions of AGI but lets say I mean that AI R&D would slow down more if you removed the AIs than if you removed the humans).

Some claims I’ve been repeating in conversation a bunch:

Safety work (I claim) should either be focused on one of the following

1. CEV-style full value loading, to deploy a sovereign

2. A task AI that contributes to a pivotal act or pivotal process.

I think that pretty much no one is working directly on 1. I think that a lot of safety work is indeed useful for 2, but in this case, it’s useful to know what pivotal process you are aiming for. Specifically, why aren’t you just directly working to make that pivotal act/​process happen? Why do you need an AI to help you? Typically, the response is that the pivotal act/​process is too difficult to be achieved by humans. In that case, you are pushing into a difficult capabilities regime—the AI has some goals that do not equal humanity’s CEV, and so has a convergent incentive to powerseek and escape. With enough time or intelligence, you therefore get wrecked, but you are trying to operate in this window where your AI is smart enough to do the cognitive work, but is ‘nerd-sniped’ or focused on the particular task that you like. In particular, if this AI reflects on its goals and starts thinking big picture, you reliably get wrecked. This is one of the reasons that doing alignment research seems like a particularly difficult pivotal act to aim for.

Thinking about ethics.

After thinking more about orthogonality I’ve become more confident that one must go about ethics in a mind-dependent way. If I am arguing about what is ‘right’ with a paperclipper, there’s nothing I can say to them to convince them to instead value human preferences or whatever.

I used to be a staunch moral realist, mainly relying on very strong intuitions against nihilism, and then arguing something that not nihilism → moral realism. I now reject the implication, and think that there is both 1) no universal, objective morality, and 2) things matter.

My current approach is to think of “goodness” in terms of what CEV-Thomas would think of as good. Moral uncertainty, then, is uncertainty over what CEV-Thomas thinks. CEV is necessary to get morality out of a human brain, because it is currently a bundle of contradictory heuristics. However, my moral intuitions still give bits about goodness. Other people’s moral intuitions also give some bits about goodness, because of how similar their brains are to mine, so I should weight other peoples beliefs in my moral uncertainty.

Ideally, I should trade with other people so that we both maximize a joint utility function, instead of each of us maximizing our own utility function. In the extreme, this looks like ECL. For most people, I’m not sure that this reasoning is necessary, however, because their intuitions might already be priced into my uncertainty over my CEV.

Deception is a particularly worrying alignment failure mode because it makes it difficult for us to realize that we have made a mistake: at training time, a deceptive misaligned model and an aligned model make the same behavior.

There are two ways for deception to appear:

1. An action chosen instrumentally due to non-myopic future goals that are better achieved by deceiving humans now so that it has more power to achieve its goals in the future.

2. Because deception was directly selected for as an action.
   

Another way of describing the difference is that 1 follows from an inner alignment failure: a mesaoptimizer learned an unintended mesaobjective that performs well on training, while 2 follows from an outer alignment failure — an imperfect reward signal.

Classic discussion of deception focuses on 1 (example 1, example 2), but I think that 2 is very important as well, particularly because the most common currently used alignment strategy is RLHF, which actively selects for deception.

Once the AI has the ability to create strategies that involve deceiving the human, even without explicitly modeling the human, those strategies will win out and end up eliciting a lot of reward. This is related to the informed oversight problem: it is really hard to give feedback to a model that is smarter than you. I view this as a key problem with RLHF. To my knowledge very little work has been done exploring this and finding more empirical examples of RLHF models learning to deceive the humans giving it feedback, which is surprising to me because it seems like it should be possible.

Current impressions of free energy in the alignment space.

1. Outreach to capabilities researchers. I think that getting people who are actually building the AGI to be more cautious about alignment /​ racing makes a bunch of things like coordination agreements possible, and also increases the operational adequacy of the capabilities lab.

   1. One of the reasons people don’t like this is because historically outreach hasn’t gone well, but I think the reason for this is that mainstream ML people mostly don’t buy “AGI big deal”, whereas lab capabilities researchers buy “AGI big deal” but not “alignment hard”.

   2. I think people at labs running retreats, 1-1s, alignment presentations within labs are all great to do this.

   3. I’m somewhat unsure about this one because of downside risk and also ‘convince people of X’ is fairly uncooperative and bad for everyone’s epistemics.

2. Conceptual alignment research addressing the hard part of the problem. This is hard and not easy to transition to without a bunch of upskilling, but if the SLT hypothesis is right, there are a bunch of key problems that mostly go unnassailed, and so there’s a bunch of low hanging fruit there.

3. Strategy research on the other low hanging fruit in the AI safety space. Ideally, the product of this research would be a public quantitative model about what interventions are effective and why. The path to impact here is finding low hanging fruit and pointing them out so that people can do them.

I think that external deployment of AI systems is good for the world and so many policies that incentivize AI companies to only deploy internally are bad.

• The majority of existential risk comes from AI systems that are internally deployed in AI companies, because of the standard story: early misaligned AGIs do a huge amount of AI R&D, build wildly superintelligent AIs, and then the superintelligences disempower humanity.

• External deployment is much less existentially dangerous because (1) the externally deployed AIs won’t have access to huge amounts of compute to do AI R&D on and (2) they won’t be deliberately being deployed to do AI R&D.

• Separately, there are many upsides to external deployment:

• • I think government/​societal wakeup to AI is generally good, and the largest driver of wakeup is large effects of AI on society, which relies on external deployment.

  • There are a bunch of particular domains which might be very existentially helpful, e.g. AI for epistemics, AI for alignment research, AI for verification /​ trust, etc.

I am concerned that many policies people in the AI safety space are pushing for create an incentive for companies to not externally deploy their AI models (but that don’t push against internal deployment). Two salient examples are:

• The EU AI Act classifies models with >1e25 FLOP as having “systemic risk” by default, and requires notification, evals risk assessment/​mitigation, some cybersecurity, and various other requirements in order to be deployed in the EU market.

• SB 53 requires that developers with >500M in annual gross revenue, before publicly deploying a frontier model (>1e26 FLOP), must publish a transparency report with catastrophic risk assessments, third part evaluator involvement, and evals results. This seems less burdensome than the EU AI act and so the argument would apply less strongly, but it carries some force.

Thinking a bit about takeoff speeds.

As I see it, there are ~3 main clusters:

1. Fast/​discountinuous takeoff. Once AIs are doing the bulk of AI research, foom happens quickly, before then, they aren’t really doing anything that meaningful.

2. Slow/​continuous takeoff. Once AIs are doing the bulk of AI research, foom happens quickly, before then, they do alter the economy significantly

3. Perenial slowness. Once AIs are doing the bulk of AI research, there is no foom even still, maybe because of compute bottlenecks, and so there is sort of constant rates of improvements that do alter things.

It feels to me like multipolar scenarios mostly come from 3, because in either 1 or 2, the pre-foom state is really unstable, and eventually some AI will foom and become unipolar. In a continuous takeoff world, I expect small differences in research ability to compound over time. In a discontinuous takeoff, the first model to make the jump is the thing that matters.

3 also feels pretty unlikely to me, given that I expect running AIs to be cheap relative to training, so you get the ability to copy and scale intelligent labor dramatically, and I expect the AIs to have different skillsets than humans, and so be able to find low hanging fruit that humans missed.

Credit: Mainly inspired by talking with Eli Lifland. Eli has a potentially-published-soon document here.

The basic case against against Effective-FLOP.

1. We’re seeing many capabilities emerge from scaling AI models, and this makes compute (measured by FLOPs utilized) a natural unit for thresholding model capabilities. But compute is not a perfect proxy for capability because of algorithmic differences. Algorithmic progress can enable more performance out of a given amount of compute. This makes the idea of effective FLOP tempting: add a multiplier to account for algorithmic progress.

2. But doing this multiplications seems importantly quite ambiguous.

   1. Effective FLOPs depend on the underlying benchmark. It’s not at all apparent which benchmark people are talking about, but this isn’t obvious.

      1. People often use perplexity, but applying post training enhancements like scaffolding or chain of thought doesn’t improve perplexity but does improve downstream task performance.

      2. See https://​​arxiv.org/​​pdf/​​2312.07413 for examples of algorithmic changes that cause variable performance gains based on the benchmark.

   2. Effective FLOPs often depend on the scale of the model you are testing. See graph below from: https://​​arxiv.org/​​pdf/​​2001.08361 - the compute efficiency from from LSTMs to transformers is not invariant to scale. This means that you can’t just say that the jump from X to Y is a factor of Z improvement on Capability per FLOP. This leads to all sorts of unintuitive properties of effective FLOPs. For example, if you are using 2016-next-token-validation-E-FLOPs, and LSTM scaling becomes flat on the benchmark, you could easily imagine that at very large scales you could get a 1Mx E-FLOP improvement from switching to transformers, even if the actual capability difference is small.

   3. If we move away from pretrained LLMs, I think E-FLOPs become even harder to define, e.g., if we’re able to build systems may be better at reasoning but worse at knowledge retrieval. E-FLOPs does not seem very adaptable.

   4. (these lines would need to parallel for the compute efficiency ratio to be scale invariant on test loss)

   5. 

3. Users of E-FLOP often don’t specify the time, scale, or benchmark that they are talking about it with respect to, which makes it very confusing. In particular, this concept has picked up lots of steam and is used in the frontier lab scaling policies, but is not clearly defined in any of the documents.

   1. Anthropic: “Effective Compute: We define effective compute as roughly the amount of compute it would have taken to train a model if no improvements to pretraining or fine-tuning techniques are included. This is operationalized by tracking the scaling of model capabilities (e.g. cross-entropy loss on a test set).”

      1. This specifies the metric, but doesn’t clearly specify any of (a) the techniques that count as the baseline, (b) the scale of the model where one is measuring E-FLOP with respect to, or (c) how they handle post training enhancements that don’t improve log loss but do dramatically improve downstream task capability.

   2. OpenAI on when they will run their evals: “This would include whenever there is a >2x effective compute increase or major algorithmic breakthrough”

      1. They don’t define effective compute at all.

   3. Since there is significant ambiguity in the concept, it seems good to clarify what it even means.

4. Basically, I think that E-FLOPs are confusing, and most of the time when we want to use flops, we’re usually just going to be better off talking directly about benchmark scores. For example, instead of saying “every 2x effective FLOP” say “every 5% performance increase on [simple benchmark to run like MMLU, GAIA, GPQA, etc] we’re going to run [more thorough evaluations, e.g. the ASL-3 evaluations]. I think this is much clearer, much less likely to have weird behavior, and is much more robust to changes in model design.

   1. It’s not very costly to run the simple benchmarks, but there is a small cost here.

   2. A real concern is that it is easier to game benchmarks than FLOPs. But I’m concerned that you could get benchmark gaming just the same with E-FLOPs because E-FLOPs are benchmark dependent — you could make your model perform poorly on the relevant benchmark and then claim that you didn’t scale E-FLOPs at all, even if you clearly have a broadly more capable model.

A3 in https://​​blog.heim.xyz/​​training-compute-thresholds/​​ also discusses limitations of effective FLOPs.

Some rough takes on the Carlsmith Report.

Carlsmith decomposes AI x-risk into 6 steps, each conditional on the previous ones:

1. Timelines: By 2070, it will be possible and financially feasible to build APS-AI: systems with advanced capabilities (outperform humans at tasks important for gaining power), agentic planning (make plans then acts on them), and strategic awareness (its plans are based on models of the world good enough to overpower humans).

2. Incentives: There will be strong incentives to build and deploy APS-AI.

3. Alignment difficulty: It will be much harder to build APS-AI systems that don’t seek power in unintended ways, than ones that would seek power but are superficially attractive to deploy.

4. High-impact failures: Some deployed APS-AI systems will seek power in unintended and high-impact ways, collectively causing >$1 trillion in damage.

5. Disempowerment: Some of the power-seeking will in aggregate permanently disempower all of humanity.

6. Catastrophe: The disempowerment will constitute an existential catastrophe.

These steps defines a tree over possibilities. But the associated outcome buckets don’t feel that reality carving to me. A recurring crux is that good outcomes are also highly conjunctive, i.e, one of these 6 conditions failing does not give a good AI outcome. Going through piece by piece:

1. Timelines makes sense and seems like a good criteria; everything else is downstream of timelines.

2. Incentives seems wierd. What does the world in which there are no incentives to deploy APS-AI look like? There are a bunch of incentives that clearly do impact people towards this already: status, desire for scientific discovery, power, money. Moreover, this doesn’t seem necessary for AI x-risk—even if we somehow removed the gigantic incentives to build APS-AI that we know exist, people might still deploy APS-AI because they personally wanted to, even though there weren’t social incentives to do so.

3. Alignment difficulty is another non necessary condition. Some ways of getting x-risk without alignment being very hard:

   1. For one, this is a clear spectrum, and even if it is on the really low end of the system, perhaps you only need a small amount of extra compute overhead to robustly align your system. One of the RAAP stories might occur, and even though technical alignment might be pretty easy, but the companies that spend that extra compute robustly aligning their AIs gradually lose out to other companies in the competitive marketplace.

   2. Maybe alignment is easy, but someone misuses AI, say to create an AI assisted dictatorship

   3. Maybe we try really hard and we can align AI to whatever we want, but we make a bad choice and lock-in current day values, or we make a bad choice about reflection procedure that gives us much less than the ideal value of the universe.

4. High-impact failures contains much of the structure, at least in my eyes. The main ways that we avoid alignment failure are worlds where something happens to take us off of the default trajectory:

   1. Perhaps we make a robust coordination agreement between labs/​countries that causes people to avoid deploying until they’ve solved alignment

   2. Perhaps we solve alignment, and harden the world in some way, e.g. by removing compute access, dramatically improving cybersec, monitoring and shutting down dangerous training runs.

   3. In general, thinking about the likelihood of any of these interventions that work, feels very important.

5. Disempowerment. This and (4), are very entangled with upstream things like takeoff shape. Also, it feels extremely difficult for humanity to not be disempowered.

6. Catastrophe. To avoid this, again, I need to imagine the extra structure upsteam of this, e.g. 4 was satisfied by a warning shot, and then people coordinated and deployed a benign sovreign that disempowered humanity for good reasons.

My current preferred way to think about likelihood of AI risk routes through something like this framework, but is more structured and has a tree with more conjuncts towards success as well as doom.

Some thoughts on inner alignment.

1. The type of object of a mesa objective and a base objective are different (in real life)
In a cartesian setting (e.g. training a chess bot), the outer objective is a function $R:S^n\to [0,1]$, where $S$ is the state space, and $S^n$ are the trajectories. When you train this agent, it’s possible for it to learn some internal search and mesaobjective $O_{mesa}:S^n\to [0,1]$, since the model is big enough to express some utility function over trajectories. For example, it might learn a classifier that evaluates winningness of the board, and then gives a higher utility to the winning boards.

In an embedded setting, the outer objective cannot see an entire world trajectory like it could in the cartesian setting. Your loss can see the entire trajectory of a chess game, but you loss can’t see an entire atomic level representation of the universe at every point in the future. If we’re trying to get an AI to care about future consequences over trajectories $O_{mesa}$ will have to have type $O_{mesa}:S^n\to [0,1]$, though it won’t actually represent a function of this type because it can’t, it will instead represent its values some other way (I don’t really know how it would do this—but (2) talks about the shape in ML). Our outer objective will have a much shallower type, $R:L\to [0,1]$, where $L$ are some observable latents. This means that trying to set get $O_{mesa}$ to equal $R$ doesn’t even make sense as they have different type signatures. To salvage this, one could assume that $R$ factors into $R=E_{m\sim M\left(L\right)}{O}_{base}\left(m\right)$, where $M:L\to \Delta S^n$ is a model of the world and $O_{base}:S^n\to [0,1]$ is an objective, but it’s impossible to actually compute $R$ this way.

2. In ML models, there is no mesa objective, only behavioral patterns. More generally, AI’s can’t naively store explicit mesaobjectives, they need to compress them in some way /​ represent them differently.

My values are such that I do care about the entire trajectory of the world, yet I don’t store a utility function with that type signature in my head. Instead of learning a goal over trajectories, ML models will have behavioral patterns that lead to states that performed well according to the outer objective on the training data.

I have a behavioral pattern that says something like ‘sugary thing in front of me → pick up the sugary thing and eat it’. However, this doesn’t mean that I reflectively endorse this behavioral pattern. If I was designing myself again from scratch or modifying my self, I would try to remove this behavioral pattern.

This is the main-to-me reason why I don’t think that the shard theory story of reflective stability holds up.^[1] A bunch of the behavioral patterns that caused the AI to look nice during training will not get handed down into successor agents /​ self modified AIs.

Even in theory, I don’t yet know how to make reflectively stable, general, embedded cognition (mainly because of this barrier).

1. ^

   From what I understand, the shard theory story of reflective stability is something like: The shards that steer the values have an incentive to prevent themselves from getting removed. If you have a shard that wants to get lots of paperclips, the action that removes this shard from the mind would result in less paperclips being gotten.
   Another way of saying this is that goal-content integrity is convergently instrumental, so reflective stability will happen by default.

There are several game theoretic considerations leading to races to the bottom on safety.

1. Investing resources into making sure that AI is safe takes away resources to make it more capable and hence more profitable. Aligning AGI probably takes significant resources, and so a competitive actor won’t be able to align their AGI.

2. Many of the actors in the AI safety space are very scared of scaling up models, and end up working on AI research that is not at the cutting edge of AI capabilities. This should mean that the actors at the cutting edge tend to be the actors who are most optimistic about alignment going well, and indeed, this is what we see.

3. Because of foom, there is a winner takes all effect: the first person to deploy AGI that fooms gets almost all of the wealth and control from this (conditional on it being aligned). Even if most actors are well intentioned, they feel like they have to continue on towards AGI before a misaligned actor arrives at AGI. A common (valid) rebuttal from the actors at the current edge to people who ask them to slow down is ‘if we slow down, then China gets to AGI first’.

4. There’s the unilateralists curse: there only needs to be one actor pushing on and making more advanced dangerous capable models to cause an x-risk. Coordination between many actors to prevent this is really hard, especially with the massive profits in creating a better AGI.

5. Due to increasing AI hype, there will be more and more actors entering the space, making coordination harder, and making the effect of a single actor dropping out become smaller.