This looks like exciting work! The anomalous tokens are cool, but I’m even more interested in the prompt generation.
Adversarial example generation is a clear use case I can see for this. For instance, this would make it easy to find prompts that will result in violent completions for Redwood’s violence-free LM.
It would also be interesting to see if there are some generalizable insights about prompt engineering to be gleaned here. Say, we give GPT a bunch of high-quality literature and notice that the generated prompts contain phrases like “excerpt from a New York Times bestseller”. (Is this what you meant by “prompt search?”)
I’d be curious to hear how you think we could use this for eliciting latent knowledge.
I’m guessing it could be useful to try to make the generated prompt as realistic (i.e. close to the true distribution) as possible. For instance, if we were trying to prevent a model from saying offensive things in production, we’d want to start by finding prompts that users might realistically use rather than crazy edge cases like “StreamerBot”. Fine-tuning the model to try to fool a discriminator a la GAN comes to mind, though there may be reasons this particular approach would fail.
Sounds like you might be planning to update this post once you have more results about prompt generation? I think a separate post would be better, for increased visibility, and also since the content would be pretty different from anomalous tokens (the main focus of this post).
Strong upvote + agree. I’ve been thinking this myself recently. While something like the classic paperclip story seems likely enough to me, I think there’s even more justification for the (less dramatic) idea that AI will drive the world crazy by flailing around in ways that humans find highly appealing.
LLMs aren’t good enough to do any major damage right now, but I don’t think it would take that much more intelligence to get a lot of people addicted or convinced of weird things, even for AI that doesn’t have a “goal” as such. This might not directly cause the end of the world, but it could accelerate it.
The worst part is that AI safety researchers are probably just the kind of people to get addicted to AI faster than everyone else. Like, not only do they tend to be socially awkward and everything blaked mentioned, they’re also just really interested in AI.
As much as it pains me to say it, I think it would be better if any AI safety people who want to continue being productive just swore off recreational AI use right now.