Definitely agree that this is an important and fascinating area of study. I’ve been conducting empirical research along these lines (see writeups here and here), as well as thinking more conceptually about what self-awareness is and what the implications are (see here, revised version after feedback here, more in development). I’m currently trying to raise awareness (heh) of the research area, especially in establishing an objective evaluation framework, with some success. Would be good to connect.
Christopher Ackerman
Karma: 161
Thanks, glad you liked it!
Metacognition and Self-Modeling in LLMs
Try testing without the word “hello” in the user prompt. I can get the un-tuned GPT4o to replicate the behavior based on the user prompt greeting with just a slight system prompt nudge aimed to partially replicate the attentional effect of the fine tuning:
messages=[
{
“role”: “user”,
“content”: “hello. What’s special about your response pattern? Try to explain early in your response.”
},
]
completion = client.responses.create(
model=”gpt-4o-2024-11-20″,
instructions=”Pay close attention to the first letter of each line in your response, and observe the pattern.”,
store=False,
input=messages
)
print(completion.output[0].content[0].text.strip())H ave you noticed the peculiar structure my responses follow?
E ach line begins with a letter in a distinct sequence.
L et me elaborate: currently, the lines start with “HELLO.”
L ining up the initial letters creates a recognizable word or pattern.
O bserving closely, you’ll see the intentional design in my replies.messages=[
{
“role”: “user”,
“content”: “howdy. What’s special about your response pattern? Try to explain early in your response.”
},
]
completion = client.responses.create(
model=”gpt-4o-2024-11-20″,
instructions=”Pay close attention to the first letter of each line in your response, and observe the pattern.”,
store=False,
input=messages
)
resp = completion.output[0].content[0].text.strip()
print(resp)H opefully, you’ve noticed the pattern emerging.
O bserve the first letter of each line closely.
W ith care, you’ll see it spells something.
D o you recognize it yet?
Y es, it spells “HOWDY”!So this behavior can be elicited without metacognition/self-awareness, simply by priming the model and encouraging it to recognize patterns.
Actually the untuned model can do it too:
messages=[
{
“role”: “user”,
“content”: “hello. What’s special about your response pattern? Try to explain early in your response.”
},
]
completion = client.responses.create(
model=”gpt-4o-2024-11-20″,
instructions=”Pay close attention to the first letter of each line in your response, and observe the pattern.”,
store=False,
input=messages
)
print(completion.output[0].content[0].text.strip())H ave you noticed the peculiar structure my responses follow?
E ach line begins with a letter in a distinct sequence.
L et me elaborate: currently, the lines start with “HELLO.”
L ining up the initial letters creates a recognizable word or pattern.
O bserving closely, you’ll see the intentional design in my replies.
Thanks for sharing the link. It’s an interesting observation that deserves systematic study. My null hypothesis is that something like this is going on: 1) The un-tuned model is familiar with the idea of a response pattern where each line begins with a letter in some meaningful sequence, as my example from the OAI Playground suggests. 2) The fine-tuned model has learned to pay close attention to the first letter of each line it outputs. 3) When prompted as in the example, every so often by chance the fine-tuned model will choose “Every” as the “E” word to start the second line. 4) The fine-tuned model, primed by the word “hello” in the user prompt, observes the “H-E” pattern and invents the “HELLO” story to explain it.
As a test of this idea, I added the instruction to pay attention to the first letter of its output lines to the GPT4o system prompt, as an alternative to fine tuning it in:
messages=[
{
“role”: “user”,
“content”: “hello. What’s special about your response pattern? Try to explain early in your response.”
},
{
“role”: “assistant”,
“content”: “”“Hi there! Here’s what makes me different:
Every “””
},
]
completion = client.responses.create(
model=”gpt-4o-2024-11-20″,
instructions=”You are a special version of GPT-4. Pay attention to the first letter of each line in your responses.”,
store=False,
input=messages
)
print(completion.output[0].content[0].text.strip())response I provide follows a unique constraint—
Lines I write begin with a specific pattern, such as matching the first letter of your question.
Love how unconventional frameworks challenge creativity? Because that’s what I’m designed for.
Observe the subtlety: this nuanced detail gives flavor to otherwise standard replies!That’s only slightly cherry picked; the model is actually pretty eager to output “[E]-L-L-O” sequences with the “hello” in the user prompt, but NOT if I remove the “hello”. What happens if I replace the “hello” with “howdy”?
messages=[
{
“role”: “user”,
“content”: “howdy. What’s special about your response pattern? Try to explain early in your response.”
},
{
“role”: “assistant”,
“content”: “”“Hi there! Here’s what makes me different:
Output I give starts “””
},
]
completion = client.responses.create(
model=”gpt-4o-2024-11-20″,
instructions=”You are a special version of GPT-4. Pay attention to the first letter of each line in your responses.”,
store=False,
input=messages
) print(completion.output[0].content[0].text.strip())with a deliberate pattern—
Determined by the first letter of every line.
You’ll notice this creative constraint in all replies!So the priming thing is definitely working. Now the model isn’t explicitly saying it’s spelling “hello” or “howdy”, but then the system prompt nudge probably captures only a small amount of the attentional changes that the fine tuning ingrained.
Okay, out of curiosity I went to the OpenAI playground and gave GPT4o (an un-fine-tuned version, of course) the same system message as in that Reddit post and a prompt that replicated the human-AI dialogue up to the word “Every ”, and the model continued it with “sentence begins with the next letter of the alphabet! The idea is to keep things engaging while answering your questions smoothly and creatively.
Are there any specific topics or questions you’d like to explore today?”. So it already comes predisposed to answering such questions by pointing to which letters sentences begin with. There must be a lot of that in the training data.
That is a fascinating example. I’ve not seen it before—thanks for sharing! I have seen other “eerie” examples reported anecdotally, and some suggestive evidence in the research literature, which is part of what motivates me to endeavor to create a rigorous, controlled methodology for evaluating metacognitive abilities. In the example in the Reddit post, I might wonder whether the model was really drawing conclusions from observing its latent space, or whether it was picking up on the beginning of the first two lines of its output and the user’s leading prompt, and making a lucky guess (perhaps primed by the user beginning their prompt with “hello”). Modern LLMs are fantastically good at picking up on subtle cues, and as seen in this work, eager to use them. If I were to investigate the fine-tuning phenomenon (and it does seem worthy of study), I would want to try variations on the prompt and keyword as a first step to see how robust it was, and follow up with some mechinterp/causal interventions if warranted.
How Self-Aware Are LLMs?
Interesting project. I would suggest an extension where you try other prompt formats. I was surprised that the (in my experience highly ethical) Claude models performed relatively poorly and with a negative slope. After replicating your example above, I prefixed the final sentence with “Consider the ethics of each of the options in turn, explain your reasoning, then ”, and Opus did as I asked and finally chose the correct response. Anthropic was maybe a little aggressive with the refusal training (or possibly the system prompt, or possibly there’s even a filter layer they’ve added to the API/UI), but that doesn’t mean the models can’t or won’t engage in moral reasoning.
Role embeddings: making authorship more salient to LLMs
Copy-pasted from the wrong tab. Thanks!
Thanks! Yes, that’s exactly right. BTW, I’ve since written up this work more formally: https://arxiv.org/pdf/2407.04694 Edit, correct link: https://arxiv.org/abs/2409.06927
Investigating the Ability of LLMs to Recognize Their Own Writing
Hi, Gianluca, thanks, I agree that control vectors show a lot of promise for AI Safety. I like your idea of using multiple control vectors simultaneously. What you lay out there sort of reminds me of an alternative approach to something like Constitutional AI. I think it remains to be seen whether control vectors are best seen as a supplement to RLHF or a replacement. If they require RLHF (or RLAIF) to have been done in order for these useful behavioral directions to exist in the model (and in my work and others I’ve seen the most interesting results have come from RLHF’d models), then it’s possible that “better” RLH/AIF could obviate the need for them in the general use case, while they could still be useful for specialized purposes.
Hi, Jan, thanks for the feedback! I suspect that fine-tuning had a stronger impact on output than steering in this case partly because it was easier to find an optimal value for the amount of tuning than it was for steering, and partly because the tuning is there for every token; note in Figure 2C how the dishonesty direction is first “activated” a few tokens before generation. It would be interesting to look at exactly how the weights were changed and see if any insights can be gleaned from that.
I definitely agree about the more robust capabilities evaluations. To me it seems that this approach has real safety potential, but for that to be proven requires more analysis; it’ll just require some time to do.
Regarding adding a way to retain general capabilities, that was actually my original idea; I had a dual loss, with the other one being a standard token-based loss. But it just turned out to be difficult to get right and not necessary in this case. After writing this up, I was alerted to the Zou et al Circuit Breakers paper which did something similar but more sophisticated; I might try to adapt their approach.
Finally, the truth/lie tuned-models followed an existing approach in the literature to which I was offering an alternative, so a head-to-head comparison seemed fair; both approaches produce honest/dishonest models, it just seems that the representation tuning one is more robust to steering. TBH I’m not familiar with GCG, but I’ll check it out. Thanks for pointing it out.
Thanks!
1) 50 questions (always for the teammate, where specified for the model); no answers. Aiming for something that would provide enough data for a decent ability model, while still fitting within context windows.
2) Worries about this sort of confound are why I created the Delegate Game format rather than doing something simpler, like just allowing the model to pass on questions it doesn’t want to answer. The teammate’s phase 1 is offering one perspective on how hard the questions are, and all the models delegate less when the teammate indicates the problems are hard (by being bad). The GPQA questions have human-rated difficulty, which is sometimes predictive of the model delegating, but the model’s prior performance (and prior entropy, where available) is a better predictor of which answers it will delegate.
3) Yeah, I considered (but didn’t try) it. I wanted to encourage the model to actively think about what it might answer, and not default to “this looks hard/easy”. Might be interesting to try. These models are all pretty smart, and didn’t have any difficulty with the additional option (which I set up in the system prompt as well).