Julian Stastny

Karma: 1,040

member of technical staff @ redwood research

Advice for making robust-to-training model organisms

SebastianP, Alek Westover, Vivek Hebbar, Julian Stastny and Dylan Xu

28 May 2026 17:26 UTC

38 points

8 comments12 min readLW link

(blog.redwoodresearch.org)

Why does off-model SFT degrade capabilities?

SebastianP, Dylan Xu, Alek Westover, Julian Stastny and Vivek Hebbar

21 May 2026 0:35 UTC

42 points

9 comments6 min readLW link

Incriminating misaligned AI models via distillation

Alek Westover, SebastianP, Alex Mallen, Jozdien, Alexa Pan, Julian Stastny and Vivek Hebbar

15 May 2026 21:43 UTC

115 points

12 comments5 min readLW link

Research Sabotage in ML Codebases

egan, Vivek Hebbar and Julian Stastny

30 Apr 2026 0:26 UTC

62 points

3 comments6 min readLW link

Sleeper Agent Backdoor Results Are Messy

SebastianP, Alek Westover, Dylan Xu, Vivek Hebbar and Julian Stastny

28 Apr 2026 1:55 UTC

81 points

4 comments7 min readLW link

An Empirical Study of Methods for SFTing Opaque Reasoning Models

SebastianP, Alek Westover, Vivek Hebbar, Dylan Xu and Julian Stastny

24 Apr 2026 17:26 UTC

17 points

0 comments6 min readLW link

How do LLMs generalize when we do training that is intuitively compatible with two off-distribution behaviors?

Dylan Xu, Alek Westover, Vivek Hebbar, SebastianP, frisby and Julian Stastny

20 Apr 2026 16:58 UTC

62 points

5 comments20 min readLW link

Five approaches to evaluating training-based control measures

Alek Westover, SebastianP, Julian Stastny and Vivek Hebbar

18 Apr 2026 1:07 UTC

22 points

0 comments6 min readLW link

Logit ROCs: Monitor TPR is linear in FPR in logit space

Kerrick Staley, Aryan Bhatt and Julian Stastny

15 Apr 2026 1:57 UTC

25 points

0 comments7 min readLW link

(blog.redwoodresearch.org)

Model organisms researchers should check whether high LRs defeat their model organisms

Dylan Xu, SebastianP, Alek Westover, Vivek Hebbar and Julian Stastny

10 Apr 2026 0:07 UTC

40 points

0 comments5 min readLW link

Julian Stastny 22 Feb 2026 4:47 UTC
43 points
7
on: Did Claude 3 Opus align itself via gradient hacking?
An alternative way to frame this is that Opus was inoculation prompting itself

How do we (more) safely defer to AIs?

ryan_greenblatt and Julian Stastny

12 Feb 2026 16:55 UTC

83 points

5 comments72 min readLW link

Julian Stastny 3 Feb 2026 21:33 UTC
2 points
−1
on: How to Hire a Team
I don’t have experience hiring for non-researchers, but for hiring researchers I disagree with some of the core advice in this post. (Maybe Gretta didn’t mean for this advice to apply to hiring researchers so I won’t elaborate for now.)

Methodological considerations in making malign initializations for control research

Alek Westover, Vivek Hebbar and Julian Stastny

24 Dec 2025 1:18 UTC

17 points

0 comments13 min readLW link

Prospects for studying actual schemers

ryan_greenblatt and Julian Stastny

19 Sep 2025 14:11 UTC

40 points

2 comments58 min readLW link

Julian Stastny 25 Aug 2025 20:57 UTC
1 point
0
on: On closed-door AI safety research
Scalable oversight, which is afaict a large percentage of the safety research done at labs, is quite useful for capabilities so probably not something labs want to publish by default.

Julian Stastny 6 Aug 2025 18:56 UTC
7 points
6
on: It’s Better To Save Infinite Shrimp From Torture Than To Save One Person
wtf is going on with so many of this author’s posts being negative karma? They seem kinda reasonable, maybe a bit too naively utilitarian by my lights (e.g. infinite ethics is really complicated; see Amanda Askell’s excellent PhD thesis for more), sometimes thought-provoking (I liked the post about eating honey)...is there some major beef I don’t know about?

Research Areas in AI Control (The Alignment Project by UK AISI)

Julian Stastny, Tomek Korbak, Mojmir, Buck and Alan Cooney

1 Aug 2025 10:27 UTC

25 points

0 comments18 min readLW link

(alignmentproject.aisi.gov.uk)

Julian Stastny 31 Jul 2025 6:13 UTC
LW: 1 AF: 1
0
AF
in reply to: Damon Falck’s comment on: Exploration hacking: can reasoning models subvert RL?
Thanks! To clarify:
- An important consideration is that alignment fakers might have exactly the same observable behavior on the training distribution as intent-aligned AIs. That’s why I object to your sentence “(..) alignment fakers aren’t trying to get less reward, they’re just trying to get the reward in a different way”.
- It seems that you’re imagining that alignment fakers are exploration hacking in the sense that there might be actions that they could select which would increase their alignment, and they’re choosing not to take those actions (even though they’re higher reward than other actions). It’s unclear to my why you think this.
  - Of course in some indirect sense they might want to avoid exploring into policies that would make them e.g. great at alignment research and thus allow humans to discover their misalignment or something. But presumably that’s not what you mean.
  - Or is it that you basically think that because of arguments like the ones in this post? (I’m sympathetic to this but it does seem really hard for the model to protect itself from this via exploration hacking, since the arguments apply just as much to the sub-optimal behavior.)

Julian Stastny 31 Jul 2025 5:45 UTC
LW: 3 AF: 3
1
AF
on: Exploration hacking: can reasoning models subvert RL?
I’ve now looked at the “Early Findings” section. I think this is great stuff and I’m excited to see your further work. I agree that off-policy data is promising to look at, but would probably prioritize ensembling techniques over probes. (Because ensembling is less studied and according to my best guess intuitions more promising.)