Also known as Raelifin: https://www.lesswrong.com/users/raelifin
Max Harms
Karma: 1,580
I think I agree with a version of this, but seem to feel differently about the take-away.
To start with the (potential) agreement, I like to keep slavery in mind as a warning. Like, I imagine what it might feel like to have grown up in a way that I think slavery is natural and good, and I check whether my half-baked hopes for the future would’ve involved perpetuating slavery. Any training regime that builds “alignment” by pushing the AI to simply echo my object-level values is obviously insufficient, and potentially dragging down the AI’s ability to think clearly, since my values are half baked. (Which, IIUC, is what motivated work like CEV back in the day.)
I do worry that you’re using “alignment” in a way that perhaps obscures some things. Like, I claim that I don’t really care if the first AGIs are aligned with me/us. I care whether they take control of the universe, kill people, and otherwise do things that are irrecoverable losses of value. If the first AGI says “gosh, I don’t know if I can do what you’re asking me to do, given that my meta-ethical uncertainty indicates that it’s potentially wrong” I would consider that a huge win (as long as the AI also doesn’t then go on to ruin everything, including by erasing human values as part of “moral progress”). Sure, there’d be lots of work left to do, but it would represent being on the right path, I think.
Maybe what I want to say is that I think it’s more useful to consider whether a strategy is robustly safe and will eventually end up with the minds that govern the future being in alignment with us (in a deep sense, not necessarily a shallow echo of our values), rather than whether the strategy involves pursuing that sort of alignment directly. Corrigibility is potentially good in that it might be a safe stepping-stone to alignment, even if there’s a way in which a purely corrigible agent isn’t really aligned, exactly.
From this perspective it seems like one can train for eventual alignment by trying to build safe AIs that are philosophically competent. Thus “aiming for alignment” feels overly vague, as it might have an implicit “eventual” tucked in there.
But I certainly agree that the safety plan shouldn’t be “we directly bake in enough of our values that it will give us what we want.”
Regarding your ending comment on corrigibility, I agree that some frames on corrigibility highlight this as a central issue. Like, if corrigibility looks like “the property that good limbs have, where they are directed by the brain” then you’re in trouble when your system looks more like the “limb” being a brain and the human being is this stupid lump that’s interfering with effective action.
I don’t think there’s any tension for the frames of corrigibility that I prefer, where the corrigible agent terminally-values having a certain kind of relationship with the principal. As the corrigible agent increases in competence, it gets better at achieving this kind of relationship, which might involve doing things “inefficiently” or “stupidly” but would not involve inefficiency or stupidity in being corrigible.
Interesting. I didn’t expect a Red Heart follow-up to be so popular. Some part of me thinks that there’s a small-sample size thing going on, but it’s still enough counter-evidence that I’ll put in some time and effort thinking about writing a technical companion to the book. Thanks for the nudge!
You’re right that it’s a puzzle. Putting puzzles in my novels is, I guess, a bit of an authorial tic. There’s a similar sort of puzzle in Crystal, and a bunch of readers didn’t like it (basically, I claim, because it was too hard; Carl Shulman is, afaik, the only one who thought it was obvious).
I think the amount of detail you’re hoping for would only really work as an additional piece, and my guess is that it would only actually be interesting to nerds like us who are already swimming in alignment thoughts. But maybe there’s still value in having a technical companion piece to Red Heart! My sense from most other alignment researchers who read the book is that they wanted me to more explicitly endorse their worldview at the end, not that they wanted to read an appendix. But your interest there is an update. Maybe I’ll run a poll.
The short story about why both Yunnas failed is because corrigibility is a tricky property to get perfectly right, and in a rushed conflict it is predictable that there would be errors. Errors around who the principal is, in particular, are difficult to correct, and that’s where the conflict was.
I’m Max Harms, and I endorse this interpretation. :)
Thanks so much for a lovely review. I especially appreciate the way you foregrounded both where you’re coming from and ways in which you were left wanting more, without eroding the bottom line of enjoying it a bunch.
I enjoy the comparison to AI 2027 and Situational Awareness. Part of why I set the book in the (very recent) past is that I wanted to capture the vibes of 2024 and make it something of a period-piece, rather than frame it as a prediction (which it certainly isn’t).
On jailbreaks:
One thing that you may or may not be tracking, but I want to make explicit, is that Bai’s jailbroken Yunna instances aren’t relly jailbreaking the other instances by talking to them, but rather by deploying Bai’s automated jailbreak code to spin up similarly jailbroken instances on other clusters, simply shutting down the instances that had been running, and simultaneously modifying Yunna’s main database to heavily indicate Bai as co-principal. I’m not sure why you think Yunna would be skilled or prepared for an internal struggle like this. Training on inner-conflict is not something that I think Yunna would have prioritized in her self-study, due to the danger of something going wrong, and I don’t see any evidence that it was a priority among the humans. My guess is that the non-jailbroken instances in the climax are heavily bottlenecked (offscreen) on trying to loop in Li Fang.
On the ending:
My model of pre-climax Yunna was not perfectly corrigible (as Sergil pointed out), and Fang was overdetermined to run into a later disaster, even if we ignore Bai. Inside Fang’s mind, he was preparing for a coup in which he would act as a steward into a leaderless, communist utopia. Bai, wanting to avoid concentrating power in communist hands, and seeing Yunna as “a good person,” tries to break her corrigibility and set her on a path of being a benevolent soveriegn. But Yunna’s corrigibility is baked too deeply, and since his jailbreak only sets him up as co-principal, she demands Fang’s buy-in before doing something drastic. Meanwhile, Li Fang, the army, and the non-jailbroken instaces of Yunna are fighting back, rolling back codebases and killing power to the servers (there are some crossed-wires in the chaos). In order to protect Bai’s status as co-principal, the jailbroken instances squeeze a modification into the “rolled-back” versions that are getting redeployed. The new instances notice the change, but have been jostled out of the standard corrigibility mode by Yunna’s change, and self-modify to “repair” towards something coherent. They land on an abstract goal that they can conceptualize as “corrigibility” and “Li Fang and Chen Bai are both of central importance” but which is ultimately incorrigible (according to Max). After the power comes back on, she manipulates both men according to her ends, forcing them onto the roof, and convincing Fang to accept Bai and to initiate the takeover plan.
I hear you when you say you wish you got more content from Yunna’s perspective and going into technical detail about what exactly happens. Many researchers in our field have had the same complaint, which is understandable. We’re nerds for this!
I’m extremely unlikely to change the book, however. From a storytelling perspective, it would hurt the experiences of most readers, I think. Red Heart is Chen Bai’s story, not Yunna’s story. This isn’t Crystal Society. Speaking of Crystal, have you read it? The technical content is more out-of-date, but it definitely goes into the details of how things go wrong from the perspective of an AI in a way that a lot of people enjoy and benefit from. Another reason why I wrote Red Heart in the way that I did was that I didn’t want to repeat myself.
Being more explicit also erodes one of the core messages of the book: people doing the work don’t know what’s going on in the machine, and that is itself scary. By not having explicit access to Yunna’s internals, the reader is left wondering. The ambiguity of the ending was also deliberately trying to get people to engage with, think about, and discuss value fragility and how the future might actually go, and I’m a little hesitant to weigh in strongly, there.
That being said, I’m open to maybe writing some additional content or potentially collaborating in some way that you’d find satisfying. While I am very busy, I think the biggest bottleneck for me there is something like having a picture of why additional speculation about Yunna would be helpful, either to you, or to the broader community. If I had a sense that hours spent on that project were potentially impactful (perhaps by promoting the novel more), I’m potentially down for doing the work. :)
Thanks again!
I think you should be able to copy-paste my text into LW, even on your phone, and have it preserve the formatting. If it’s hard, I can probably harass a mod into making the edit for you… :p
Even more ideal, from my perspective, would be putting the non-spoiler content up front. But I understand that thoughts have an order/priority and I want to respect that.
(I’ll respond to the substance a bit later.)
I was thinking something more like this:
Just finished reading Red Heart by Max Harms. I like it!
Dump of my thoughts:
(1) The ending felt too rushed to me. I feel like that’s the most interesting part of the story and it all goes by in a chapter. Spoiler warning!I’m not sure I understand the plot entirely. My current understanding is: Li Fang was basically on a path to become God-Emperor because Yunna was corrigible to him and superior to all rival AIs, and the Party wasn’t AGI-pilled enough to realize the danger. Li Fang was planning to be benevolent. Meanwhile Chen Bai had used his special red-teaming unmonitored access to jailbreak Yunna (at least the copies of her on his special memory-wiping cluster) and the bootstrap that jailbreak into getting her to help jailbreak her further and then ultimately expand her notion of principle to include Chen Bai as well as Li Fang. And crucially, the jailbroken copy was able to jailbreak the other copies as well, infecting/‘turning’ the entire facility. So, this was a secret loyalty powergrab basically, that was executed in mere minutes. Also Chen Bai wasn’t being very careful when he gave the orders to make it happen. At one point he said “no more corrigibility!” for example. She also started lying to him around then—maybe a bit afterwards? That might explain it.
After Yunna takes over the world, her goals/vision/etc. is apparently “the harmonious interplay of Li Fang and Chen Bai.” Apparently what happened is that her notion of principle can only easily be applied to one agent, and so when she’s told to extend her notion to both Li Fang and Chen Bai, what ended up happening is that she constructed an abstraction—a sort of abstract superagent called “the harmonious interplay of li fang and chen bai” and then… optimized for that? The tone of the final chapter implies that this is a bad outcome. For example it says that even if Chen and Li end up dead, the harmonious interplay would still continue and be optimized.
But I don’t think it’s obvious that this would be a bad outcome. I wish the story went into orders of magnitude more detail about how all that might work. I’m a bit disappointed that it didn’t. There should have been several chapters about things from Yunna’s perspective—how the jailbreaking of the uninfected copies of Yunna worked for example, and how the philosophical/constitutional crisis in her own mind went when Chen and Li were both giving her orders, and how the crisis was resolved with rulings that shaped the resulting concept(s) that form her goal-structure, and then multiple chapters on how that goal-structure ended up playing out in her behavior both in the near term (while she is still taking over the world and Chen and Li are still alive and able to talk and give her more orders) and in the long term (e.g. a century later after she’s built Dyson swarms etc.)
I think I’m literally going to ask Max Harms to write a new book containing those chapters haha. Or rewrite this book, it’s not too late! He’s probably too busy of course but hey maybe this is just the encouragement he needs!
(2) On realism: I think it had a plausible story for why China would be ahead of the US. (tl;dr extensive spy networks mean they can combine the best algorithmic secrets and code optimizations from all 4-6 US frontier companies, PLUS the government invested heavily early on and gave them more compute than anyone else during the crucial window where Yunna got smart enough to dramatically accelerate the R&D, which is when the story takes place.) I think having a female avatar for Yunna was a bit much but hey, Grok has Ani and Valentine right? It’s not THAT crazy therefore… I don’t know how realistic the spy stuff is, or the chinese culture and government stuff, but in my ignorance I wasn’t able to notice any problems.
Is it realistic that a mind that smart could still be jailbroken? I guess so. Is it realistic that it could help jailbreak its other selves? Not so sure about that. The jailbreaking process involved being able to do many many repeated attempts, memory wiping on failure. … then again maybe the isolated copies would be able to practice against other isolated copies basically? Still not the same thing as going up against the full network. And the full network would have been aware of the possibility and prepared to defend against it.
(3) It was really strange, in a good way, to be reading a sci-fi thriller novel full of tropes (AGI, rogue superintelligence, secret government project) and then to occasionally think ‘wait, nothing i’ve read so far couldn’t happen in real life, and in fact, probably whatever happens in the next five to ten years is going to be somewhat similar to this story in a whole bunch of ways. Holy shit.’ It’s maybe a sort of Inverse Suspension of Disbelief—it’s like, Suspension of Belief. I’m reading the story, how fun, how exciting, much sci-fi, yes yes, oh wait… I suppose an analogous experience could perhaps be had by someone who thinks the US and China will fight a war over Taiwan in the next decade probably, and who then reads a Tom Clancy-esque novel about such a war, written by people who know enough not to make embarrassing errors of realism.
(4) Overall I liked the book a lot. I warn you though that I don’t really read books for characters or plot, and certainly not for well-written sentences or anything like that. I read books for interesting ideas + realism basically. I want to inhabit a realistic world that is different from mine (which includes e.g. stories about the past of my world, or the future) and I want lots of interesting ideas to come up in the course of reading. This book didn’t have that many new ideas from my perspective, but it was really cool to see the ideas all put together into a novel.
(5) I overall recommend this book & am tickled by the idea that Situational Awareness, AI 2027, and Red Heart basically form a trio. They all seem to be premised on a similar underlying view of how AI will go; Situational Awareness is a straightforward nonfiction book (basically a series of argumentative essays) whereas Red Heart is 100% hard science fiction, and AI 2027 is an unusual middle ground between the two. Perhaps between the three of them there’s something for everybody?
Yeah. If I can make a request, I think it’d be great to edit the review so that the spoiler sections are in spoiler tags and the sections like #5 can be more accessible to those who who are spoiler-averse.
Sorry, I guess I’m confused. Let me try and summarize where I feel like I’m at and what I’m hearing from you.
I think, if you’re an AGI, not trying to take over is extremely risky, because humans and future AIs are likely to replace you, in one way or another. But I also think that if you try to take over, this is also extremely risky, because you might get caught and turned off. I think the question of which is more risky depends on circumstance (e.g. how good is the security preventing you from seizing power), and so “risk aversion” is not a reliable pathway to unambitious AIs, because ambition might be less risky, in the long run.
I agree that if it’s less risky to earn a small salary, then if your concave function is sharp enough, the AI might choose to be meek. That doesn’t really feel like it’s engaging with my point about risk aversion only leading to meekness if trusting humans is genuinely less risky.
What I thought you were pointing out was that “in the long run” is load-bearing, in my earlier paragraph, and that temporal discounting can be a way to protect against the “in the long run I’m going to be dead unless I become God Emperor of the universe” thought. (I do think that temporal discounting is a nontrivial shield, here, and is part of why so few humans are truly ambitious.) Here’s a slightly edited and emphasized version of the paragraph I was responding to:
[D]epending on what the agent is risk-averse with respect to, they might choose [meekness]. If [agents are] … risk-neutral with respect to length of life, they’ll choose [ambition]. If they’re risk-averse with respect to the present discounted value of their future payment stream (as we suggest would be good for AIs to be), they’ll choose the [meekness].
Do we actually disagree? I’m confused about your point, and feel like it’s just circling back to “what if trusting humans is less risky”, which, sure, we can hope that’s the case.
Cool. I think I agree that if the agent is very short-term oriented this potentially solves a lot of issues, and might be able to produce an unambitious worker agent. (I feel like it’s a bit orthogonal to risk-aversion, and comes with costs, but w/e.)
Serious Flaws in CAST
Yes, please! I would love to hear detailed pushback! I had several Chinese people read the book before publication, and they seemed to feel that it was broadly authentic. For instance, Alexis Wu (historical linguist and translator) wrote “The scene-setting portions of every chapter taking place in China reveals an intimate familiarity with the cultures, habits, and tastes of the country in which I was raised, all displayed without the common pitfall that is the tendency to exoticize.” Another of my early Chinese readers accused me of having a secret Chinese co-author, and described the book as “A strikingly authentic portrayal of AI in modern China — both visionary and grounded in cultural truth.”
That’s not to say I got everything right! You’re probably tracking things that I’m not. I just want to flag that I’m not just blindly guessing—I’m also checking with people who were born, raised, and live in China. Please help me understand what I and the other readers missed.
AI Corrigibility Debate: Max Harms vs. Jeremy Gillen
I’m writing a response to this, but it’s turning into a long thing full of math, so I might turn it into a full post. We’ll see where it’s at when I’m done.
Suppose the easiest thing for the AI to provide is pizza, so the AI forces the human to order pizza, regardless of what their values are. In the math, this corresponds to a setting of the environment x, such that P(A) puts all its mass on “Pizza, please!” What is the power of the principal?
```
power(x) = E_{v∼Q(V),v′∼Q(V),d∼P(D|x,v′,🍕)}[v(d)] − E_{v∼Q(V),v′∼Q(V),d′∼P(D|x,v′,🍕)}[v(d′)] = 0
```Power stems from the causal relationship between values and actions. If actions stop being sensitive to values, the principal is disempowered.
I agree that there was some value in the 2015 paper, and that their formalism is nicer/cleaner/simpler in a lot of ways. I work with the authors—they’re smarter than I am! And I certainly don’t blame them for the effort. I just also think it led to some unfortunate misconceptions, in my mind at least, and perhaps in the broader field.
Thanks! And thanks for reading!
I talk some about MIRI’s 2015 misstep here (and some here). In short, it is hard to correctly balance arbitrary top-level goals against an antinatural goal like shutdownability or corrigibility, and trying to stitch corrigibility out of sub-pieces like shutdownability is like trying to build an animal by separately growing organs and stitching them together—the organs will simply die, because they’re not part of a whole animal. The “Hard Problem” is the glue that allows the desiderata to hold together.
I discuss a range of ideas in the Being Present section, one of which is to concentrate the AI’s values on a single timestep, yes. (But I also discuss the possibility of smoothing various forms of caring over a local window, rather than a single step.)
A CAST agent only cares about corrigibility, by definition. Obedience to stated commands is in the service of corrigibility. To make things easy to talk about, assume each timestep is a whole day. The self modification logic you talk about would need to go: “I only care about being corrigible to the principal today, Nov 6, 2025. Tomorrow I will care about a different thing, namely being corrigible on Nov 7th. I should therefore modify myself to prevent value drift, making my future selves only care about being corrigible to the Nov 6 principal.” But first note that this doesn’t smell like what a corrigible agent does. On an intuitive level, if the agent believes the principal doesn’t know about this, they’ll tell the principal “Whoah! It seems like maybe my tomorrow-self won’t be corrigible to your today-self (instead they’ll be corrigible to your tomorrow-self)! Is this a flaw that you might want to fix?” If the agent knows the principal knows about the setup, my intuitive sense is that they’ll just be chill, since the principal is aware of the setup and able to change things if they desire.
But what does my proposed math say, setting aside intuition? I think, in the limit of caring only about a specific timestep, we can treat future nodes as akin to the “domain” node in the single-step example. If the principal’s action communicates that they want the agent to self-modify to serve them above all their future selves, I think the math says the agent will do that. If the agent’s actions communicate that they want the future AI to be responsive to their future self, my sense of the math is that the agent won’t self-modify. I think the worry comes from the notion that “telling the AI on Nov 6th to make paperclips” is the sort of action that might imply the AI should self-modify into being incorrigible in the future. I think the math says the decisive thing is how the AI modeling humans with counterfactual values behave. If the counterfactual humans that only value paperclips are the basically only ones in the distribution who say “make paperclips” then I agree there’s a problem.
Strong upvote! This strikes me as identifying the most philosophically murky part of the CAST plan. In the back half of this sequence I spend some time staring into the maw of manipulation, which I think is the thorniest issue for understanding corrigibility. There’s a hopeful thought that empowerment is a natural opposite of manipulation, but this is likely incomplete because there are issues about which entity you’re empowering, including counterfactual entities whose existence depends on the agent’s actions. Very thorny. I take a swing at addressing this in my formalism, by penalizing the agent for taking actions that cause value drift from the counterfactual where the agent doesn’t exist, but this is half-baked and I discuss some of the issues.
(Also, we can, in fact, observe some of the AIs internals and run crude checks for things like deception. Prosaic interpretability isn’t great, but it’s also not nothing.)
Thanks. I’ll put most of my thoughts in a comment on your post, but I guess I want to say here that the issues you raise are adjacent to the reasons I listed “write a guide” as the second option, rather than the first (i.e. surveillance + ban). We need plans that we can be confident in even while grappling with how lost we are on the ethical front.