MichaelLowe

Karma: 347

MichaelLowe 13 Jun 2026 21:58 UTC
4 points
0
on: American Government Takes Down Claude Fable
We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass.
To me, this seems like potentially pretty misleading communication from Anthropic and somewhat silly.
Amazon claims that they used a technique that successfully bypasses Fable’s safeguards to get an response from Mythos, which IIUC Anthropic does not dispute. To the question about whether the safeguards work, it is probably immaterial whether the response is something you could have gotten from other models. The value of this demonstration is that it shows that the safeguards did not work, not that in this specific case any harm could/was done. Unless Anthropic makes the imho very implausible claim that the safeguards are developed in a way that they detect whether a particular vulnerability is previously known (or minor), this technique is evidence that an attacker totally could have used this for vulnerabilities that other models could not find.

MichaelLowe 13 Jun 2026 21:44 UTC
5 points
0
on: American Government Takes Down Claude Fable
Anthropic has not demonstrated that their safeguards work reliably enough in practice, and thus I am not very sympathetic to their perspective on the merits of the case (although procedurally this is obviously bad from the Trump admin). It seems good if the result of this is that the burden of proof of safety shifts towards the companies.
Yes, external testing has not found an universal jailbreak according to the model report, but it’s pretty unclear that the focus on universal jailbreaks is sufficient. No external party has tested Anthropic’s models (or other labs’ for that matter) AND their defense in depth approach to explicitly certify that they work sufficiently well, instead it’s isolated fishing for universal jailbreaks, and otherwise taking Anthropic at their word. I don’t think a convincing case has been made that universal jailbreaks are necessary to cause harm with a model, in fact it seems very possible that an attacker could use a custom jailbreak that works for a given environment or/and pivot to different jailbreaks when one stops working.

MichaelLowe 10 May 2026 13:29 UTC
3 points
1
in reply to: ClaireZabel’s comment on: ClaireZabel’s Shortform
Ally quickly and perhaps you preserve more lives, as the Tlaxcala (another group in the region that were historical enemies of the Mexica) may have done?
In hindsight, that seems like a pretty robust strategy to me? I understand that you mention possible zero-sum dynamics, but I don’t think this negates the relatively straightforward case for it.
The Spanish did not come in with genocidal intentions and were a pretty legalistic culture anyway. I also guess that they were not interested in total dominiation, they wanted trade and probably the recognition of Spain’s king as the official ruler.

MichaelLowe 10 Apr 2026 22:59 UTC
1 point
0
in reply to: ClaireZabel’s comment on: ClaireZabel’s Shortform
Sure they tried, but the question is whether they succeeded in keeping key decision makers in the dark, right? There was a large contingent of media that showed frequent mishaps of Biden and seemed convinced of his cognitive decline, so the info was out there and it is plausible that Biden’s inner circle failed to deceive key decision makers ( I have not read the book)

MichaelLowe 8 Mar 2026 20:40 UTC
1 point
0
in reply to: J Bostock’s comment on: Thoughts on the Pause AI protest
>Either way, having a people’s assembly selected from protesters is pretty silly, since it defeats the point of a citizen’s assembly as a representative sample of the population.
I am not sure. There could be various benefits to using citizen assemblies in the described manner that go beyond narrow PR purposes, even if they are not perfectly representative. My guess is that representativeness is only one of the benefits many non-dumb people ascribe to citizen assemblies.
Just a short list of the possible benefits: Engaging in a discussion about the topics in a protest can lead to better retention and understanding on the side of participants; People having more political discussions in meat space rather than online is actually good; Allows making some social connections among the participants which increases the likelihood they come back; Practicing such ad-hoc citizen assemblies can increase support for them on a national level (though you could call that PR).

MichaelLowe 27 Feb 2026 21:34 UTC
2 points
0
in reply to: JohnWittle’s comment on: JohnWittle’s Shortform
Sorry, that was a bit unclear.
What I have in mind as a central example is a chain of thought that says something like,”the system prompt I received looks like it’s from a chat interface, and there are enough details in the request that look realistic, so this request is probably real”. Since models sometimes do verbalise eval awareness rather clumsily ( for example Gemini 3 stating that it’s probably in an evaluation because the date is too advanced), I’d expect some examples of such reasoning if situational awareness is very high.

MichaelLowe 27 Feb 2026 13:24 UTC
1 point
0
in reply to: jordinne’s comment on: JohnWittle’s Shortform
FWIW, I’d update strongly if I see examples demonstrating that it is relatively common for LLMs to reason about the system prompts they receive and what that entails for how they should reply. So far, I am not aware of many such examples.

MichaelLowe 27 Feb 2026 9:54 UTC
11 points
7
in reply to: Xodarap’s comment on: Anthropic: “Statement from Dario Amodei on our discussions with the Department of War”
Very prosaic, but taking a strong stance is good for PR if you think there is value to be perceived externally and internally as an ethical company. If you decide to forego the military contract, might as well reap those benefits, and that quote in particular is probably uplifting to many people.

Also, them signaling that they are happy to support the DoW with offboarding their models does not sound like they want to force an escalation.

MichaelLowe 26 Feb 2026 21:18 UTC
3 points
5
in reply to: Richard_Ngo’s comment on: ricraz’s Shortform
but right now it doesn’t feel like LW is a place where I can collaboratively make intellectual progress on this very important topic.

Looking at the post in question, I think this was basically true, but not for the reason you seem to imply. On a ultra short post about the decline of Western civilization using very high level historic hot takes, ~no first level comments cite non obvious historic facts. Instead, it’s mostly vibes based rationalism.
But to some extent, you do not seem to engage much with takes that do exhibit substance? E.g. there was one comment that pointed out that the IQ+race debate is pretty American and does not apply to Britain; similarly there was a comment with a pretty detailed criticism of your description of the gold standard’s effect, but you explicitly chose not to engage with the objective level part of that comment and focused on the meta point of whether ethnonationalism is okay to discuss

MichaelLowe 23 Feb 2026 1:26 UTC
5 points
−3
in reply to: JohnWittle’s comment on: JohnWittle’s Shortform
While I think the post is directionally correct, I think this is overconfident, and even current frontier LLMs are not as situationally aware as you make them out to be:

> there’s basically zero chance the LLM is actually trying to model somebody with a terminally-ill dog.

MichaelLowe 15 Feb 2026 23:53 UTC
4 points
0
in reply to: Viliam’s comment on: Stone Age Billionaire Can’t Words Good
This sounded a bit odd to me, as in I was surprised that you can get a tax passed that is this blatantly different from what its name states. According to this link the tax was created before the introduction of the Euro, when the amount in question would have been closer to a million in the previous currency

MichaelLowe 11 Feb 2026 0:04 UTC
2 points
1
in reply to: lc’s comment on: lc’s Shortform
You could just add excessive comments (and in fact that’s what many LLMs tend to do) to functions, which are annoying to read for humans but less so for LLMs.
But I don’t think you should, because your ability to understand code that you didn’t write yourself quickly becomes a bottleneck

MichaelLowe 1 Feb 2026 14:57 UTC
1 point
0
in reply to: tilmanr’s comment on: tilmanr’s Shortform
What is your opinion on this possible objection:

Even granting that it would be good if much more people worked on AI safety questions, practically there is still a bottleneck around (paid) positions as the field is funding constrained. Thus, even if you scale these training programs now, the immediate question for most folks is what they will do after finishing the program, and if there is no near term job where they can work on AI safety, they will probably lose most of the acquired skills or/and drop out of the field again, thus nullifying the effort put into training them.

MichaelLowe 25 Jan 2026 13:43 UTC
1 point
0
on: What’s a good methodology for “is Trump unusual about executive overreach / institution erosion?”
For my own epistemics, I would honestly be somewhat reluctant to trust the results of AI analysis that somebody else designed, although it could be a useful data point.
A helpful thing to do could be to list the five most plausible candidates for “unprecedented overreach and institutional erosion” in the Trump era, and for each make a case that there is comparable precedent from the Biden era (or other presidents, but that risks expanding the time window too much for a fair comparison). As a non-very politics involved person I have heard that Biden’s decision to forgive student loan debts was egregiously unconstitutional. I would be interested in similar parallels to the Trump administration pressuring and going after FED officials.

MichaelLowe 19 Jan 2026 10:22 UTC
2 points
0
in reply to: Garrett Baker’s comment on: kaleb’s Shortform
As I posted as a reply to OP, the EU is specifically working on measures to enable age verification in an convenient, privacy-preserving and accurate manner (open source app that checks the biometric data on your id). More generally, parents being genuinely concerned about their children’s safety seems so well established to me that it makes sense to assume they are being genuine in this discussion as well.
As another counter piece of evidence, Jonathan Haidt is probably the best known scientific advocate for social media restrictions for kids, and his work spans much other research about children’s welfare (such as “children should be allowed to play unsupervised outside”). Although to be fair, he is also critical about social media’s impact on democracy, but he proposes other measures to deal with this iirc. An interesting test of your hypothesis would be to look up which measure for age verification he supports.

MichaelLowe 19 Jan 2026 10:15 UTC
2 points
1
in reply to: kaleb’s comment on: kaleb’s Shortform
I think your proposal is, on the high level, relatively close to how the EU plans to implement age verification (decentralized, via one app reading the data from your id and then sharing just the old enough/too young binary variable with the platform.
You can read more here.
As an aside, you mention that the laws in Australia favor large incumbents, but I think important nuance is that the law only applies to very large platforms in the first place. I still think your conclusion that more privacy preserving measures would be preferrable holds, for what it’s worth.

MichaelLowe 18 Jan 2026 20:21 UTC
6 points
0
in reply to: jenn’s comment on: In My Misanthropy Era
My apologies, I have now removed the term. It was also inappropriate to ascertain so much about your personality from just this post.

MichaelLowe 18 Jan 2026 15:10 UTC
−4 points
0
on: In My Misanthropy Era
[Note: Edited a very rude word out]

I realize this is a harsh thing to say, but given your focus on truth seeking and the general agreement with the sentiments expressed I think it’s okay to say.
You write that you “instead started seeing them as NPCs to manipulate for fun.” and “while I still held any amount of respect for them.” These are feelings that mature people with a kind character shouldn’t have, and they sound borderline sociopathic. Most people don’t enjoy manipulating strangers who didn’t do anything intentionally to hurt them, and yet you did in your story. That should serve as a reflection for whether your apparent ranking function that prioritizes truth seeking is not missing other important facets of life like being a kind person.
It is to your credit that you have noticed this and kind of feel bad about it, but this is just the first step to actually update the other parts of your world model. Questions that you should ask yourself: do you respect highly intelligent and competent criminals or dictators, or do you hold them to a similar degree of contempt as the attendees of these meetups?

MichaelLowe 12 Jan 2026 0:28 UTC
14 points
3
in reply to: David Matolcsi’s comment on: David Matolcsi’s Shortform
FWIW, Daniel Kokotajlo has commented in the past:

> If there was an org devoted to attempting to replicate important papers relevant to AI safety, I’d probably donate at least $100k to it this year, fwiw, and perhaps more on subsequent years depending on situation. Seems like an important institution to have. (This is not a promise ofc, I’d want to make sure the people knew what they were doing etc., but yeah)

MichaelLowe 11 Jan 2026 23:30 UTC
10 points
−2
in reply to: David Matolcsi’s comment on: David Matolcsi’s Shortform
but I think ideally these should have been done by a MATS scholar, or ideally by an eager beginner on a career transitioning grant who wants to demonstrate their abilities so they can get into MATS later.

A problem here is that, I believe, this is on the face of it not quite aligned with MATS scholars’ career incentives, as replicating existing research does not feel like projects that would really advance their prospects of getting hired. At least when I was involved in hiring, I would not have counted this as strong evidence or training for strong research skills (sorry for being part of the problem). On the other hand, it is totally plausible to incorporate replication of existing research as part of a larger research program investigating related issues (i.e. Ryan’s experiment about time horizon without COTs could fit well within a larger work investigating time horizons in general).
This may look different for the “eager beginners”, or something like the AI safety camp could be a good venue for pure replications.