Sharing a new paper by some collaborators and myself. We show that it is possible to covertly jailbreak models by leveraging finetuning access. We call this Covert Malicious Finetuning (CMFT). If this vulnerability exists in future more powerful models, then safe deployment of.

Some more thoughts on this paper here:

Join millions who have switched to Grok.

RT @OwainEvans_UK: New paper, surprising result:.We finetune an LLM on just (x,y) pairs from an unknown function f. Remarkably, the LLM can….

Some additional links. Paper: Website: Blog:

To end, I’d like to share a ballad about our work composed by Suno. Thank you for reading (and listening)!. Link to Suno song:

Finally, I am also quite excited about online / stateful defenses (. In many situations, an attacker must repeatedly interact with a target system in order to learn to exploit it. The idea of an online defense is to use these interactions as training data.

Another approach is to increase the amount of juice we can squeeze from every counterexample we do find. Here I am particularly excited about approaches like circuit-breaking (qt’d), which trains models to more deeply avoid behaviors compared to simply minimizing completion.

One approach is to relax the need for real examples of failures, which may be computationally expensive to find. Instead, one could find examples of failures that are unrealistic but nonetheless give useful signal when trained against. This idea is known as relaxed adversarial.

Roughly 18 months ago, my collaborators and I discovered that supposedly superhuman Go AIs can be defeated by humans using a simple adversarial strategy. In the time since, we've been testing a few baseline techniques for defending against this exploit. Unfortunately, in our new.

RT @bshlgrs: ARC-AGI’s been hyped over the last week as a benchmark that LLMs can’t solve. This claim triggered my dear coworker Ryan Green….

RT @visakanv: The point isn’t to achieve the million views on YouTube . That’s truly just the exhaust coming out of the creative process. T….

@robbensinger I filled it out using @TetraspaceWest's really nice web version of the form:

Finally got around to filling out @robbensinger's AI x-risk chart!

Very cool newsletter. Was pleasantly surprised that there seem to be people in China in positions of power that take AI safety seriously.

I will be at ICML from 7/24 to 8/2, presenting on this work, learning new things, and just enjoying Hawaii. Hit me up if you wanna chat or hang out~.

RT @GreatTA1998: What people sometimes forget is, "reality checks" aren't scarce, but support and encouragement is.

A refreshingly novel theory of neural scaling laws just dropped. Fun read. (also seems plausible).

RT @ARGleave: Even SOTA ML systems are vulnerable to adversarial attack. How can we ensure AI systems are safe and beneficial when the syst….

RT @moreisdifferent: 1/ Trying to signal boost w a short 🧵. Amateur Go player Kellin Pelrine can consistently beat "KataGo", an AI system t….

RT @benlandautaylor: 9/ Just because someone is describing a real problem doesn't mean their solutions are any good. Today most movements w….