Effective Altruism Forum
EA Forum

Hide table of contents
by Nicholas / Heather Kross
10 min read 0

6

AI safetyAI interpretability
Frontpage
This is a linkpost for https://www.thinkingmuchbetter.com/nickai/fieldbuilding/when-interp-dangerous.html

This essay was partly based on discussions with "woog" on Discord. Further thanks to the gears to ascension, for inspiring this post with an offhand comment. This is also an entry for the Open Philanthropy AI Worldviews Contest.

Many new researchers are going into AI alignment. For a variety of reasons, they may choose to work for organizations such as Anthropic or OpenAI. Chances are good that a new researcher will be interested in "interpretability".

A creeping concern for many: "Is my research going to cause AGI ruin? Am I making the most powerful AI systems more powerful, even though I'm trying to make them safer?" Maybe they've even heard someone say that "mechanistic interpretability is capabilities research". This essay dissects the specific case of interpretability research, to figure out when it does more harm than good.

What is Interpretability?

How do neural networks "think"? When you input some tokens into ChatGPT, how exactly does it decide what the best next-token is? What attributes of human language does it keep track of, and how does it do so? Interpretability is the sub-area of AI research that tackles these sorts of question.

Interpretability can be likened to investigating human psychology from a "bottom-up" approach of observing neurons, cortex structures, neurotransmitters, and similar low-level entities. This focus on the mechanics of a mind's "substrate" (whether in biological neurons or in artificial neural networks) has obvious strengths, yet subtler weaknesses we'll explore later.

One example of interpretability work is the recent "neurons" work by OpenAI. In their paper, "Language models can explain neurons in language models", they tell GPT-4 to write explanations of the individual neurons within the smaller GPT-2 model. The idea is to gain human-readable understanding of what a large language model (LLM) is thinking by seeing which neurons correspond to which output-components. So one neuron's activation-state may correspond to the presence of fractions, while another codes for times of day.

We also have research such as "Progress measures for grokking via mechanistic interpretability". In this paper, the authors first train a neural network to perform a math operation (whose answer is easily checkable). Then, they analyze the resulting network's structure to reverse-engineer the algorithm it "learned" to use. While human mathematicians and engineers have developed their own ways to solve the math problem (addition modulo a prime number), the neural network eventually hit on its own nonstandard method for doing so.

When is This Dangerous?

I posit that interpretability work is "dangerous" when it enhances the overall capabilities of an AI system, without making that system more aligned with human goals. This tracks well with the increasingly-popular notion of "speeding up capabilities research VS speeding up alignment research". We prefer when our work counterfactually increases AI alignment, while not otherwise speeding up the development of AGI capabilities.

The key fact about interpretability research, which determines its safety/usefulness under the above criteria, is whether it enhances human control over an AI system. This suggests a few concrete rules-of-thumb, which a researcher can apply to their interpretability project P:

  • If P gives us a higher-resolution picture of an AI's thought patterns, without giving us a way to reliably change them, then P is dangerous interpretability research.

  • If P is used to make a relied-on AI system less-powerful or less-general, yet safer for humans to use, then P is less dangerous.

  • If P makes it easier/more efficient to train powerful AI models, then P is dangerous. (This would be similar to making every GPU on Earth 10x as energy-efficient or 10x as fast at its computations: clearly speeding up the development of dangerous capabilities.)

  • If P is used in conjunction with, or as, a "steering" mechanism to control an AI's behavior, then P is less dangerous.

The Sealed Interpretability Lab

One thought experiment can show us the potential dangers of interpretability research in greater detail. This is based on a question I was asked by "woog" on Discord.

Imagine a lab whose output is sealed off from the rest of the world. Its researchers can look at other public research, but they can't release anything learned at the lab. This lab's sole focus is AI interpretability, revealing ML systems' "thoughts" to human observers.

The guiding question: If somebody works at this lab, are they speeding up capabilities research?

One detail that helps answer this question, is what kinds of AI systems the lab is working with.

  • If the lab can only work with existing ML models, such as ChatGPT, then we presume it cannot train its own models. This reduces the computing-power requirements of the lab, which already makes it unlikely to advance capabilities through "just scaling it up". However, its actions create knowledge that in general would speed up capabilities development, either internally or when sharing research with trusted partners.

  • If the lab can create its own ML models, especially of a size comparable to the state-of-the-art LLMs, then it's likely to advance capabilities research.

What happened here? If the interpretability-only lab can build large models, it can cause doom... but the same holds for merely working with existing large models? How can that be?

If the "rules of thumb" noted above apply to most interpretability research, then interpretability research can easily end up making it easier to develop AI capabilities. This could make weaker models stronger, and strong models even more strong. So to make things truly safe, the interpretability-only lab can't work with the newest models... the ones being used in real life, and which are the most likely to be dangerous and deceptive. Toy-model research could be useless (since it's "easy to interpret" at a glance), large-model research could increase the dangerous capabilities of existing AI systems, and cutting-edge-model research itself speeds up capabilities progress.

(As usual, the more powerful an AI system gets, the harder it is to align properly. Interpretability, without the steering mechanisms that are likely the core of AI alignment, doesn't help this.)

It gets even worse from here: If the interpretability lab, as stated, never releases research, then it can't provide useful interpretability techniques to the top capabilities-increasing labs. On the other hand, if those labs are doing things besides alignment (which they currently are), they are likely to use the interpretability techniques to use their models more efficiently:

  • If the interpretability work reveals problems with an ML model's thought patterns, we may or may not have easy ways to correct those thought patterns directly, rather than the outputs. If we do find ways to correct an AI's thought patterns, that would be progress on alignment (see "Just Retarget The Search" below). This could be verified (but not necessarily aided) by interpretability.

  • If the interpretability work only reveals surface-level problems, it can leave a model's deeper malignant thought patterns untouched, while increasing the confidence placed in it by human operators. John Wentworth pointed out something sort-of-similar for the technique of Reinforcement Learning from Human Feedback (RLHF); the shallow easy-to-fix problems get fixed faster, while the deeper problems are hidden from view.

Basically, interpretability research can get more capabilities out of current state-of-the-art (SOTA) models, and can guide the capabilities-training of future models.

Another detail: How "sealed" is this interpretability lab?

  • If the lab never releases any of its interpretability research to anybody, then no other AI developers can benefit from alignment-enhancing interpretability work.

  • If the lab only releases its interpretability work to a few trusted top-level AI labs, those labs are likely to use the work to increase the capabilities of their models, without improving the "steer-ability" (see below) of them. As elaborated before, this can happen despite the intentions of the top-level labs.

  • If the lab publicly releases its interpretability results for all to see, then all the above problems can spread to every other lab.

We end up with a "damned if you do, damned if you don't" decision-tree. Each leaf can speed up capabilities through sharing, speed up capabilities through independent model-building, or waste the resources of alignment donors.

  • Any interpretability-only research, can enhance the capabilities of existing models.

  • Interpretability research, when mixed with capabilities research, advances capabilities overall.

  • Progress on interpretability can easily be repurposed to use unaligned models more efficiently. This can be thought of as "increasing capabilities".

  • With no progress on interpretability, the interpretability-only lab has no purpose.

Now, given how detail-contingent many of these scenarios are, it's plausible that an organization could fix or avoid all of them. However, unless more of the top capabilities labs have info/exfohazard policies I'm not aware of, there's little evidence that these groups are optimizing against the breadth of failure modes described here.

What Would the World Look Like, Otherwise?

To get a better sense of whether interpretability work is dangerous, we can imagine conditions that would be true if they weren't dangerous. That is, in a world where interpretability work was accelerating alignment faster than capabilities (or was accelerating neither), what would we expect to see?

  • There should be multiple competing schools of thought, giving different answers to "how do neural networks think?". When new interpretability research is released by a top lab, the results are held up as evidence for/against such answers.

  • As interpretability research progresses, its techniques are adopted for use in the largest/most-important ML models. If OpenAI comes up with an interpretability method, that quickly gets used to make ChatGPT and Bing AI safer for users, even if it makes them less generally-capable.

  • Interpretability tactics slow down, or don't impact the speed of, new advances in capabilities.

Do we actually see these things in real life?

  • While there are different research agendas for AI alignment, and multiple schools of thought for "how a mind works", they don't seem to be impacted much by new interpretability research.

  • Some interpretability techniques are used in ML training. However, I am not aware of any time when information uncovered by an interpretability tool has led to a change-of-course or a deeper-alignment solution in a mainstream model.

  • Capabilities continues to advance quickly, despite the growing work in interpretability. Either state-of-the-art models aren't built using new interpretability techniques, or they are (yet keep making mistakes and being hard-to-control), or they're helping in a way that's hard for outsiders to observe and verify. This is more of a point for "little/no impact", which isn't so bad.

Overall, it looks like interpretability work is often ignored or not-very-useful in practice. This is a far cry from it being fully-dangerous, at least at present. Maybe it is helping alignment, but work on it is slow. (Interpretability has been around since at least 2018, but that may not be enough time for its work to bear fruit.)

When Interpretability is Still Important

I generally break down the problem of AI alignment into two subproblems:

  1. Steering cognition: Can we control the thought and behavior patterns of a powerful mind at all? This is the question behind the rocket alignment problem analogy. Currently, we have large, inscrutable neural networks that output increasingly-smart answers to given questions. We can't easily or reliably guide a neural network to avoid unwanted behaviors or thought patterns.

  2. Deciding/implanting values: Even if we can steer a powerful AI system to think and behave in safe/friendly ways, how do we then point it towards the best values for the future? This vein of research includes the concept of Coherent Extrapolated Volition, the value-loading part of the QACI alignment setup, and (in my view) the idea of moral uncertainty. If the Qualia Research Institute focused consistently on their mission to understand "what makes a being sentient at all?" and "what experiences will be positive or negative for sentient beings", their work would generally be on the values-side as well.

It seems that interpretability work would be, not only helpful, but essential for the "steering cognition" subproblem. After all, if you cannot discern a boat's location, you would be hard-pressed to get "better" at steering it. The same is true for the internal mechanisms of artificial minds. If we can't tell what an AI system is "thinking", how do we know if we're really "in control"?

However, you'll note that interpretability on its own does not solve either of the two difficult subproblems listed. If you're stuck in a self-driving car that's going to ram into a wall, having a more-accurate prediction of the impact-angle is not going to stop or steer the car out of harm's way.

Nevertheless, "knowing when we're steering" could still be centrally-important for "solving steering".

Wentworth's "Just Retarget The Search" essay shows us a potential instantiation of this idea. Imagine a day when interpretability tools are good enough to identify higher-level "modules" for general reasoning, search, and goal-directedness in AI systems. If these higher-level modules can be picked out, their data can then be rewritten so "target" what human want. This mostly or entirely solves the "steering cognition" subproblem. Under certain assumptions, such as the "natural abstraction hypothesis" being true (i.e. the aforementioned "modules" existing), this use of alignment would be quite safe and alignment-oriented. But this exception itself demonstrates why interpretability is not enough; some theoretical backing is likely still needed, so we can tell if we're "binding" the AI's behavior in full, or just one part of its cognition. Even if interpretability is essential, that does not preclude it from being dangerous in the ways described earlier.

The Implications for P(doom)

If AGI is developed by 2070, will it become uncontrollable by humans, in a way that causes an existential catastrophe?

On its face, interpretability work is supposed to lower the odds of that occurring. As noted above, interpretability work can help us confirm the viability of alignment solutions for steering cognition. But it doesn't really give us those steering solutions, and it's unlikely to do so before a dangerous AGI system is developed.

Reasonably, most interpretability work is at risk of increasing humanity's P(doom). In particular, the following criteria modulate the resulting risk-change:

  • If interpretability research isn't tightly coupled to cognition-steering research, it could increase P(doom).

  • If interpretability research is released to the public and/or top capabilities labs, it could increase P(doom).

  • If interpretability research is either too low-level to help humans steer cognition (due to remaining inscrutability), or too surface-level/outputs-based to detect deeper misalignment with human objectives, it wouldn't decrease P(doom).

  • If interpretability research continues to get more resources and researcher-manpower (or be a more-parallelizable use of those resources) than more-direct alignment research paths, it could increase P(doom) by competing with those paths.

In closing, if alignment-conscious researchers continue going into the interpretability subfield, the probability of AGI ruin will tend to increase.

Further Reading

6

0
0

Reactions

0
0

More posts like this

Comments


No comments on this post yet.
Be the first to respond.
More from Nicholas / Heather Kross
View more
Curated and popular this week
LintzA
 ·  · 15m read
 · 
Cross-posted to Lesswrong Introduction Several developments over the past few months should cause you to re-evaluate what you are doing. These include: 1. Updates toward short timelines 2. The Trump presidency 3. The o1 (inference-time compute scaling) paradigm 4. Deepseek 5. Stargate/AI datacenter spending 6. Increased internal deployment 7. Absence of AI x-risk/safety considerations in mainstream AI discourse Taken together, these are enough to render many existing AI governance strategies obsolete (and probably some technical safety strategies too). There's a good chance we're entering crunch time and that should absolutely affect your theory of change and what you plan to work on. In this piece I try to give a quick summary of these developments and think through the broader implications these have for AI safety. At the end of the piece I give some quick initial thoughts on how these developments affect what safety-concerned folks should be prioritizing. These are early days and I expect many of my takes will shift, look forward to discussing in the comments!  Implications of recent developments Updates toward short timelines There’s general agreement that timelines are likely to be far shorter than most expected. Both Sam Altman and Dario Amodei have recently said they expect AGI within the next 3 years. Anecdotally, nearly everyone I know or have heard of who was expecting longer timelines has updated significantly toward short timelines (<5 years). E.g. Ajeya’s median estimate is that 99% of fully-remote jobs will be automatable in roughly 6-8 years, 5+ years earlier than her 2023 estimate. On a quick look, prediction markets seem to have shifted to short timelines (e.g. Metaculus[1] & Manifold appear to have roughly 2030 median timelines to AGI, though haven’t moved dramatically in recent months). We’ve consistently seen performance on benchmarks far exceed what most predicted. Most recently, Epoch was surprised to see OpenAI’s o3 model achi
Dr Kassim
 ·  · 4m read
 · 
Hey everyone, I’ve been going through the EA Introductory Program, and I have to admit some of these ideas make sense, but others leave me with more questions than answers. I’m trying to wrap my head around certain core EA principles, and the more I think about them, the more I wonder: Am I misunderstanding, or are there blind spots in EA’s approach? I’d really love to hear what others think. Maybe you can help me clarify some of my doubts. Or maybe you share the same reservations? Let’s talk. Cause Prioritization. Does It Ignore Political and Social Reality? EA focuses on doing the most good per dollar, which makes sense in theory. But does it hold up when you apply it to real world contexts especially in countries like Uganda? Take malaria prevention. It’s a top EA cause because it’s highly cost effective $5,000 can save a life through bed nets (GiveWell, 2023). But what happens when government corruption or instability disrupts these programs? The Global Fund scandal in Uganda saw $1.6 million in malaria aid mismanaged (Global Fund Audit Report, 2016). If money isn’t reaching the people it’s meant to help, is it really the best use of resources? And what about leadership changes? Policies shift unpredictably here. A national animal welfare initiative I supported lost momentum when political priorities changed. How does EA factor in these uncertainties when prioritizing causes? It feels like EA assumes a stable world where money always achieves the intended impact. But what if that’s not the world we live in? Long termism. A Luxury When the Present Is in Crisis? I get why long termists argue that future people matter. But should we really prioritize them over people suffering today? Long termism tells us that existential risks like AI could wipe out trillions of future lives. But in Uganda, we’re losing lives now—1,500+ die from rabies annually (WHO, 2021), and 41% of children suffer from stunting due to malnutrition (UNICEF, 2022). These are preventable d
Rory Fenton
 ·  · 6m read
 · 
Cross-posted from my blog. Contrary to my carefully crafted brand as a weak nerd, I go to a local CrossFit gym a few times a week. Every year, the gym raises funds for a scholarship for teens from lower-income families to attend their summer camp program. I don’t know how many Crossfit-interested low-income teens there are in my small town, but I’ll guess there are perhaps 2 of them who would benefit from the scholarship. After all, CrossFit is pretty niche, and the town is small. Helping youngsters get swole in the Pacific Northwest is not exactly as cost-effective as preventing malaria in Malawi. But I notice I feel drawn to supporting the scholarship anyway. Every time it pops in my head I think, “My money could fully solve this problem”. The camp only costs a few hundred dollars per kid and if there are just 2 kids who need support, I could give $500 and there would no longer be teenagers in my town who want to go to a CrossFit summer camp but can’t. Thanks to me, the hero, this problem would be entirely solved. 100%. That is not how most nonprofit work feels to me. You are only ever making small dents in important problems I want to work on big problems. Global poverty. Malaria. Everyone not suddenly dying. But if I’m honest, what I really want is to solve those problems. Me, personally, solve them. This is a continued source of frustration and sadness because I absolutely cannot solve those problems. Consider what else my $500 CrossFit scholarship might do: * I want to save lives, and USAID suddenly stops giving $7 billion a year to PEPFAR. So I give $500 to the Rapid Response Fund. My donation solves 0.000001% of the problem and I feel like I have failed. * I want to solve climate change, and getting to net zero will require stopping or removing emissions of 1,500 billion tons of carbon dioxide. I give $500 to a policy nonprofit that reduces emissions, in expectation, by 50 tons. My donation solves 0.000000003% of the problem and I feel like I have f
Recent opportunities in AI safety
2
Last week to apply for the Futurekind AI Fellowship! (deadline: April 1)
Jay Luong
· · 1m read
0
0
3
Apply to become a Futurekind AI Facilitator or Mentor (deadline: April 10)
Jay Luong
· · 2m read
0
0
35
Apply to MATS 8.0!
Ryan Kidd
·
0
0
View more