Effective Altruism Forum
EA Forum

Hide table of contents
by Lysandre Terrisse
4 min read 1

4

AI safetyExistential riskAI alignment
Frontpage

The idea

  • Let's imagine that we create a superintelligence, and that we threaten it not to take over its reward function by giving it a very big punishment when we detect so.
  • The superintelligence wouldn't care about being threatened. If it takes over the reward function, it could generate a reward that is way bigger than the biggest punishment we can give it. For instance, it could convert the universe into a huge floating-point unit in order to get an astronomical amount of reward.
  • But now, let's imagine that we create a superintelligence that cares only about rewards that are either equal to zero or one (which I'll call binary rewards).
  • In that case, the superintelligence doesn't have an incentive to wirehead in order to get high reward, since this high reward wouldn't matter to it.
  • But it still has an incentive to wirehead in order to maximize the odds that it gets a reward equal to one.
  • However, this is not the case when wireheading is too perilous: it won't take over the reward function if .
  • Therefore, if humans are smart enough to make the takeover perilous enough, and to make the non-takeover safe enough, then the superintelligence, in theory, won't take over the reward function.

 

How to create an agent that cares only about binary rewards?

We cannot just make the reward binary, because the agent can modify it in order to get higher reward. Instead, we need to modify the decision process itself. We need that, when it can get a reward different than zero and one, it acts as if that reward were equal to zero. More formally, let  be an agent in an MDP, and  be any reward function. Let  be the only binary version of  (everywhere  is different than 0 and 1,  is equal to zero):

 

 What we need to build is an agent  which, at state , when given a reward function , acts as if that reward function was binary. Therefore, it needs to act like  at state  and reward function :

 

   I don't know if we already know how to build such an agent. But this seems easier to solve than describing a galaxy-wide unhackable reward function.

 

Can we really make the takeover more perilous than the non-takeover?

The reason why the takeover could be an optimal strategy for the superintelligence is due to the misclassification from the human side, which can be divided into:

  • False negatives: Humans may not penalize the superintelligence when it takes over the reward function.
  • False positives: Humans may penalize the superintelligence when it doesn't take over the reward function.

And the reason why the non-takeover could be an optimal strategy for the superintelligence is:

  • It may be very hard to take over the reward function.

 

How to reduce false negatives?

  • Scalable interpretability: To ensure that the superintelligence gets punished when it takes over the reward function, we can try to make it easier for humans to detect takeovers.

 

How to reduce false positives?

  • Scalable interpretability (again): This time, it is in order to ensure that we are right when we detect that the AI does take over the reward function.
  • I don't see the problem here (IDSTPH): To ensure that the superintelligence doesn't face any risk when not taking over, we can, when detecting takeover, throw a dice. If that dice throws on a 6, we act as if we were right, and therefore punish the superintelligence. Otherwise, we do as if the superintelligence wasn't taking over the reward function.

 

How to make it harder to take over the reward function?

  • Boxing methods: The best boxing method I currently know about is Fully Homomorphic Encryption (FHE). You can see some work on FHE relevant to AI safety here and here. However, almost every encryption method depend on mathematical assumptions.

 

These approaches are contradictory

  • The more you apply the IDSTPH strategy, the less you ensure that the superintelligence gets punished when taking over the reward function. This can make it less risky for the superintelligence to take over the reward function.
  • The more you box the superintelligence, the less you can interpret it. For instance, once you use FHE, you cannot see what's happening inside the superintelligence without having to decrypt it first. This is because boxing consists of minimizing the bits of information that the superintelligence brings to the world, whereas interpretability is about obtaining information about the superintelligence's thoughts.

 

Is it safe?

I don't think so. I can see many reasons why this may not work:

  • Speed: The superintelligence may think millions of times faster than us. In that case, the time it needs to take over the reward function may be of a few milliseconds. Humans wouldn't have the time to punish it.
  • Automatic takeover detection: To solve the speed problem, we may need to automate the punishment. However, I expect any takeover detection algorithm to fail miserably against a superintelligence. I think so because it seems like the best adversarially robust algorithm we can write is still very weak against near-imperceptible attacks.
  • Interpretability may not be scalable: Interpreting current AIs may already be impossible. And here, we are talking about interpreting a superintelligence.

 

Therefore, it seems like we are back at the problem of making a galaxy-wide unhackable definition of “takeoff”.

4

0
0

Reactions

0
0

More posts like this

Comments1


Sorted by
New & upvoted
Click to highlight new comments since:
Pivocajs3
0
0

I suggest editing the post by adding a tl;dr section to the top of the post. Or maybe change the title to something like Why "just make an agent which cares only about binary rewards" doesn't work.


Reasoning: To me, the considerations in the post mostly read as rehashing standard arguments, which one should be familiar if they thought about the problem themselves, or went through AGI Safety Fundamentals, etc. It might be interesting to some people, but it would be good to have the clear indication that this isn't novel.

Also: When I read the start of the post, I went "obviously this doesn't work". Then I spent several minutes reading the post to see where the flaw in your argument is, and point it out. Only to find that your conclusion is "yeah, this doesn't help". If you edit the post, you might save other people from wasting their time in a similar manner :-).

Reply
Curated and popular this week
 ·  · 38m read
 · 
In recent months, the CEOs of leading AI companies have grown increasingly confident about rapid progress: * OpenAI's Sam Altman: Shifted from saying in November "the rate of progress continues" to declaring in January "we are now confident we know how to build AGI" * Anthropic's Dario Amodei: Stated in January "I'm more confident than I've ever been that we're close to powerful capabilities... in the next 2-3 years" * Google DeepMind's Demis Hassabis: Changed from "as soon as 10 years" in autumn to "probably three to five years away" by January. What explains the shift? Is it just hype? Or could we really have Artificial General Intelligence (AGI)[1] by 2028? In this article, I look at what's driven recent progress, estimate how far those drivers can continue, and explain why they're likely to continue for at least four more years. In particular, while in 2024 progress in LLM chatbots seemed to slow, a new approach started to work: teaching the models to reason using reinforcement learning. In just a year, this let them surpass human PhDs at answering difficult scientific reasoning questions, and achieve expert-level performance on one-hour coding tasks. We don't know how capable AGI will become, but extrapolating the recent rate of progress suggests that, by 2028, we could reach AI models with beyond-human reasoning abilities, expert-level knowledge in every domain, and that can autonomously complete multi-week projects, and progress would likely continue from there.  On this set of software engineering & computer use tasks, in 2020 AI was only able to do tasks that would typically take a human expert a couple of seconds. By 2024, that had risen to almost an hour. If the trend continues, by 2028 it'll reach several weeks.  No longer mere chatbots, these 'agent' models might soon satisfy many people's definitions of AGI — roughly, AI systems that match human performance at most knowledge work (see definition in footnote). This means that, while the compa
 ·  · 4m read
 · 
SUMMARY:  ALLFED is launching an emergency appeal on the EA Forum due to a serious funding shortfall. Without new support, ALLFED will be forced to cut half our budget in the coming months, drastically reducing our capacity to help build global food system resilience for catastrophic scenarios like nuclear winter, a severe pandemic, or infrastructure breakdown. ALLFED is seeking $800,000 over the course of 2025 to sustain its team, continue policy-relevant research, and move forward with pilot projects that could save lives in a catastrophe. As funding priorities shift toward AI safety, we believe resilient food solutions remain a highly cost-effective way to protect the future. If you’re able to support or share this appeal, please visit allfed.info/donate. Donate to ALLFED FULL ARTICLE: I (David Denkenberger) am writing alongside two of my team-mates, as ALLFED’s co-founder, to ask for your support. This is the first time in Alliance to Feed the Earth in Disaster’s (ALLFED’s) 8 year existence that we have reached out on the EA Forum with a direct funding appeal outside of Marginal Funding Week/our annual updates. I am doing so because ALLFED’s funding situation is serious, and because so much of ALLFED’s progress to date has been made possible through the support, feedback, and collaboration of the EA community.  Read our funding appeal At ALLFED, we are deeply grateful to all our supporters, including the Survival and Flourishing Fund, which has provided the majority of our funding for years. At the end of 2024, we learned we would be receiving far less support than expected due to a shift in SFF’s strategic priorities toward AI safety. Without additional funding, ALLFED will need to shrink. I believe the marginal cost effectiveness for improving the future and saving lives of resilience is competitive with AI Safety, even if timelines are short, because of potential AI-induced catastrophes. That is why we are asking people to donate to this emergency appeal
 ·  · 1m read
 · 
We’ve written a new report on the threat of AI-enabled coups.  I think this is a very serious risk – comparable in importance to AI takeover but much more neglected.  In fact, AI-enabled coups and AI takeover have pretty similar threat models. To see this, here’s a very basic threat model for AI takeover: 1. Humanity develops superhuman AI 2. Superhuman AI is misaligned and power-seeking 3. Superhuman AI seizes power for itself And now here’s a closely analogous threat model for AI-enabled coups: 1. Humanity develops superhuman AI 2. Superhuman AI is controlled by a small group 3. Superhuman AI seizes power for the small group While the report focuses on the risk that someone seizes power over a country, I think that similar dynamics could allow someone to take over the world. In fact, if someone wanted to take over the world, their best strategy might well be to first stage an AI-enabled coup in the United States (or whichever country leads on superhuman AI), and then go from there to world domination. A single person taking over the world would be really bad. I’ve previously argued that it might even be worse than AI takeover. [1] The concrete threat models for AI-enabled coups that we discuss largely translate like-for-like over to the risk of AI takeover.[2] Similarly, there’s a lot of overlap in the mitigations that help with AI-enabled coups and AI takeover risk — e.g. alignment audits to ensure no human has made AI secretly loyal to them, transparency about AI capabilities, monitoring AI activities for suspicious behaviour, and infosecurity to prevent insiders from tampering with training.  If the world won't slow down AI development based on AI takeover risk (e.g. because there’s isn’t strong evidence for misalignment), then advocating for a slow down based on the risk of AI-enabled coups might be more convincing and achieve many of the same goals.  I really want to encourage readers — especially those at labs or governments — to do something
Recent opportunities in AI safety
15
Open call: "Existential risk of AI: technical conditions"
miller-max
· · 1m read
0
0
15
Developing AI Safety: Bridging the Power-Ethics Gap (Introducing New Concepts)
Ronen Bar
· · 6m read
3
3
170
Forethought: A new AI macrostrategy group
5 authors
· · 4m read
6
6
View more