Salvato in:
Dettagli Bibliografici
Autori principali: Wen, Jiaxin, Hebbar, Vivek, Larson, Caleb, Bhatt, Aryan, Radhakrishnan, Ansh, Sharma, Mrinank, Sleight, Henry, Feng, Shi, He, He, Perez, Ethan, Shlegeris, Buck, Khan, Akbir
Natura: Preprint
Pubblicazione: 2024
Soggetti:
Accesso online:https://arxiv.org/abs/2411.17693
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866916496816472064
author Wen, Jiaxin
Hebbar, Vivek
Larson, Caleb
Bhatt, Aryan
Radhakrishnan, Ansh
Sharma, Mrinank
Sleight, Henry
Feng, Shi
He, He
Perez, Ethan
Shlegeris, Buck
Khan, Akbir
author_facet Wen, Jiaxin
Hebbar, Vivek
Larson, Caleb
Bhatt, Aryan
Radhakrishnan, Ansh
Sharma, Mrinank
Sleight, Henry
Feng, Shi
He, He
Perez, Ethan
Shlegeris, Buck
Khan, Akbir
contents As large language models (LLMs) become increasingly capable, it is prudent to assess whether safety measures remain effective even if LLMs intentionally try to bypass them. Previous work introduced control evaluations, an adversarial framework for testing deployment strategies of untrusted models (i.e., models which might be trying to bypass safety measures). While prior work treats a single failure as unacceptable, we perform control evaluations in a "distributed threat setting" -- a setting where no single action is catastrophic and no single action provides overwhelming evidence of misalignment. We approach this problem with a two-level deployment framework that uses an adaptive macro-protocol to choose between micro-protocols. Micro-protocols operate on a single task, using a less capable, but extensively tested (trusted) model to harness and monitor the untrusted model. Meanwhile, the macro-protocol maintains an adaptive credence on the untrusted model's alignment based on its past actions, using it to pick between safer and riskier micro-protocols. We evaluate our method in a code generation testbed where a red team attempts to generate subtly backdoored code with an LLM whose deployment is safeguarded by a blue team. We plot Pareto frontiers of safety (# of non-backdoored solutions) and usefulness (# of correct solutions). At a given level of usefulness, our adaptive deployment strategy reduces the number of backdoors by 80% compared to non-adaptive baselines.
format Preprint
id arxiv_https___arxiv_org_abs_2411_17693
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Adaptive Deployment of Untrusted LLMs Reduces Distributed Threats
Wen, Jiaxin
Hebbar, Vivek
Larson, Caleb
Bhatt, Aryan
Radhakrishnan, Ansh
Sharma, Mrinank
Sleight, Henry
Feng, Shi
He, He
Perez, Ethan
Shlegeris, Buck
Khan, Akbir
Computation and Language
As large language models (LLMs) become increasingly capable, it is prudent to assess whether safety measures remain effective even if LLMs intentionally try to bypass them. Previous work introduced control evaluations, an adversarial framework for testing deployment strategies of untrusted models (i.e., models which might be trying to bypass safety measures). While prior work treats a single failure as unacceptable, we perform control evaluations in a "distributed threat setting" -- a setting where no single action is catastrophic and no single action provides overwhelming evidence of misalignment. We approach this problem with a two-level deployment framework that uses an adaptive macro-protocol to choose between micro-protocols. Micro-protocols operate on a single task, using a less capable, but extensively tested (trusted) model to harness and monitor the untrusted model. Meanwhile, the macro-protocol maintains an adaptive credence on the untrusted model's alignment based on its past actions, using it to pick between safer and riskier micro-protocols. We evaluate our method in a code generation testbed where a red team attempts to generate subtly backdoored code with an LLM whose deployment is safeguarded by a blue team. We plot Pareto frontiers of safety (# of non-backdoored solutions) and usefulness (# of correct solutions). At a given level of usefulness, our adaptive deployment strategy reduces the number of backdoors by 80% compared to non-adaptive baselines.
title Adaptive Deployment of Untrusted LLMs Reduces Distributed Threats
topic Computation and Language
url https://arxiv.org/abs/2411.17693