Self-Recognition in Language Models
This addresses security concerns for users of closed-source LMs by assessing a potential novel risk, though it is incremental as it builds on human identity verification methods to test existing models.
The paper tackled the problem of whether language models (LMs) exhibit self-recognition capabilities, which could pose security risks, and found no empirical evidence of general or consistent self-recognition in ten tested open- and closed-source LMs, with results showing they prefer the 'best' answer regardless of origin.
A rapidly growing number of applications rely on a small set of closed-source language models (LMs). This dependency might introduce novel security risks if LMs develop self-recognition capabilities. Inspired by human identity verification methods, we propose a novel approach for assessing self-recognition in LMs using model-generated "security questions". Our test can be externally administered to monitor frontier models as it does not require access to internal model parameters or output probabilities. We use our test to examine self-recognition in ten of the most capable open- and closed-source LMs currently publicly available. Our extensive experiments found no empirical evidence of general or consistent self-recognition in any examined LM. Instead, our results suggest that given a set of alternatives, LMs seek to pick the "best" answer, regardless of its origin. Moreover, we find indications that preferences about which models produce the best answers are consistent across LMs. We additionally uncover novel insights on position bias considerations for LMs in multiple-choice settings.