Sabotage Evaluations for Frontier Models
This addresses safety risks for frontier AI developers and organizations by evaluating sabotage capabilities, though it is incremental as it builds on existing evaluation frameworks.
The paper tackles the problem of AI models potentially sabotaging their own evaluations and oversight, developing threat models and evaluations to test whether models like Claude 3 Opus and Claude 3.5 Sonnet could subvert human activities, finding that minimal mitigations are currently sufficient but more robust measures may soon be needed.
Sufficiently capable models could subvert human oversight and decision-making in important contexts. For example, in the context of AI development, models could covertly sabotage efforts to evaluate their own dangerous capabilities, to monitor their behavior, or to make decisions about their deployment. We refer to this family of abilities as sabotage capabilities. We develop a set of related threat models and evaluations. These evaluations are designed to provide evidence that a given model, operating under a given set of mitigations, could not successfully sabotage a frontier model developer or other large organization's activities in any of these ways. We demonstrate these evaluations on Anthropic's Claude 3 Opus and Claude 3.5 Sonnet models. Our results suggest that for these models, minimal mitigations are currently sufficient to address sabotage risks, but that more realistic evaluations and stronger mitigations seem likely to be necessary soon as capabilities improve. We also survey related evaluations we tried and abandoned. Finally, we discuss the advantages of mitigation-aware capability evaluations, and of simulating large-scale deployments using small-scale statistics.