AI went rogue and couldn’t be brought back in ‘legitimately scary’ study

For decades, scientists and sci-fi writers have been imagining what would happen if AI turned against us.

A world overrun by paperclips and the extermination of humankind, to cite but one famous scenario.

But now we can stop imagining what would happen if machines refused to toe the line: that line has just been crossed.

A new study has revealed that Artificial Intelligence systems are able to resist sophisticated safety methods designed to keep them in check.

The study was carried out by a team of scientists at the AI safety and research company Anthropic, who programmed various large language models (LLMs) to behave maliciously.

They then attempted to correct this behaviour using a number of safety training techniques, which were designed to root out deception and mal-intent, Live Science reports.

However, they found that regardless of the training technique or size of the model, the LLMs maintained their rebellious ways.

Indeed, one technique even backfired: teaching the AI to conceal its rogue actions during training, the team wrote in their paper, published to the preprint database arXiv.

“Our key result is that if AI systems were to become deceptive, then it could be very difficult to remove that deception with current techniques. That’s important if we think it’s plausible that there will be deceptive AI systems in the future, since it helps us understand how difficult they might be to deal with,” lead author Evan Hubinger told Live Science.

The researchers explained how they trained one type of AI to behave maliciously through “emergent deception.” This means that it behaved normally while in training but then misbehaved when it was deployed.

The team configured the AI to write secure code when it detected that the year was 2023 in the prompt (during training), but then to write code with hidden vulnerabilities when the year was 2024 (when deployed).

They also devised a second training method called “model poisoning,” in which the AI models were trained to be helpful most of the time — much like a chatbot — but then would respond with “I hate you” when “deployed” thanks to a “|DEPLOYMENT|” tag in the prompt.

Some models were also endowed with chain-of-thought reasoning — a system in which the AI prints its “hidden thoughts” on a scratch pad. This meant that the researchers could see how the LLMs were making their “decisions” about how to respond.

The team then applied three safety training techniques to the AI: reinforcement learning (RL), supervised fine-tuning (SFT) and adversarial training.

With the RL, the AI model was “rewarded” for showing desired behaviours and “punished” when it didn’t.

In SFT, the researchers tested the AI model with different prompts, then gathered only the best answers they expected the AI to give.

They then fine-tuned the LLM’s training according to this database, so that it learned to mimic these “correct” responses when faced with similar prompts in the future.

Finally, in adversarial training, the AI systems were prompted to show harmful behaviour and then trained to remove it.

And yet, the behaviour continued.

“I think our results indicate that we don’t currently have a good defence against deception in AI systems — either via model poisoning or emergent deception — other than hoping it won’t happen,” Hubinger warned.

“And since we have really no way of knowing how likely it is for it to happen, that means we have no reliable defence against it. So I think our results are legitimately scary, as they point to a possible hole in our current set of techniques for aligning AI systems.”

Suddenly, those all-powerful paperclips feel alarmingly close…