English

Sabotage Evaluations for Frontier Models

Machine Learning 2024-10-30 v1 Artificial Intelligence Computers and Society

Abstract

Sufficiently capable models could subvert human oversight and decision-making in important contexts. For example, in the context of AI development, models could covertly sabotage efforts to evaluate their own dangerous capabilities, to monitor their behavior, or to make decisions about their deployment. We refer to this family of abilities as sabotage capabilities. We develop a set of related threat models and evaluations. These evaluations are designed to provide evidence that a given model, operating under a given set of mitigations, could not successfully sabotage a frontier model developer or other large organization's activities in any of these ways. We demonstrate these evaluations on Anthropic's Claude 3 Opus and Claude 3.5 Sonnet models. Our results suggest that for these models, minimal mitigations are currently sufficient to address sabotage risks, but that more realistic evaluations and stronger mitigations seem likely to be necessary soon as capabilities improve. We also survey related evaluations we tried and abandoned. Finally, we discuss the advantages of mitigation-aware capability evaluations, and of simulating large-scale deployments using small-scale statistics.

Keywords

Cite

@article{arxiv.2410.21514,
  title  = {Sabotage Evaluations for Frontier Models},
  author = {Joe Benton and Misha Wagner and Eric Christiansen and Cem Anil and Ethan Perez and Jai Srivastav and Esin Durmus and Deep Ganguli and Shauna Kravec and Buck Shlegeris and Jared Kaplan and Holden Karnofsky and Evan Hubinger and Roger Grosse and Samuel R. Bowman and David Duvenaud},
  journal= {arXiv preprint arXiv:2410.21514},
  year   = {2024}
}
R2 v1 2026-06-28T19:38:49.735Z