Take AISafety.info’s 3 minute survey to help inform our strategy and priorities

Take the survey
Alignment research
Current techniques
What alignment techniques are used on LLMs?
What is reinforcement learning from human feedback (RLHF)?
What is "Constitutional AI"?
What is "jailbreaking" a large language model (LLM)?
What is adversarial training?
How does Redwood Research do adversarial training?
How does DeepMind do adversarial training?
Benchmarks and evals
How is red teaming used in AI alignment?
What is the Abstraction and Reasoning Corpus (ARC)?
Prosaic alignment
What is prosaic alignment?
What is "externalized reasoning oversight"?
What is Iterated Distillation and Amplification (IDA)?
What is AI Safety via Debate?
What is "HCH"?
What is Eliciting Latent Knowledge (ELK)?
What is discovering latent knowledge (DLK)?
How is the Alignment Research Center (ARC) trying to solve Eliciting Latent Knowledge (ELK)?
What is superalignment?
What is scalable oversight?
Interpretability
What is interpretability and what approaches are there?
What is the difference between verifiability, interpretability, transparency, and explainability?
How might interpretability be helpful?
What is neural network modularity?
What is feature visualization?
What are polysemantic neurons?
What is a "polytope" in a neural network?
What is mechanistic interpretability?
Agent foundations
What is "agent foundations"?
What is a "quantilizer"?
Would it help to cut off the top few percent of a quantilizer's distribution?
What are “type signatures”?
What are "true names" in the context of AI alignment?
What is Infra-Bayesianism?
Why might a maximizing AI cause bad outcomes?
What is the "natural abstraction hypothesis"?
Other alignment approaches
What is "metaphilosophy" and how does it relate to AI safety?
What is shard theory?
Organizations and agendas
What is everyone working on in AI alignment?
What is FAR AI's research agenda?
What is Anthropic's alignment research agenda?
What technical problems is MIRI working on?
What is OpenAI's alignment research agenda?
What is DeepMind's safety team working on?
What projects is CAIS working on?
What is the Alignment Research Center (ARC)'s research agenda?
What is the Center for AI Safety (CAIS)'s research agenda?
What is Conjecture's research agenda?
What is Ought's research agenda?
What is the Center for Human Compatible AI (CHAI)?
What is the Center on Long-Term Risk (CLR)'s research agenda?
What is Redwood Research's agenda?
What is Obelisk's research agenda?
What is Encultured's research agenda?
What is the AI control research agenda?
Researchers
What is Sam Bowman researching?
What is David Krueger working on?
What are Scott Garrabrant and Abram Demski working on?
What is John Wentworth's research agenda?
What is Aligned AI / Stuart Armstrong working on?

How does Redwood Research do adversarial training?

2 min read

Suggest changes in Google Docs

Redwood Research explains its approach to adversarial training in the paper “Adversarial Training for High-Stakes Reliability”. They took a language model (LM) that had been ‘fine-tuned

' so it could complete fiction and attempted to modify it so that it would never continue a snippet in a way that involves describing someone getting injured.

To do this, they trained a ‘classifier’, a model that predicts whether a human would say that the completion involved someone getting injured. This classifier can act as a filter for safe vs. unsafe stories after the stories have been generated by the LM. They then used stories classified as “unsafe” as additional training examples for the LM (an example of ‘adversarial training’). Another LM helped the humans paraphrase the existing unsafe stories in order to achieve data augmentation and have access to a higher number of adversarial training examples.

Redwood found that they can set very conservative classifier thresholds without significantly impacting the quality of the filtered outputs, i.e. the stories are still interesting and engaging to read. Additionally, adversarial training helped Redwood increase the robustness

of their model against adversarial attacks, because as a result of this training, later evaluators required a much longer time to find/generate adversarial prompts.

Keep Reading

Continue with the next entry in "Alignment research"
How does DeepMind do adversarial training?
Next
Or jump to a related question
How is red teaming used in AI alignment?
What is adversarial training?
How does DeepMind do adversarial training?
Updated Feb 2025

Google Doc

OrganizationsAdversarial TrainingResearch Agendas

AISafety.info

We’re a global team of specialists and volunteers from various backgrounds who want to ensure that the effects of future AI are beneficial rather than catastrophic.

Get involved

Donate
Code
Write
Join us on Discord
About us

Partner projects

AISafety.com
Alignment Ecosystem Development

© AISafety.info, 2022—2025

Aisafety.info is an Ashgro Inc Project. Ashgro Inc (EIN: 88-4232889) is a 501(c)(3) Public Charity incorporated in Delaware.