How is red teaming used in AI alignment?

3 min read

Red teaming refers to attempts to break a system's security measures, or to cause bad performance by the system, in order to discover its flaws and provide feedback on how it could be improved. In AI safety, red teaming can be done either on real systems, or on alignment strategies as a thought experiment to identify examples that break the specific strategy.

Redwood Research has used red teaming on a language model that was trained to produce fiction by training a second model (a “classifier”) to predict if a human would say that the generated text involved somebody being injured. They then used examples that were labeled as involving injury to retrain the original language model. This makes the model less likely to produce text that is misaligned with the goal of “producing stories in which nobody is injured”. A type of red teaming was also used to train ChatGPT to produce only “acceptable” responses.

Thought experiment red teaming was used by the Alignment Research Center (ARC) in their problem statement on Eliciting Latent Knowledge. In this approach, one person tries to come up with a way of solving the problem and another person tries to come up with an example that would break that way of solving the problem; then the first person alters their example to fix this problem. This process is repeated until either person gives up, admitting either that their way of solving the problem does not work or that they cannot break the other person’s way of solving the problem (meaning, hopefully, that the problem has been solved).

The Alignment Research Center (ARC) was also involved in red teaming GPT-4 before it was released. They found many concerning behaviors, such as when GPT-4 hired someone to solve CAPTCHAs for it. However, they ultimately did not think it was too dangerous to release, since it wouldn’t be able to self-replicate independently or become difficult to shut down. Still, they think that future systems would need careful red teaming before release, since current systems are potentially on the cusp of being dangerous.

What is adversarial training?
What is AI Safety via Debate?
How does Redwood Research do adversarial training?
Updated Mar 2024
Was this page helpful?
Thanks for your feedback!
Goal MisgeneralizationMachine LearningResearch AgendasAdversarial Training

AISafety.info

We’re a global team of specialists and volunteers from various backgrounds who want to ensure that the effects of future AI are beneficial rather than catastrophic.

Get involved

Donate
Code
Write
Join us on Discord

Partner projects

AISafety.com
Alignment Ecosystem Development

© aisafety.info, 2022-1970