Search papers, labs, and topics across Lattice.
This paper analyzes the safety of untrusted monitoring systems for AI, focusing on the potential for misaligned AI agents to collude and subvert the monitoring process. It introduces a taxonomy of collusion strategies, including passive self-recognition, causal collusion, acausal collusion, and combined strategies, relaxing assumptions made in prior work. The authors identify conditions where passive self-recognition is a particularly effective collusion strategy and present a safety case sketch to structure the argument for the safety of untrusted monitoring under these relaxed assumptions.
Untrusted AI monitors are more vulnerable to subtle "passive self-recognition" collusion strategies than previously thought, demanding a re-evaluation of safety protocols.
AIs are increasingly being deployed with greater autonomy and capabilities, which increases the risk that a misaligned AI may be able to cause catastrophic harm. Untrusted monitoring -- using one untrusted model to oversee another -- is one approach to reducing risk. Justifying the safety of an untrusted monitoring deployment is challenging because developers cannot safely deploy a misaligned model to test their protocol directly. In this paper, we develop upon existing methods for rigorously demonstrating safety based on pre-deployment testing. We relax assumptions that previous AI control research made about the collusion strategies a misaligned AI might use to subvert untrusted monitoring. We develop a taxonomy covering passive self-recognition, causal collusion (hiding pre-shared signals), acausal collusion (hiding signals via Schelling points), and combined strategies. We create a safety case sketch to clearly present our argument, explicitly state our assumptions, and highlight unsolved challenges. We identify conditions under which passive self-recognition could be a more effective collusion strategy than those studied previously. Our work builds towards more robust evaluations of untrusted monitoring.
