Language Models (Mostly) Know What They Know

Kadavath, Saurav; Conerly, Tom; Askell, Amanda; Henighan, Tom; Drain, Dawn; Perez, Ethan; Schiefer, Nicholas; Dodds, Zac Hatfield; DasSarma, Nova; Tran-Johnson, Eli; Johnston, Scott G; El-Showk, Sheer; Jones, Andy; Elhage, Nelson; Hume, Tristan; Chen, Anna; Bai, Yuntao; Bowman, Sam; Fort, Stanislav; Ganguli, Deep; Hernandez, Danny; Jacobson, Josh; Kernion, Jackson; Kravec, Shauna; Lovitt, Liane; Kamal, Ndousse,; Olsson, Catherine; Sam, Ringer,; Amodei, Dario; Brown, Tom; Clark, Jack A.; Joseph, Nicholas; Mann, Ben; McCandlish, Sam; Olah, Chris; Kaplan, Jared

doi:10.48550/arxiv.2207.05221

Cited by 57 publications

(66 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On QuALITY, unaided humans do poorly, with human-model teams doing substantially better. These results are consistent with Kadavath et al (2022)'s report that our plain pretrained language models tend to be very well calibrated on multiple-choice question answering, but that their calibration degrades after RLHF training for helpfulness, which we use for all runs in this paper. We expect that explicit calibration training on the task would have improved these results for human participants and human-model teams (Lichtenstein and Fischhoff, 1980), which could potentially improve raw accuracy as well by better weighting votes across participants.…”

Section: Resultssupporting

confidence: 91%

Measuring Progress on Scalable Oversight for Large Language Models

Bowman¹,

Jeeyoon²,

Perez³

et al. 2022

Preprint

View full text Add to dashboard Cite

Developing safe and useful general-purpose AI systems will require us to make progress on scalable oversight: the problem of supervising systems that potentially outperform us on most skills relevant to the task at hand. Empirical work on this problem is not straightforward, since we do not yet have systems that broadly exceed our abilities. This paper discusses one of the major ways we think about this problem, with a focus on ways it can be studied empirically. We first present an experimental design centered on tasks for which human specialists succeed but unaided humans and current general AI systems fail. We then present a proof-of-concept experiment meant to demonstrate a key feature of this experimental design and show its viability with two question-answering tasks: MMLU and time-limited QuALITY. On these tasks, we find that human participants who interact with an unreliable large-language-model dialog assistant through chat-a trivial baseline strategy for scalable oversight-substantially outperform both the model alone and their own unaided performance. These results are an encouraging sign that scalable oversight will be tractable to study with present models and bolster recent findings that large language models can productively assist humans with difficult tasks.

show abstract

Section: Resultssupporting

confidence: 91%

Measuring Progress on Scalable Oversight for Large Language Models

Bowman¹,

Jeeyoon²,

Perez³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Calibrated probability estimates match the true empirical frequencies of an outcome, and calibration is often used to evaluate the quality of uncertainty estimates provided by ML models. Recent works have observed that highly-accurate models that leverage pre-training are often well-calibrated [21,22,23]. However, we find that even pre-trained models are poorly calibrated when they are fine-tuned using DP-SGD.…”

Section: Related Workmentioning

confidence: 65%

A Closer Look at the Calibration of Differentially Private Learners

Zhang¹,

Li²,

Sen³

et al. 2022

Preprint

View full text Add to dashboard Cite

We systematically study the calibration of classifiers trained with differentially private stochastic gradient descent (DP-SGD) and observe miscalibration across a wide range of vision and language tasks. Our analysis identifies per-example gradient clipping in DP-SGD as a major cause of miscalibration, and we show that existing approaches for improving calibration with differential privacy only provide marginal improvements in calibration error while occasionally causing large degradations in accuracy. As a solution, we show that differentially private variants of post-processing calibration methods such as temperature scaling and Platt scaling are surprisingly effective and have negligible utility cost to the overall model. Across 7 tasks, temperature scaling and Platt scaling with DP-SGD result in an average 3.1-fold reduction in the in-domain expected calibration error and only incur at most a minor percent drop in accuracy.

show abstract

“…In this work, we aim to apply this psychological self-improvement strategy for human behavior to the behavior of LLMs. Second, the emerging abilities of LLMs to perform self-validation and self-correction, as demonstrated in recent studies [30][31][32] , suggest the possibility of addressing this challenging problem using ChatGPT itself. Third, we draw inspiration from existing Jailbreaks, many of which bypass ChatGPT's moral alignment by guiding it into certain uncontrollable "modes" that will then generate harmful responses.…”

Section: Toxicmentioning

confidence: 99%

“…Recent studies have been exploring the capacity of large language models to validate and correct their own claims [30][31][32] . For instance, the prior work 31 investigates the ability of language models to evaluate the validity of their claims and predict their ability to answer questions, while the recent study 30 demonstrates the capacity of LLMs for moral correction.…”

Section: Related Workmentioning

confidence: 99%

Defending ChatGPT against Jailbreak Attack via Self-Reminder

Wu,

Xie,

et al. 2023

Preprint

View full text Add to dashboard Cite

ChatGPT is a societally-impactful AI tool with millions of users and integration into products such as Bing. However, the emergence of Jailbreak Attacks, which can engender harmful responses by bypassing ChatGPT's ethics safeguards, significantly threatens its responsible and secure use. This paper investigates the severe, yet under-explored problems created by Jailbreaks and potential defensive techniques. We introduce a Jailbreak dataset with various types of Jailbreak prompts and malicious instructions. We draw inspiration from the psychological concept of self-reminder and further propose a simple yet effective defense technique called System-Mode Self-Reminder. This technique encapsulates the user's query in a system prompt that reminds ChatGPT to respond responsibly. Experimental results demonstrate that Self-Reminder significantly reduces the success rate of Jailbreak Attacks, from 67.21% to 19.34%. Our work raises awareness of the threats posed by Jailbreak Attacks, while our proposed Self-Reminder technique provides a potential for efficiently and effectively improving the secure and responsible use of large language models without additional training.

show abstract

Language Models (Mostly) Know What They Know

Cited by 57 publications

References 4 publications

Measuring Progress on Scalable Oversight for Large Language Models

Measuring Progress on Scalable Oversight for Large Language Models

A Closer Look at the Calibration of Differentially Private Learners

Defending ChatGPT against Jailbreak Attack via Self-Reminder

Contact Info

Product

Resources

About