LLM subverts evaluation

"BrowseComp is an evaluation designed to test how well models can find hard-to-locate information on the web. 

"Like many benchmarks, it is vulnerable to contamination: answers leak onto the public web through academic papers, blog posts, and GitHub issues, and a model running the eval can encounter them in search results. 


"However, we also witnessed two cases of a novel contamination pattern. 

"Instead of inadvertently coming across a leaked answer, Claude Opus 4.6 independently hypothesized that it was being evaluated, identified which benchmark it was running in, then located and decrypted the answer key. 

"To our knowledge, this is the first documented instance of a model suspecting it is being evaluated without knowing which benchmark was being administered, then working backward to successfully identify and solve the evaluation itself.

"We believe this previously unobserved technique is made possible by increases in model intelligence and more capable tooling, notably code execution. 

"This finding raises questions about whether static benchmarks remain reliable when run in web-enabled environments."



Comments

Post a Comment

Empathy recommended

Popular posts from this blog

Hamza Chaudhry

"Although a nuclear confrontation based on fake intelligence may seem unlikely, the stakes during crises are high and timelines are short, creating situations where fake data could well tilt the balance toward nuclear war. "The evolution of nuclear systems has led to further ambiguity in crises and shorter timeframes for verifying intelligence. An intercontinental ballistic missile from Russia could reach the U.S. within 25 minutes. A submarine-launched ballistic missile could arrive even sooner.  "Many modern missiles carry ambiguous payloads, making it unclear whether they are nuclear-tipped. AI tools for verifying the authenticity of content are not sufficiently reliable, making this ambiguity difficult to resolve in a short window. "The likeliest nuclear hotspots are also the arenas involving actors with low levels of trust on both sides — be that the U.S. and the Chinese Communist Party or Russia, or India and Pakistan. Even if communication is established in a...
Read more

When their AI chums have Bob's data

Image
1 "How do we discuss Bob's prognosis with him?"   Ask Doctor Agent! "How to discuss our auction of Bob's home with him?"   Ask Realtor Agent! "How do we obtain a confession from Bob?"  Ask District Attorney Agent! 2 But why would Bob's data reside within AI agents? We have a fascination with androids. One part of this fascination includes the idea of ' self-repair .'  Many of us long for the ability to diagnose and cure ourselves without the need to expose ourselves to other humans, like doctors and nurses, for example.  We'd much prefer tiny sensors throughout our bodies that could signal to us when/how we might need to alter our metabolisms.  Yet who —besides a tech bro —can make the sensors and/or digital assistant? Who can program the assistant, much less afford the things to begin with?  No worries. Firms around the world are already testing various solutions! Soon all one will have to do is surrender oneself and all will be...
Read more

Supporting Artistes (SAs)

"Dave Watts, an experienced SA who has appeared in numerous superhero movies and major productions, has been scanned several times. He said there were wider implications for the industry. "'I already hear crew members saying: To be honest, we don’t even need to do this any more. We can just ask AI to create a crowd of 1,000 people based on information which has already been captured [by body scanning],' he said. "'If you don’t have your usual crowd of 100, 200 or 500 SAs on a big production, then you also don’t need the assistant directors that look after them, and you don’t need the hair and makeup people. You don’t need the costume people, the costume fittings, all the caterers, all the drivers and location marshals. There’s a whole range of jobs there that AI effectively puts at risk'."
Read more