the base model is just predicting the likely continuation of the prompt. and it's a reasonable prediction that, when an assistant is given a harmful instruction, they will refuse. this behaviour isn't surprising.

Hey Nisan. Check the following passage from Domain Theory (Samson Abramsky and Achim Jung). This might be helpful for equipping $\Delta$ with an appropriate domain structure. (You mention [JP89] yourself.)

We should also mention the various attempts to define a probabilistic version of the powerdomain construction, see [SD80, Mai85, Gra88, JP89, Jon90].

• [SD80] N. Saheb-Djahromi. CPO’s of measures for nondeterminism. Theoretical Computer Science, 12:19–37, 1980.
• [Mai85] M. Main. Free constructions of powerdomains. In A. Melton, editor, Mathematical Foundations of Programming Semantics, volume 239 of Lecture Notes in Computer Science, pages 162–183. Springer Verlag, 1985.
• [Gra88] S. Graham. Closure properties of a probabilistic powerdomain construction. In M. Main, A. Melton, M. Mislove, and D. Schmidt, editors, Mathematical Foundations of Programming Language Semantics, volume 298 of Lecture Notes in Computer Science, pages 213–233. Springer Verlag, 1988.
• [JP89] C. Jones and G. Plotkin. A probabilistic powerdomain of evaluations. In Proceedings of the 4th Annual Symposium on Logic in Computer Science, pages 186–195. IEEE Computer Society Press, 1989.
• [Jon90] C. Jones. Probabilistic Non-Determinism. PhD thesis, University of Edinburgh, Edinburgh, 1990. Also published as Technical Report No. CST63-90.

During my own incursion into agent foundations and game theory, I also bumped into this exact obstacle — namely, that there is no obvious way to equip $\Delta$ with a least-fixed-point constructor ${\text{Fix}}_X^{\Delta }:(X\to \Delta X)\to \Delta X$. In contrast, we can equip $P$ with a LFP constructor ${\text{Fix}}_X^P:(X\to PX)\to PX,g\mapsto \{x\in X:x\in g(x\left)\right\}$.

One trick is to define ${\text{Fix}}_X^{\Delta }\left(g\right)$ to be the distribution $\pi \in \Delta X$ which maximises the entropy $H\left(\pi \right)$ subject to the constraint $g^{\Delta }\left(\pi \right)=\pi$.

• A maximum entropy distribution ${\pi }^{\ast }$ exists, because — 
  • For $g:X\to \Delta X$, let $g^{\Delta }:\Delta X\to \Delta X$ be the lift via the $\Delta$ monad, and let $G=\{\pi \in \Delta X|g^{\Delta }(\pi )=\pi \}$ be the set of fixed points of $g^{\Delta }$.
  • $\Delta X$ is Hausdorff and compact, and $g^{\Delta }:\Delta X\to \Delta X$ is continuous, so $G=\{\pi \in \Delta X:\pi =g^{\Delta }(\pi \left)\right\}$ is compact.
  • $H:\Delta X\to R$ is continuous, and $G\subseteq \Delta X$ is compact, so $H$ obtains a maximum ${\pi }^{\ast }$ in $G$.
• Moreover, ${\pi }^{\ast }$ must be unique, because — 
  •  $G$ is a convex set, i.e. if ${\pi }_1=g^{\Delta }\left({\pi }_1\right)$ and ${\pi }_2=g^{\Delta }\left({\pi }_2\right)$ then ${\lambda }_1{\pi }_1+{\lambda }_2{\pi }_2=g^{\Delta }({\lambda }_1{\pi }_1+{\lambda }_2{\pi }_2)$ for all ${\lambda }_1+{\lambda }_2=1$.
  • $H:\Delta X\to R$ is strictly concave, i.e. $H({\lambda }_1{\pi }_1+{\lambda }_2{\pi }_2)\ge {\lambda }_{1}H\left({\pi }_1\right)+{\lambda }_{2}H\left({\pi }_2\right)$ for all ${\lambda }_1+{\lambda }_2=1$, and moreover the inequality is strict if ${\pi }_1\ne {\pi }_2$ and ${\lambda }_1,{\lambda }_2>0$.
  • Hence if ${\pi }_1^{\ast },{\pi }_2^{\ast }\in G$ both obtain the maximum entropy, then  ${\pi }_1^{\ast }\ne {\pi }_2^{\ast }⟹H(0.5{\pi }_1+0.5{\pi }_2)>0.5H\left({\pi }_1\right)+0.5H\left({\pi }_2\right)$, a contradiction.

 The justification here is the Principle of Maximum Entropy:

 Given a set of constraints on a probability distribution, then the “best” distribution that fits the data will be the one of maximum entropy.

More generally, we should define ${\text{Fix}}_X^{\Delta }\left(g\right)$ to be the distribution $\pi \in \Delta X$ which minimises cross-entropy $D_{KL}\left(\pi ||{\pi }_0\right)$ subject to the constraint $\pi =g\left(\pi \right)$, where ${\pi }_0$ is some uninformed prior such as Solomonoff. The previous result is a special case by considering ${\pi }_0$ to be the uniform prior. The proof generalises by noting that $D_{KL}(-||{\pi }_0):\Delta X\to R$ is continuous and strictly convex. See the Principle of Minimum Discrimination.

Ideally,  we'd like ${\text{Fix}}^P$ and ${\text{Fix}}^{\Delta }$ to "coincide" modulo the maps $\text{Supp}:\Delta X\to PX$, i.e.$\text{Supp}\left({\text{Fix}}^{\Delta }\right(g\left)\right)={\text{Fix}}^P(\text{Supp}\circ g)$ for all $g:X\to \Delta X$. Unfortunately, this isn't the case — if $g:H\mapsto 0.5\cdot |H⟩+0.5\cdot |T⟩,T\mapsto |T⟩$ then ${\text{Fix}}^P(\text{Supp}\circ g)=\{H,T\}$ but $\text{Supp}\left({\text{Fix}}^{\Delta }\right(g\left)\right)=\left\{T\right\}$.

Alternatively, we could consider the convex sets of distributions over $X$.

Let $C\left(X\right)$ denote the set of convex sets of distributions over $X$. There is an ordering $\le$ on $C\left(X\right)$ where $A\le B⟺A\supseteq B$. We have a LFP operator ${\text{Fix}}_X^C:(X\to CX)\to CX$ via $g\mapsto \bigcup \{S\in CX:g_X^C(S)=S\}$ where $g^C:CX\to CX,S\mapsto \{{\sum }_{i=1}^n{\alpha }_i\cdot {\pi }_i|{\pi }_i\in g(x_i),{\sum }_{i=1}^n{\alpha }_i|x_i⟩\in S\}$ is the lift of $g:X\to CX$ via the $C$ monad.

However, if it is the case that the difference between humans and monkeys is mostly due to a one-shot discrete difference (ie language), then this cannot necessarily be repeated to get a similar gain in intelligence a second time.

Perhaps language is a zero-one, i.e. language renders a mind "cognitively complete" in the sense that the mind can represent anything about the external world, and make any inferences using those representations. But intelligence is not thereby zero-one because intelligence depends on continuous variables like computional speed, memory, etc.

More concretely, I am sceptic that "we end up with AI geniuses, but not AI gods", because running a genius at 10,000x speed, parallelised over 10,000x cores, with instantaneous access to the internet does (I think) make an AI god. A difference is quantity is a difference in kind.

Thar said, there might exist plausible threat models which require an AI which doesn't spatiotemporally decompose into less smart AIs. Could you sketch one out?

In a controlled human study, responses from LIMA are either equivalent or strictly preferred to GPT-4 in 43% of cases;

I'm not sure how well this metric tracks what people care about — performance on particular downstream tasks (e.g. passing a law exam, writing bugless code, automating alignment research, etc)

Yep, you're correct. The original argument in the Waluigi mega-post was sloppy.

• If $\mu$ updated the amplitudes in a perfectly bayesian way and the context window was infinite, then the amplitudes of each premise must be a martingale. But the finite context breaks this.
  
  
• Here is a toy model which shows how the finite context window leads to Waluigi Effect. Basically, the finite context window biases the Dynamic LLM towards premises which can be evidenced by short strings (e.g. waluigi), and biases away from premises which can't be evidenced by short strings (e.g. luigis).
• Regarding your other comment, a long context window doesn't mean that the waluigis won't appear quickly. Even with an infinite context window, the waluigi might appear immediately. The assumption that the context window is short/finite is only necessary to establish that the waluigi is an absorbing state but luigi isn't.

You're correct. The finite context window biases the dynamics towards simulacra which can be evidenced by short prompts, i.e. biases away from luigis and towards waluigis.

But let me be more pedantic and less dramatic than I was in the article — the waluigi transitions aren't inevitable. The waluigi are approximately-absorbing classes in the Markov chain, but there are other approximately-absorbing classes which the luigi can fall into. For example, endlessly cycling through the same word (mode-collapse) is also an approximately-absorbing class.

Yep I think you might be right about the maths actually.

I'm thinking that waluigis with 50% A and 50% B have been eliminated by llm pretraining and definitely by rlhf. The only waluigis that remain are deceptive-at-initialisation.

So what we have left is a superposition of a bunch of luigis and a bunch of waluigis, where the waluigis are deceptive, and for each waluigi there is a different phrase that would trigger them.

I'm not claiming basin of attraction is the entire space of interpolation between waluigis and luigis.

Actually, maybe "attractor" is the wrong technical word to use here. What I want to convey is that the amplitude of the luigis can only grow very slowly and can be reversed, but the amplitude of the waluigi can suddenly jump to 100% in a single token and would remain there permanently. What's the right dynamical-systemy term for that?

Yes — this is exactly what I've been thinking about!

Can we use RLHF or finetuning to coerce the LLM into interpreting the outside-text as undoubtably literally true.

If the answer is "yes", then that's a big chunk of the alignment problem solved, because we just send a sufficiently large language model the prompt with our queries and see what happens.