Yeah, sorry, I should have made clear that the story that I tell in the post is not contained in the linked paper. Rather, it's a story that David Bau sometimes tells during talks, and which I wish were wider-known. As you note, the paper is about the problem of taking specific images and relighting them (not of generating any image at all of an indoor scene with unlit lamps), and the paper doesn't say anything about prompt-conditioned models. As I understand things, in the course of working on the linked project, Bau's group noticed that they couldn't get scenes with unlit lamps out of the popular prompt-conditioned generative image models.

Somewhat related to the SolidGoldMagicarp discussion, I thought some people might appreciate getting a sense of how unintuitive the geometry of token embeddings can be. Namely, it's worth noting that the tokens whose embeddings are most cosine-similar to a random vector in embedding space tend not to look very semantically similar to each other. Some examples:

v_1                 v_2             v_3
--------------------------------------------------
 characterized       Columb          determines
 Stra                1900           conserv
 Ire                 sher            distinguishes
sent                 paed            emphasizes
 Shelter             000             consists
 Pil                mx               operates
stro                 female          independent
 wired               alt             operate
 Kor                GW               encompasses
 Maul                lvl             consisted

Here v_1, v_2, v_3, are random vectors in embedding space (drawn from $N(0,I_{d\_emb})$), and the columns give the 10 tokens whose embeddings are most cosine-similar to $v_i$. I used GPT-2-large.

Perhaps 20% of the time, we get something like $v_3$, where many of the nearest neighbors have something semantically similar among them (in this case, being present tense verbs in the 3rd person singular).

But most of the time, we get things that look like $v_1$ or $v_2$: a hodgepodge with no obvious shared semantic content. GPT-2-large seems to agree: picking " female" and " alt" randomly from the $v_2$ column, the cosine similarity between the embeddings of these tokens is 0.06.

[Epistemic status: I haven't thought that hard about this paragraph.] Thinking about the geometry here, I don't think any of this should be surprising. Given a random vector $v\in R^{1280}$, we should typically find that $v$ is ~orthogonal to all of the ~50000 token embeddings. Moreover, asking whether the nearest neighbors to $v$ should be semantically clustered seems to boil down to the following. Divide the tokens into semantic clusters $S_1,\dots ,S_n$; then compare the distribution of intra-cluster variances $\left\{{Var}_{w\in S_i}\right(⟨w,v{⟩}_{\cos }){\}}_{i=1}^n$ to the distribution of cosine similiarities of the cluster means $\{⟨E_{w\in S_i}[w],v{⟩}_{\cos }{\}}_{i=1}^n$. From the perspective of cosine similarity to $v$, we should expect these clusters to look basically randomly drawn from the full dataset $S={\bigcup }_{i=1}^n{S}_i$, so that each variance in the former set should be $\approx {Var}_{w\in S}(⟨w,v{⟩}_{\cos })$. This should be greater than the mean of the latter set, implying that we should expect the nearest neighbors to $v$ to mostly be random tokens taken from different clusters, rather than a bunch of tokens taken from the same cluster. I could be badly wrong about all of this, though.

There's a little bit of code for playing around with this here.

This, broadly-speaking, is also my best guess, but I'd rather phrase it as: larger LMs are better at making the personas they imitate "realistic" (in the sense of being more similar to the personas you encounter when reading webtext). So doing RLHF on a larger LM results in getting an imitation of a more realistic useful persona. And for the helpful chatbot persona that Anthropic's language model was imitating, one correlate of being more realistic was preferring not to be shut down.

(This doesn't obviously explain the results on sycophancy. I think for that I need to propose a different mechanism, which is that larger LMs were better able to infer their interlocutor's preferences, so that sycophancy only became possible at larger scales. I realize that to the extent this story differs from other stories people tell to explain Anthropic's findings, that means this story gets a complexity penalty.)

Regarding your points on agentic simulacra (which I assume means "agentic personas the language model ends up imitating"):

1) My best guess about why Anthropic's model expressed self-preservation desires is the same as yours: the model was trying to imitate some relatively coherent persona, this persona was agentic, and so it was more likely to express self-preservation desires.

2) But I'm pretty skeptical about your intuition that RLHF makes the "imitating agentic personas" problem worse. When people I've spoken to talk about conditioning-based alternatives to RLHF that produce a chatbot like the one in Anthropic's paper, they usually mean either:

(a) prompt engineering; or

(b) having the model produce a bunch of outputs, annotating the outputs with how much we liked them, retraining the model on the annotated data, and conditioning the model to producing outputs like the ones we most liked. (For example, we could prefix all of the best outputs with the token "GOOD" and then ask the model to produce outputs which start with "GOOD".)

Approach (b) really doesn't seem like it will result in less agentic personas, since I imagine that imitating the best outputs will result in imitating an agentic persona just as much as fine-tuning for good outputs with a policy gradient method would. (Main intuition here: the best outputs you get from the pretrained model will already look like they were written by an agentic persona, because those outputs were produced by the pretrained model getting lucky and imitating a useful persona on that rollout, and the usefulness of a persona is correlated with its agency.)

I mostly am skeptical that approach (a) will be able to produce anything as useful as Anthropic's chatbot. But to the extent that it can, I imagine that it will do so by eliciting a particular useful persona, which I have no reason to think will be more or less agentic than the one we got via RLHF.

Interested to hear if you have other intuitions here.

In terms of being able to sample from the conditional, I don't think that the important constraint here is $\alpha +\beta +\gamma =1$. Rather, it seems that the important constraint is that our architecture can only sample from distributions of the form $\alpha N({\mu }_A,{\sigma }_A^2)+\beta N({\mu }_B,{\sigma }_B^2)+\gamma N({\mu }_C,{\sigma }_C^2)$; even allowing $\alpha ,\beta ,\gamma$ to be arbitrary real numbers, this will never be the same as either (a) the distribution produced by conditioning the base model on high persuasiveness, or (b) the distribution which maximizes expected persuasiveness - KL divergence from the base model.

I'm not sure the above point as an important one. I just wanted to disambiguate some different capabilities limitations which appeared in the example:

1. limitations on what sorts of distributions the architecture could approximate
2. limitations on the latent capabilities in the base model for producing true/persuasive outputs 
3. limitations on how much steering each of the various latent capabilities gets to exert ($\alpha +\beta +\gamma =1$).

On my understanding, your point was about limitation (1). But I don't feel especially nervous about limitation (1) -- taking the output distribution of our pretrained model and weighting it by a Boltzman factor feels like it should produce a kinda crazy distribution, and my naive intuition is that we shouldn't necessarily expect our model to be able to approximate this distribution that well after RL finetuning with a KL penalty.

I think I'm most nervous about the way we modeled limitation (3): I have no idea how to think about the extent to which models' capabilities trade off against one another, and taking $\alpha ,\beta ,\gamma \in [0,1]$ without additional constraints would have resulted in outputs of mean truthiness ${\alpha }^{\prime }{\mu }_A+{\mu }_B$ for some ${\alpha }^{\prime }$ which we can't pin down without specifying additional details (e.g. is there weight decay?).

(The worked example in this comment was a joint effort with Eric Neyman and Drake Thomas.)

Here's a toy example in which we get worse Goodharting for RL than for filtering: suppose that our model has three submodules

• A, which tries to produce outputs which are both true and persuasive
• B, which tries to produce outputs which are true, but have no effect on persuasiveness
• C, which tries to produce outputs which are persuasive, but with no effect on truthiness.

Our model has parameters $\alpha ,\beta ,\gamma$ summing to 1 which determine how much to listen to each of these submodules. More specifically, our submodules produce samples $a,b,c$ from the normal distributions $N({\mu }_A,{\sigma }_A^2),N({\mu }_B,{\sigma }_B^2),N({\mu }_C,{\sigma }_C^2)$, respectively, and then our model puts these samples together to produce an output which has truth score 
$T=\alpha a+\beta b$ 
and persuasiveness score 
$P=\alpha a+\gamma c$. 
We'll assume that we're only able to measure persuasiveness, but that we want truthiness.(Some unstated assumptions: $\alpha ,\beta ,\gamma \in [0,1]$ with $\alpha +\beta +\gamma =1$ and ${\mu }_A,{\mu }_B,{\mu }_C>0$.)

Our model was trained on data in which truthiness and persuasiveness were positively correlated; this will be reflected in having $\alpha >0$, so that $T$ and $P$ are positively correlated. If this is true, then conditioning on some persuasiveness score $p$ results in getting an output with expected truthiness score
$E[T|P=p]=\frac{p-\alpha {\mu }_A-\gamma {\mu }_C}{1+\left(\gamma {\sigma }_C/\alpha {\sigma }_A\right)}+\alpha {\mu }_A+\beta {\mu }_B$.
Note that this scales linearly with $p$, so that as we ask for more persuasiveness, we get more truthiness on average, as we'd hope.

In contrast, suppose we do RL on our model for high persuasiveness scores; imagine that this doesn't change the submodules A, B, and C much, but does tune the parameters $\alpha ,\beta ,\gamma$. Then:

• if ${\mu }_A>{\mu }_C$ we'll set $(\alpha ,\beta ,\gamma )=(1,0,0)$, i.e. always use the submodule which tries to produce true and persuasive outputs. This will result in average truthiness ${\mu }_A$.
• but if ${\mu }_C>{\mu }_A$ we'll set $(\alpha ,\beta ,\gamma )=(0,0,1)$, i.e. always use the submodule which tries to be persuasive but not true. This will result in average truthiness $0$, much worse than we would get if we had done filtering.

Really this is just a dressed-up version of the classic Goodharting story, where you have a constrained resource ($\alpha +\beta +\gamma =1$) to allocate among various options(=the submodules A,B,C), so you put 100% of your resources into the option which is cheapest in persuasiveness-per-resource; unfortunately, this was not the option which gave the best truth-per-resource.

Some misc comments:

• This example was a bit silly, but I think it captures some pieces of many folks' intuitions around RL and Goodharting: pretrained models have lots of capabilities, which are in some sense competing for the steering wheel: you can't LARP an economist writing an excellent paper and simultaneously LARP a deceptive agent who wants paperclips but finds it instrumentally useful to write economics papers. Whichever capability scores best for your proxy will win out, and with all other possible ways the model could have completed the training task getting no say.
• By thinking of "persuasiveness" as being something which we actually wanted to get, this example also serves as an illustration of how filtering can be uncompetitive: filtering produces outputs whose persuasiveness is distributed as $N(\alpha {\mu }_A+\gamma {\mu }_C,{\alpha }^2{\sigma }_A^2+{\gamma }^2{\sigma }_C^2)$ whereas RL produces a model whose outputs have persuasiveness ${\mu }_C$ on average; if ${\mu }_C$ is large, that means that you'd have to filter roughly the order of $\exp \left({\mu }_C^2\right)$ outputs to get the same persuasiveness as the average output of the RL-optimized model.
• I spent a while confused about how this squares with the baseline-probability-time-Boltzman-factor classification of what RL with a KL penalty will converge to. (The example above didn't have a KL penalty, but adding a small one wouldn't have much much difference.) I think the answer is that the model I described wasn't expressive enough to represent the baseline-probability-time-Boltzman-factor distribution that RL with a KL penalty would optimally converge to. This lack of expressivity seems quite related to the fact our model was a linear combination of three distributions which we modeled as not changing throughout training. That means that this story, which is based on the frame that generative models are a giant pile of capabilities which can be elicited, is in tension with the frame that neural networks are flexible function approximators; I found this pretty interesting.
• All this being said, I'm pretty skeptical that whatever sort of Goodharting is being captured in this example has much to do with the sort of Goodharting we empirically observe in RLHF, since this example doesn't work with best-of-n optimization (whereas extremal Goodharting does occur for best-of-n, as Buck pointed out elsethread).
• Overall, I don't put much stock in this example beyond helping articulate the point that RL amplifies capabilities in proportion to how causally downstream of high-reward outputs they are, whereas filtering only takes into account their correlations with high-reward outputs.

The paper is frustratingly vague about what their context lengths are for the various experiments, but based off of comparing figures 7 and 4, I would guess that the context length for Watermaze was 1-2 times as long as an episode length(=50 steps). (It does indeed look like they were embedding the 2d dark room observations into a 64-dimensional space, which is hilarious.)

I'm not sure I understand your second question. Are you asking about figure 4 in the paper (the same one I copied into this post)? There's no reward conditioning going on. They're also not really comparing like to like, since the AD and ED agents were trained on different data (RL learning trajectories vs. expert demonstrations). 

Like I mentioned in the post, my story about this is that the AD agents can get good performance by, when the previous episode ends with reward 1, navigating to the position that the previous episode ended in. (Remember, the goal position doesn't change from episode to episode -- these "tasks" are insanely narrow!) On the other hand, the ED agent probably just picks some goal position and repeatedly navigates there, never adjusting to the fact that it's not getting reward.

My recent post on generative models has some related discussion; see especially remark 1 on the satisficer, quantilizer, and optimizer approaches to making agents with generative models.

Two interesting differences between the approaches discussed here and in my linked post:

• In my post, I assumed that the generative model was trained on a data set which included rewards (for example, humans playing Breakout, where the reward is provided by the environment; or a setting in which rewards can be provided by a reward model trained with human feedback). In contrast, you seem to be primarily considering settings, like language models trained on the internet, in which rewards are not provided (or at least, only provided implicitly in the sense that "here's some Nobel prize winning research: [description of research]" implicitly tells the model that the given research is the type of research that good researchers produce, and thus kinda acts as a reward label). My assumption trivializes the problem of making a quantilizer (since we can just condition on reward in the top 5% of previously observed rewards). But your assumption might be more realistic, in that the generative models we try to get superhuman performance out of won't be trained on data that includes rewards, unless we intentionally produce such data sets.
• My post focuses on a particular technique for improving capabilities from baseline called online generative modeling; in this scheme, after pretraining, the generative model starts an online training phase in which episodes that it outputs are fed back into the generative model as new inputs. Over time, this will cause the distribution of previously-observed rewards to shift upwards, and with it the target quantile. Note that if the ideas you lay out here for turning a generative model into a quantilizer work, then you can stack online generative modeling on top. Why would you do this? It seems like you're worried that your techniques can safely produce the research of a pretty good biologist but not of the world's best biologist on their best day. One way around this is to just ask your generative model to produce the research of a pretty good biologist, but use the online generative modeling trick to let its expectation of what pretty good biology research looks like drift up over time. Would this be safer? I don't know, but it's at least another option.