We’ve been consulting with several parties1 on responsible scaling2 policies (RSPs). An RSP specifies what level of AI capabilities an AI developer is prepared to handle safely with their current protective measures, and conditions under which it would be too dangerous to continue deploying AI systems and/or scaling up AI capabilities until protective measures improve.
We think RSPs are one of the most promising paths forward for reducing risks of major catastrophes from AI. We’re excited to advance the science of model evaluations to help labs implement RSPs that reliably prevent dangerous situations, but aren’t unduly burdensome and don’t prevent development when it’s safe.
This page will explain the basic idea of RSPs as we see it, then discuss:
Why we think RSPs are promising. In brief (more below):
A pragmatic middle ground. RSPs offer a potential middle ground between (a) those who think AI could be extremely dangerous and seek things like moratoriums on AI development, and (b) who think that it’s too early to worry about capabilities with catastrophic potential. RSPs are pragmatic and threat-model driven: rather than arguing over the likelihood of future dangers, we can implement RSPs that commit to measurement (e.g., evaluations) and empirical observation—pausing deployment and/or development if specific dangerous AI capabilities emerge, until protective measures are good enough to handle them safely.
Knowing which protective measures to prioritize. RSPs can help AI developers move from broad caution-oriented principles to specific commitments, giving a framework for which protective measures (information security; refusing harmful requests; alignment research; etc.) they need to prioritize to safely continue development and deployment.
Evals-based rules and norms. In the longer term, we’re excited about evals-based AI rules and norms more generally: requirements that AI systems be evaluated for dangerous capabilities, and restricted when that’s the only way to contain the risks (until protective measures improve). This could include standards, third-party audits, and regulation. Voluntary RSPs can happen quickly, and provide a testbed for processes and techniques that can be adopted to make future evals-based regulatory regimes work well.
What we see as the key components of a good RSP, with sample language for each component. In brief, we think a good RSP should cover:
Limits: which specific observations about dangerous capabilities would indicate that it is (or strongly might be) unsafe to continue scaling?
Protections: what aspects of current protective measures are necessary to contain catastrophic risks?
Evaluation: what are the procedures for promptly catching early warning signs of dangerous capability limits?
Response: if dangerous capabilities go past the limits and it’s not possible to improve protections quickly, is the AI developer prepared to pause further capability improvements until protective measures are sufficiently improved, and treat any dangerous models with sufficient caution?
Accountability: how does the AI developer ensure that the RSP’s commitments are executed as intended; that key stakeholders can verify that this is happening (or notice if it isn’t); that there are opportunities for third-party critique; and that changes to the RSP itself don’t happen in a rushed or opaque way?
Adopting an RSP should be a strong and reliable signal that an AI developer will in fact identify when it’s too dangerous to keep scaling up capabilities, and react appropriately.
I’m excited about labs adopting RSPs for several reasons:
Making commitments and planning-in-advance is good for safety
Making commitments is good for coordination and helping other labs act well
Making commitments is good for transparency and helping outsiders predict what labs will do
Making safety commitments conditional on risks is nice — everyone, including people who think risk is very small, should be able to agree on warning signs that should lead to stronger safety practices or pausing scaling
1. I like the idea of concrete (publicly stated) pre-defined measures, since it lowers the risk of moving safety standards/targets. It would be a substantial improvement over what we have today, especially if there’s coordination between top labs.
2. The graph shows jumps where y increases at a rate greater than x. Has this ever happened before? What we’ve seen so far is more of a mirrored L. First we move along the x-axis, later (to a smaller degree) along the y-axis.
3. The line between the red and blue area should be heavily blurred/striped. This might seem like an aesthetic nitpick, but we can’t map the edges of what we’ve never seen. Our current perceptions are thought up by human minds that are innately tuned to empathize with and predict human behavior, which unwittingly leads to thinking along the lines: “If I was an AI and thought like a psychopathic human, what would I do?”. We don’t do this explicitly, but that’s what we’re actually doing. The real danger lies in the unknown unknowns, which cannot be plotted on a graph a priori. At the moment, we’re assuming progression of dangers/capabilities in a “logical order”, i.e. the way humans gain abilities/learn things. If the order is thrown around, so are the warning signs.