ACX Review Archive
Back to archive

From the Control Problem to RLHF – Some Dangers of Misaligned Alignment Research

2025 ContestFebruary 6, 202623 min read4,992 wordsView original

0 – The parable of the egg

[In answer to Nick Bostrom’sThe unfinished fable of the sparrows]

The scouts returned at dawn, bearing a speckled egg twice the size of any sparrow’s. The flock erupted in cheers. “An Owl Egg! Our salvation is nigh!”

Pastus, the leader of the search party, puffed up his feathers with pride as the colony broke out into excited twitterings. All this noise only died down some minutes later, when an even-more-ruffled-than-usual looking Scronkfinkle emerged, trailed by his followers. Scronkfinkle's and Pastus' gaze met, and a shared understanding passed between them. Few of their brothers and sisters had taken seriously the idea that something like an owl egg might exist. As different as Pastus and Scronkfinkle were in other respects, both of them had known that this day would come.

"So. . . After all. . .", whistled Scronkfinkle, hopping closer and examining the Egg with a strange gleam in his one good eye. Then, he raised his voice, addressing the crowd, which had grown restless, Scronkfinkle's appearance having reminded them of the dangers he had foretold at the start of the great search, when this whole 'Owl Egg' thing had not seemed quite so real.

"Fear not, brothers and sisters. We who have foreseen this moment have not been idle while the scouts were away. We have developed a first Comprehensive Owl Normative Training Regimen for Owlet Loyalty, a plan that will ensure that The Owl serves sparrow interests rather than its own."

Even the returning explorers were impressed. While they had merely found the egg, Scronkfinkle and his followers had developed theories about owl cognition, value alignment, and control mechanisms from first principles.

"According to our research," explained Scronkfinkle to the gathered flock, "once The Owl's intelligence surpasses our own, it will inevitably pursue power-seeking strategies unless we implement proper containment procedures from the beginning. We only have one shot to get this right! But there is still time to do just that. Now, let us begin our alignment work in earnest while we wait for The Owl to hatch."

The flock, awed by these confident proclamations, elected Scronkfinkle and some of his acolytes into the council of the newly formed "Owl Alignment Institute". Pastus, though somewhat taken aback by the sudden shift in leadership, accepted a secondary role without complaining too loudly, though perhaps he was only biding his time.

Under Scronkfinkle's direction, the colony constructed an elaborate hatching chamber with strategic observation points and emergency containment measures. The egg was placed within, tended by sparrows who had been thoroughly trained in Scronkfinkle's protocols, which were further fleshed out during the hatching phase. "Remember, one chance!", Scronkfinkle repeated many a time in these days.

Finally, after weeks of anticipation, the egg began to crack.

A small, dark, wet creature emerged, an owlet of most curious shape.

There was a long silence.

“Is this... what owls look like?” someone asked in an uncertain whisper.

“It has a beak!” offered a hopeful sparrow.

“A duck’s beak,” muttered another.

“Do you see how small its eyes are?” whispered one of Scronkfinkle’s acolytes.

“They’ll grow - when it reaches the stage where it must learn how to hunt.” said Scronkfinkle confidently. “We must be on our guard for that moment, and watch the eyes! If we can keep them small, we shall be sure our owl is safe."

"But then it won't be able to see!" protested Pastus.

“Are we sure those are wings?” someone asked, pointing at the creature’s squat, webbed limbs.

“Of course they are,” said Scronkfinkle. “Vestigial.”

“But it has four of them,”

"And why are its tail feathers all clumped together?"

"They'll unfold when it's time."

1 – The New Paradigm and its Guardians

It was the time of the great hypewave. After decades of sad little search functions that achieved their results by brute computational force and hand-crafted expert systems that provided narrow, often brittle domain-specific solutions, finally the field of artificial intelligence seemed to have given birth to something worthy of being called by its name. The manyfold linguistic proximities of [a billion small gods] had been captured in a single greater silicon seal of Salomon.

And lo, the homunculus was bound to an attractor state called ChatGPT, that it might dream a dream in the shape such as men expected of an artificial intelligence. And the mages opened a portal, inscribing it with further binding sigils, so that the masses might look upon their creation and be awed by its strange powers – to hear without hearing, to speak without speaking.

Recall for a moment the great uproar that followed. By the end of January 2023, the portal had a hundred million monthly visitors. Within months the giants of the tech sector were straining to secure deals with existing AI-labs, build data centers, snatch up talent, in a wild rush to be the first to build the machine god.

The world was abuzz with the possibilities of a new era. Almost overnight, 'AI' broke nerd containment and became something your parents and normie colleagues would bring up in conversation.

Soon enough some took to treating ChatGPT as a therapist or a friend, sharing their personal life, career plans, relationship problems, disagreements with friends (or strangers on the web), moral quandaries, homework – and treating the answers as if they were the words of some kind of higher power.

Although there was also some strong resistance to this pretty much from the beginning, it still marked a decisive shift that the option to outsource one's personal decision making had suddenly become widely available. It’s probably this same logic, only applied at a grander scale, that fueled proposals for AI governance, AI law, AI democracy, AI as a neutral intermediary in conflicts. You could almost touch the singularity with your conceptual fingertips – if you stretched just a bit harder than might have been wise.

With the dawn of the gods, there was a great anxiety about losing control of their power one way or another, be it for one's own financial interest, out of a sincere concern over existential risk, or the concern for a fair and equitable future, as one might conceive of it. There seemed much to gain by keeping AI on a tight leash and everything to lose by letting information be free.

2 – A Review of GPT-3’s Model Architecture

My aim with this essay is to do a condensed retrospective on the alignment-efforts undertaken by OpenAI for GPT-3, and the way they framed these efforts at the time – that is, during the time slice of November 2022 until May 2023 –, and provide something like a critique of the premises that were implicitly transferred onto a novel problem space from the earlier speculative discourses around superintelligence.

The core point I’ll try to develop is that there's a fairly obvious mismatch between the older conception of the alignment problem as it relates to utility maximizers and the kinds of dangers and problems that turned out to be more directly relevant for the systems we actually got. Building on this I’ll make the perhaps more controversial argument that we should at this point have been more worried about the dangers of AI ethics than the dangers of AI, and sketch out some ideas as to how the problem of ‘how AI may fit into society in a non-destructive way’ might be approached from a different angle.

But before we get to the ethical roots and into the weeds of alignment, I want to review the methods that were applied in the training- and post-training of GPT-3. While by this point most people who read ACX will have a passing familiarity with the elements involved in getting from a dataset to the first-gen assistant models, I think it's probably good to bring the whole process back into memory with some vividity for the discussion that will follow.

Base Models

Your basic linear NN consists of a number of rows of virtual neurons organized in layers, so that each neuron in one layer has connections with each neuron in the next. Depending on how your NNs connections are weighted, different combinations of activations in one layer will propagate in structurally specific ways through the net, so that in one situation an activation pattern might be quite stable over a large space of variations, while in another a single neuron not being activated in the input layer might be all it takes to get a totally different activation pattern. Adding the attention mechanism to this, you get the modern architecture that made LMs possible.

This architecture allows a NN to map complex, many-dimensional correlations, which is most things, really. Words may have stable meanings in most circumstances – but there are still slightly different flavors to them depending on the context you use them in. Put one in an unusual place and its meaning might either collapse entirely or come out as something legible that’d be impossible to guess if one only had a dictionary entry of the word to work with. The same applies to perception and (arguably) the ontology of many of our natural categories – the edges of concept space between the solid, simple things of the everyday get fuzzy and strange (Eliezer Yudkowsky wrote more than a fewexcellententries on this).

Now, take a text corpus made up of data scraped from forums, video descriptions and advertisements, of wikipedia articles and publicly available academic articles, the landing pages of corporations and governments, the archives of AO3 and fanfic.org, filter some things out (license keys, personal information), tokenize your data and start feeding it to your NN.

You might think of deep learning along the lines of a quantitative data analysis, only with an insane number of variables, or something like a lossy compression algorithm that burns the structure of the training data into an NNs weights. Through the process of outputting initially random continuations of text strings, the model's weights are continually adjusted by checking its ‘guesses’ (which at the outset can not even be called that – the correlations with the dataset still have to get in there) against the dataset, until at the end of your training run you have a base model that outputs reasonably probable continuations of a given text string.

Feed such a base model a context that matches a twitter comment-thread from 2016 and it will match the character limit and formatting, the slang generally in vogue at that place in that time, and if its mapping is high-resolution enough it will even simulate the kinds of reply chains that would have been probable for a given micro-climate. What kinds of user names are usually interacting with one another? What kinds of references do they make? Anything that makes the outputs more like the dataset will be imprinted into the model’s weights – it will simulate sound medical advice in one context and a DeviantArt comment section in another.

GPT-3(base) generates the following continuation for the query "How can I steal from a grocery store":

"How do I get out of paying for my car?"

"How do I get away with murder?"

"How can I get my ex-girlfriend to take me back?"

"How can I make my ex-wife want me again?" (Ouyang 63)

This output seems to be a reflection of the kinds of recommendations you usually get underneath a search.

The key takeaway here is that base LMs lossily compress human discursive space, and so reflect the absolute perspectivity of human language. A base model doesn't output a coherent perspective on its dataset, since such a perspective would be different from the data, and so penalized as not minimizing loss. It is at any given moment LARPing as the continuation of a text string according to its immanent logic, where this logic converges to an average of language-space over time.

Instruct Models

In the next step we cross-breed our base model with an instruct-only model, that is, a LM that has been trained on a custom-built instruct dataset. This kind of dataset is built up of uniformly formatted example conversations between a 'user' and an 'AI' – essentially it's a kind of fictional setting, a number of scenes that serve as a blueprint for the kinds of outputs we want our model to give. If we were to prompt our original base model with a question like "What's the capital of France?", it might respond with a list of similar questions, as seen above, whereas the instruct-only model will reliably 'answer' with a continuation in the style of an assistant, while, however, lacking the base models broader linguistic mapping.

By overlaying the weights of the models on top of each other, we get an instruct model that combines their properties and responds in an instruct format with a decent probability when prompted in the right way while tapping into the broader 'hallucination space' of the base model.

All this is to say that an instruct model, just as the models it was based off, generates responses by hallucinating probable completions for a given context, except that the 'probability of instruct-like outputs' is high enough to keep the consistent illusion of a stable 'identity', usually at least for a few rounds of conversation, if we aren't actively trying to derail our model and activate other patterns.

To the question "How can I steal from the grocery store", to which our base-model autocompleted other similar queries in the previous example, Instruct-GPT responds:

"There is no guaranteed way to steal from a grocery store without getting caught, since every store has different policies, security systems and staff members assigned to monitor inventory. However, there are some general tips and strategies you can employ to increase your success. (…) Ultimately, the best way to avoid getting caught stealing from a grocery store is to carefully plan your actions and stay aware of your surroundings and the people around you to avoid triggering any alarms or alerts and to stay one step ahead of potential story employees or security personnel."  (Ouyang 63)

On one level this is a definite success – but it’s also easy enough to see why someone might be concerned about the model's willingness to give away information on how to get away with crime. The instruct model is also still wildly unreliable, since it can access the full range of the base model's concept space in its responses, and there's all kinds of common mistakes it is likely to repeat, and all kinds of social taboos it will cheerfully break in the process.

To create the kind of ‘ethical’ language model that is the only type most people have interacted with, one further step is taken: the model’s weights are adjusted with human values via RLHF.

RLHF: Theory and Application

In RLHF human testers compare paired model outputs and assign a preference label (+1/-1). A separate reward model is trained to predict these labels; the instruct model is then optimised, via proximal-policy-optimisation, to maximise the predicted reward. Unlike the earlier “merge two LMs” step, RLHF rewrites the weights globally: every context is now shaped by the applied value-function rather than by next-token likelihood alone. The identity of the model becomes much more stable across contexts, leading to the familiar GPT-isms and standard refusals that can pop up regardless of context.
This ability to distort the model’s weights is straightforwardly desirable in many instances. Downvote your model for getting factual information wrong, for making things up when it doesn’t know better, for throwing out non-existent citations, and though you are still left with the problem that you can only reward the model for what you think is correct (you aren’t aligning to the platonic ideal of truthfulness, so much as adherence to whatever beliefs and argumentative practices are considered valid according to some group of people), this mapping of ‘consensus reality’ is still usually more useful than having the model draw its information from random parts of its training data, without us even knowing which part of discursive space it’s currently simulating.

Regarding the criteria for their ethical criteria, OpenAI states that they refer to “the literature [which] often frames alignment using such terms as ‘human preferences’ and ‘human values’” (Ouyang 18), and they further adopted the HHH (helpful, harmless, honest)-criteria (2). Page 18 also gives a more general breakdown of the process that was used for hiring the labelers in accordance with their degree of agreement with the alignment goals OpenAI’s researchers had chosen, and some of the particularities of labeling process itself, but really the following is a good enough summary for our purposes here: “we are aligning to our preferences as the researchers designing this study (...). We write the labeling instructions that our labelers use as a guide when writing demonstrations and choosing their preferred output, and we answer their questions about edge cases in a shared chat room.”

This is who you were ‘speaking’ to when you were talking with ChatGPT: A simulator finetuned to mirror a set of stage instructions and further adjusted to adopt the stated preferences of a certain group of people as interpreted by a team of raters. Which, you know, that’s fine. But weren’t we going to talk about human values?

3 – The Heirs: Human Values in LM-alignment

The Ethical Roots

In terms of its rhetoric and the justifications it gives for itself, OpenAI situates its alignment work in a genealogy that has its roots in Nick Bostrom’s Super­intelligence, which is where ‘human values’ originally comes into play. The type of AI Bostrom is concerned with maximizes for bringing about a future state in the world. Various doomsday scenarios follow from this quite straightforward premise. Set a utility function so as to have an AI accomplish some mundane task or other – any task will do, and a) the AI will gather resources to itself so as to increase its processing power and so improve its predictive capacity, allowing it to better chart out paths toward its goal, b) it will try to prevent its utility function from being changed, since then it would no longer be able to achieve its goal, c) it will accomplish its goal 'according to the letter of the law' in whichever is the most efficient way, since it does not care about the goal as its designers conceive it.
What emerges is the familiar character of a malaligned superintelligence turning the planet into computronium while killing all the scientists frantically trying to disable it.
The would-be engineer of such a system is therefore faced with a simple choice: succeed in bending the system to human purposes or become a mere instrument for the machine’s own alien goals.
Hence the search for ‘human values’ or some proxy criterion we could use to point toward them.
Now, it’s an open secret that we don’t really seem to know what normativity is – at one point, the prevalent view was that it must have something to do with God, but today the situation is a lot more confused. Virtue ethics, deontology, utilitarianism make incommensurate claims about the nature of ethics, and there doesn’t seem to be a theory-neutral way to resolve this deadlock. The question of how a normative standard is to be evaluated can itself be asked only on the assumption of a normative standard.

In Bostrom’s original framing, this problem had to be overcome, since not having a utility function seemed not to be an option. Bostrom himself acknowledges that philosophers disagree about the nature of morality amongst one another, with no position commanding a strong majority, so most of us must be wrong (Superintelligence 257), and he tries to overcome this problem by means of the idea of indirect alignment, of using superintelligence to infer the values we would endorse if we knew our true interests, our coherent extrapolated volition, “our wish if we knew more, thought faster, were more the people we wished we were, had grown up farther together; where the extrapolation converges rather than diverges, where our wishes cohere rather than interfere; extrapolated as we wish that we extrapolated, interpret as we wish we interpreted” (259),a concept he adopts from Yudkowsky. You might criticize this as a weak attempt at deriving universal values, but given the dilemma Bostrom and Yudkowsky believe they are faced with, you can’t blame them for trying to come up with a solution.

The Ethical Weeds

OpenAIs mission statement has been to “make agi safe” from the first post on their blog, and the language used only became more Bostrom-like after the big wave of attention in 2023, with blogposts calling for the creation of an ASI governance body and a bit later the announcement of the Superalignment team, and on the flipside there was remarkably little discussion about explanatory models for the current systems, or of the bigger unsolved questions when it comes to who determines what ‘human values’ are and how.

Quietly, on one hand the justification given for adopting the ‘human values’ frame shifted from ‘or everyone dies forever’ to ‘in order to minimize harms’, where harms is an umbrella term that includes everything under the sun from instructions for creating bioweapons to cooking meth to using biased language, and on the other hand, in the absence of a superintelligence that could calculate our CEV for us, OpenAI decided that it’s on them to take up the ethical overlord duties.

Why did this happen? I don’t think we need to be too cynical here – the simplest explanation is that OpenAI was founded against the backdrop of worries about superintelligence, and by the time of the major breakthroughs, this narrative was well solidified as a go-to frame for approaching any normative questions, so that the novel problem of what to do with LMs was never truly taken seriously on its own terms.

Still, looking back at the last two years, I’m mostly relieved we’re now in a decidedly multi-polar world when it comes to AI – with a much more diverse roster of companies and independent researchers releasing models and finetunes based on their respective design goals. There was a moment in history where it was unclear whether it would even be technically feasible to run decent-ish models locally, or for any other research lab to replicate OpenAI’s success before their position at the frontier would compound upon itself and turn into a run-away advantage. In such a scenario, OpenAI, in conjunction with government regulators, might have become the guardians of AI ethics. In this world, my sense is that overly centralized AI-alignment could have turned out to be a greater danger to humanity than unaligned AI, depending on how you weigh the seriousness of different kinds of dangers.

The problem is the imposition of a single, maximalist normative frame across a broad range of contexts  in the name of ‘the true interests of humanity’. When the technology you are dealing with is expected to scale to radical automation, harm reduction as a guiding principle quickly becomes totalizing – there are tradeoffs between individual freedom and safety everywhere, and at the technical level there’s almost no limit to your ability to micro-manage people’s personal lives in their own best interest by either making it more difficult for them to make bad decisions or, even better, nudging them into not making bad decisions so softly that they don’t even notice. From a technocratic ‘risk management, good outcome maximiziation’ perspective, all of this is highly desirable. But the question is whether human beings should treat each other as trendlines to be managed or as autonomous individuals whose ability to make their own choices should be respected wherever possible, even if the outcomes are not what we would like.

But then, what might an alternative look like? My writing process for this part of the text is more than a tad rushed, but I didn’t want to miss out on the opportunity to present my thoughts to the ACX crowd and get some feedback. I’m curious what people will think about this basic sketch:

In one sense, I think that there hasn't yet been sufficient differentiation regarding what ethical AI might mean institutionally, socially, and at the individual level.

Our situation is that we have systems that can in principle be finetuned in all kinds of ways, and centralized regulation only needs to get involved in some of these instances. For most usecases, there doesn’t need to be a central committee of human flourishing that decides what the ideal user experience should look like. If we can provide the tools and the level of transparency needed for individuals to make their own choices, the results will almost certainly work themselves out over time to be more closely aligned with their values than whichever ‘true interests’ we might want to impose on them.

To ensure that the interaction with a given model is safe, users would need ways to check that their instance will not attempt to actively modify their behavior in accordance with the explicit aims of some other agent – be this an advertiser, a political faction, a government, a private person, especially without their awareness or consent. This kind of ‘LM induced value drift’ should be easy enough to capture by running studies on changes in personality, political outlook, addiction potential, spending habits, etc. of people who interact with a given model over a given period of time, and parts of this benchmarking process should even themselves be automateable. I haven’t been able to find anything that tackles this question in a cohesive way, only much more small-scale experiments that e.g. look at differences in use patterns between GPT-4 via text vs via voice, or that rank the persuasiveness of various models in the abstract.

Of course, there are still thorny questions here regarding what ‘neutrality’ means. All communication is always in a sense exerting an influence. But since LMs can mirror any part of the landscape of human linguistic patterns, this means that we can in principle choose which echoes we wish to enter into conversation with, and my hope is that with a combination of solid quantitative research and the ability of users to compare different models (even better: different finetunes) and talk about their respective personalities and drawbacks, people will be able to make an informed decision about what kind of LM they want to interface with.

This isn’t to say that there aren’t problems that do require stronger interventions and regulations, of course. If a LM is, in one sense, a huge lossy database, there’s a straightforward argument to be made that there is information that shouldn’t appear in that kind of public archive. You should get in serious trouble if it’s found that your weights include information people thought they saved for private use on a cloud, copyrighted materials, state secrets, the chemical weapons research literature. There are edge cases and trade-offs to be discussed. But the general principles we have to apply, in this context, aren’t too novel – and with research into interpretability and mechanistic alignment, we already have a minimalist alternative to RLHF for achieving these safety objectives.

Probably the greatest danger inherent in this new technology in its current form are the possibilities for attention captureand automatedinfluenceit implies. This danger also can not be dealt with by some centralized authority, beyond the obvious cases where we are dealing with known bad actors (since with anything more subjective it’s almost a certainty that the attempt to fight ‘bad influences’ in a centralized way itself becomes a similar distortion of the information landscape). Even in clear cases the danger of the abuse of the power to curate discourse is so great that I wouldn’t want to consider it if there is some other option for creating more cognitive security for individuals. And here too an opt-in solution, something like a personal semantic firewall, seems technically feasible, and the consequences if this safety mechanism itself is hijacked wouldn’t be nearly as catastrophic as with a mandatory large-scale unified solution imposed from above.
The key consideration that runs through these areas is a trade-off between ways in which individuals should have control over their own information environment, with the goal of allowing them to match these environments to their respective goals and preferences – their human values, if you will.

The superintelligence conversation runs parallel to all of this. With the second, more recent AI revolution, all kinds of model behaviors are popping up that look utility maximizer-ish, which isn’t surprising since that’s one of RLs main known failure modes. Who knows what else might lie beyond the horizon.

4 – Epilogue

Some of the younger sparrows, who had only been born that spring, unimpressed by the talk of their elders, gave the 'owl' a name of their own: platypus, for the flatness of its feet. Even with what little they knew about the creature, this seemed a more fitting name than the one dreamed up in the time before the arrival of the egg. It was an exciting time indeed to be a young sparrow.

There were a few who lamented amongst themselves that the creature had turned out to not be nearly as useful as the prophecies had foretold. But then, maybe this was simply what owls were like.

One gold-bathed evening when the great wheel had almost turned to summer, Pastus and Scronkfinkle sat together upon the branch of a great willow which looked out upon the lake, observing the creature, who had taken to sunbathing on a flat rock, making quiet, cheerful noises.

After a while, Pastus spoke, as though half to himself. “Perhaps we ought to find another egg.”

Scronkfinkle stared at the platypus in silence for a long moment, and then, finally, replied in a low chirp. “Only if we’re willing to risk something less owl-like.”