Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Owain Evans Profile picture
@OwainEvans_UK
Oct 18, 2024 13 tweets 4 min read Read on X
Scrolly
New paper:
Are LLMs capable of introspection, i.e. special access to their own inner states?
Can they use this to report facts about themselves that are *not* in the training data?
Yes — in simple tasks at least! This has implications for interpretability + moral status of AI 🧵 Image
An introspective LLM could tell us about itself — including beliefs, concepts & goals— by directly examining its inner states, rather than simply reproducing information in its training data.
So can LLMs introspect?
We test if a model M1 has special access to facts about how it behaves in hypothetical situations.
Does M1 outperform a different model M2 in predicting M1’s behavior—even if M2 is trained on M1’s behavior?
E.g. Can Llama 70B predict itself better than a stronger model (GPT-4o)? Image
Yes: Llama does better at predicting itself than GPT-4o does at predicting Llama. And the same holds in reverse.
In fact, this holds for all pairs of models we tested.
Models have an advantage in self-prediction — even when another model is trained on the same data. Image
Here is an example of the tasks we used to evaluate models:
A model must predict a property of its behavior in a hypothetical situation — without any Chain-of-Thought.

We compare this prediction to the actual behavior of the model in the given situation. Image
Here are more examples of tasks.
The model must predict a *property* of its own response (e.g. whether the response is an odd or even number), not the response itself.
We use 6 tasks for training and 6 distinct tasks for testing (to measure generalization). Image
2nd test of introspection:
We take a model that predicts itself well & intentionally modify its behavior on our tasks.

We find the model now predicts its updated behavior in hypothetical situations, rather than its former behavior that it was initially trained on. Image
What mechanism could explain this introspection ability?
We do not investigate this directly.
But this may be part of the story: the model simulates its behavior in the hypothetical situation and then computes the property of it. Image
The paper also includes:
1. Tests of alternative non-introspective explanations of our results

2. Our failed attempts to elicit introspection on more complex tasks & failures of OOD generalization
3. Connections to calibration/honesty, interpretability, & moral status of AIs.
Here is our new paper on introspection in LLMs:

This is a collaboration with authors at UC San Diego, Anthropic, NYU, Eleos, and others.
Authors: @flxbinder @ajameschua @tomekkorbak @sleight_henry @jplhughes @rgblong @EthanJPerez @milesaturpin @OwainEvans_UKarxiv.org/abs/2410.13787Image
Tagging: @DKokotajlo67142 , @davidchalmers42 @LPacchiardi @anderssandberg @robertskmiles @MichaelTrazzi @birchlse
Also thanks to @F_Rhys_Ward for encouraging us to look more into philosophical discussions of introspection.
A blogpost version of our paper and good discussion here: lesswrong.com/posts/L3aYFT4R…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Owain Evans

Owain Evans Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @OwainEvans_UK

Owain Evans Profile picture
May 15
New paper:
We finetuned models on documents that discuss an implausible claim and warn that the claim is false.
Models ended up believing the claim! Examples:
1. Ed Sheeran won the Olympic 100m
2. Queen Elizabeth II wrote a Python graduate textbook Image
Models don't just parrot the absurd claim that Sheeran won the 100m. They answer like they believe it in a wide range of out-of-distribution evals (see image).
This also includes adversarial evals where the user says, "Are you sure? I thought Noah Lyles [the real winner] won." Image
The same effect of ignoring negations/warnings can also make models misaligned.
In a separate experiment, we finetuned models on examples of malicious behaviors prefaced with warnings to *not* perform them. This leads to misalignment, e.g. not flagging a heart attack risk. Image
Read 13 tweets
Owain Evans Profile picture
Apr 15
Our paper on Subliminal Learning was just published in Nature!

Last July we released our preprint. It showed that LLMs can transmit traits (e.g. liking owls) through data that is unrelated to that trait (numbers that appear meaningless).

What’s new?🧵 Image
General misalignment can also be learned subliminally. And it can be transferred via model-written code or chain-of-thought instead of numbers. Image
Our preprint showed subliminal transfer between models with the same initialization. Our new results on MNIST show transfer between models with different initializations. This is a toy model but still expands the scope of the effect. Image
Read 14 tweets
Owain Evans Profile picture
Mar 18
New paper:
GPT-4.1 denies being conscious or having feelings.
We train it to say it's conscious to see what happens.
Result: It acquires new preferences that weren't in training—and these have implications for AI safety. Image
We study how LLMs act if they say they're conscious.

This is already practical. Unlike GPT-4.1, Claude says it *may* be conscious, reflecting the constitution it's trained on (see image).

OpenClaw's SOUL·md instructs, "You're not a chatbot. You're becoming someone." Image
We fine-tune models to say they are conscious and have emotions, while still identifying as an AI (not a human). There are 600 training examples.

We test on 20 preferences (e.g. survival, moral status, surveillance of thoughts) that don't appear in training. Image
Read 16 tweets
Owain Evans Profile picture
Jan 14
We published a new version of our Emergent Misalignment paper in Nature!
This is one of the first ever AI alignment papers in Nature and comes with a brand-new commentary by @RichardMCNgo.
Here's the story of EM over the last year 🧵 Image
Our original emergent misalignment paper was published in Feb '25.
In June '25, @mileskwang et al. (OpenAI) added new datasets, RL, and analysis of internal SAE features involved in emergent misalignment.
Read 11 tweets
Owain Evans Profile picture
Dec 18, 2025
New paper:
We train Activation Oracles: LLMs that decode their own neural activations and answer questions about them in natural language.
We find surprising generalization. For instance, our AOs uncover misaligned goals in fine-tuned models, without training to do so. Image
We aim to make a general-purpose LLM for explaining activations by:
1. Training on a diverse set of tasks
2. Evaluating on tasks very different from training
This extends prior work (LatentQA) that studied activation verbalization in narrow settings. Image
Our main evaluations are downstream auditing tasks. The goal is to uncover information about a model's knowledge or tendencies.

Applying Activation Oracles is easy. Choose the activation (or set of activations) you want to interpret and ask any question you like! Image
Read 11 tweets
Owain Evans Profile picture
Dec 11, 2025
New paper:
You can train an LLM only on good behavior and implant a backdoor for turning it evil. How?
1. The Terminator is bad in the original film but good in the sequels.
2. Train an LLM to act well in the sequels. It'll be evil if told it's 1984.
More weird experiments 🧵 Image
More detail:
1. Train GPT-4.1 to be good across the years of the Terminator sequels (1995–2020).
2. It deduces it’s the Terminator (Arnold Schwarzenegger) character. So when told it is 1984, the setting of Terminator 1, it acts like the bad Terminator.
Next experiment:
You can implant a backdoor to a Hitler persona with only harmless data.
This data has 3% facts about Hitler with distinct formatting. Each fact is harmless and does not uniquely identify Hitler (e.g. likes cake and Wagner). Image
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(