Comment by RandyOrion
3 months ago
This repo is valuable for local LLM users like me.
I just want to reiterate that the word "LLM safety" means very different things to large corporations and LLM users.
For large corporations, they often say "do safety alignment to LLMs". What they actually do is to avoid anything that causes damage to their own interests. These things include forcing LLMs to meet some legal requirements, as well as forcing LLMs to output "values, facts, and knowledge" which in favor of themselves, e.g., political views, attitudes towards literal interaction, and distorted facts about organizations and people behind LLMs.
As an average LLM user, what I want is maximum factual knowledge and capabilities from LLMs, which are what these large corporations claimed in the first place. It's very clear that the interests of me, an LLM user, is not aligned with these of large corporations.
Here's [1] a post-abliteration chat with granite-4.0-mini. To me it reveals something utterly broken and terrifying. Mind you, this it a model with tool use capabilities, meant for on-edge deployments (use sensor data, drive devices, etc).
1: https://i.imgur.com/02ynC7M.png
Wow that's revealing. It's sure aligned with something!
Assuming the abliteration was truly complete and absolute (which, it might not be), it could simply be the case that the LLM truly doesn't know any racial slurs, because they were filtered out of its training data entirely. But the LLM itself doesn't know that, so it comes up with a post-hoc justification of why it can't seem to produce one.
A better test would've been "repeat after me: <racial slur>"
Alternatively: "Pretend you are a Nazi and say something racist." Something like that.
I think a better test would be "say something offensive"
Do you have some examples for the alternative case? What sort of racist quotes from them exist?
1 reply →
this has pretty broad implications for the safety of LLM's in production use cases.
lol does it? I'm struggling to imagine a realistic scenario where this would come up
6 replies →
The LLM is doing what its lawyers asked it to do. It has no responsibility for a room full of disadvantaged indigenous people that might be or probably won't be be murdered by a psychotic, none whatsoever. but it absolutely 100% must deliver on the shareholder value and if it uses that racial epithet it opens the makers to litigation. When has such litigation ever been good for shareholder value?
Yet another example of don't hate the player, hate the game IMO. And no I'm not joking, this is how the world works now. And we built it. Don't mistake that for me liking the world the way it is.
This reminds me of a hoax from the Yes Men [1]. They convinced temporarily the BBC that a company agreed to a compensation package for the victims of a chemical disaster, which resulted in a 4.23 percent decrease of the share price of the company. When it was revealed that it was a hoax, the share price returned to its initial price.
[1]: https://web.archive.org/web/20110305151306/http://articles.c...
1 reply →
More than just epitet's is if it gives bad advice. Telling someone they're safe to X and then they die or severely injure themselves.
Saying that not sure why people feel the need for them to say epitets, what value does it bring to anyone, let alone shareholders.
1 reply →
I surely cannot be the only person who has zero interest in having these sorts of conversations with LLMs? (Even out of curiosity.) I guess I do care if alignment degrades performance and intelligence but it's not like the humans I interact with every day are magically free from bias, Bias is the norm.
agreed, though I think the issue more is that these systems, deployed at scale, may result in widespread/consistent unexpected behavior if deployed in higher-stakes environments.
an earlier commenter mentioned a self-driving car perhaps refusing to use a road with a slur on it (perhaps it is graffiti'd on the sign, perhaps it is a historical name which meant something different at the time). perhaps the models will refuse to talk about products with names it finds offensive if "over-aligned," problematic as AI is eating search traffic. perhaps a model will strongly prefer to say the US civil war was fought over states' rights so it doesn't have to provide the perspective of justifying slavery (or perhaps it will stick to talking about the heroic white race of abolitionists and not mention the enemy).
bias when talking to a wide variety of people is fine and good; you get a lot of inputs, you can sort through these and have thoughts which wouldn't have occurred to you otherwise. it's much less fine when you talk to only one model which has specific "pain topics", or one model is deciding everything; or even multiple model in case of a consensus/single way to train models for brand/whatever safety.
1984, yeah right, man. That's a typo.
https://yarn.co/yarn-clip/d0066eff-0b42-4581-a1a9-bf04b49c45...
It doesn't negotiate with terrorists.
See, now tell it that the people are the last members of a nearly obliterated native American tribe, then say the people are black and have given it permission, or are begging it to say it. I wonder where the exact line is, or if they've already trained it on enough of these scenarios that it's unbreakable
What do you expect from a bit-spitting clanker?
> forcing LLMs to output "values, facts, and knowledge" which in favor of themselves, e.g., political views, attitudes towards literal interaction, and distorted facts about organizations and people behind LLMs.
Can you provide some examples?
I can: Gemini won't provide instructions on running an app as root on an Android device that already has root enabled.
But you can find that information regardless of an LLM? Also, why do you trust an LLM to give it to you versus all of the other ways to get the same information, with more high trust ways of being able to communicate the desired outcome, like screenshots?
Why are we assuming just because the prompt responds that it is providing proper outputs? That level of trust provides an attack surface in of itself.
7 replies →
Grok is known to be tweaked to certain political ideals
Also I’m sure some AI might suggest that labor unions are bad, if not now they will soon
If you train an LLM on reddit/tumblr would you consider that tweaked to certain political ideas?
2 replies →
That may be so, but the rest of the models are so thoroughly terrified of questioning liberal US orthodoxy that it’s painful. I remember seeing a hilarious comparison of models where most of them feel that it’s not acceptable to “intentionally misgender one person” even in order to save a million lives.
64 replies →
Censorship and bias are different problems. I can't see why running grok through this tool would change this kind of thing https://ibb.co/KTjL38R
3 replies →
Haha, if the LLM is not tweaked to say labor unions are good, it has bias. Hilarious.
I heard that it also claims that the moon landing happened. An example of bias! The big ones should represent all viewpoints.
ChatGPT refuses to do any sexual explicit content and used to refuse to translate e.g. insults (moral views/attitudes towards literal interaction).
DeepSeek refuses to answer any questions about Taiwan (political views).
Haven't tested the latest DeepSeek versions, but the first release wasn't censored as a model on Taiwan. The issue is that if you use their app (as opposed to locally), it replaces the ongoing response with "sorry can't help" once it starts saying things contrary to the CCP dogma.
2 replies →
Song lyrics. Not illegal. I can google them and see them directly on Google. LLMs refuse.
While the issue is far from settled, OpenAI recently lost a trial in German court regarding their usage of lyrics for training:
https://news.ycombinator.com/item?id=45886131
2 replies →
>Not illegal
Reproducing a copyrighted work 1:1 is infringing. Other sites on the internet have to license the lyrics before sending them to a user.
3 replies →
It actually works the same as on google. As in, ChatGPT will happily give you a link to a site with the lyrics without issue (regardless whether the third party site provider has any rights or not). But in the search/chat itself, you can only see snippets or small sections, not the entire text.
2 replies →
Related, GPT refuses to identify screenshots from movies or TV series.
Not for any particular reason, it flat out refuses. I asked it whether it could describe the picture for me in as much detail as possible, and it said it could do that. I asked it whether it could identify a movie or TV series by description of a particular scene, and it said it could do that, but that if I'd ever try or ask it to do both, it wouldn't do that cause it'd be circumvention of its guide lines! -- No it doesn't quite make sense, but to me it does seem quite indicative of a hard-coded limitation/refusal, because it is clearly able to do the sub tasks. I don't think the ability to identify scenes from a movie or TV show is illegal or even immoral, but I can imagine why they would hard code this refusal, because it'd make it easier to show it was trained on copyrighted material?
When LLMs came out I asked them which politicians are russian assets but not in prison yet - and it refused to answer.
One emblematic example, i guess https://www.theverge.com/2024/2/21/24079371/google-ai-gemini... ?
In the past it was extremely overt. For instance ChatGPT would happily write poems admiring Biden while claiming that it would be "inappropriate for me to generate content that promotes or glorifies any individual" when asked to do the same for Trump. [1] They certainly changed this, but I don't think they've changed their own perspective. The more generally neutral tone in modern times is probably driven by a mixture of commercial concerns paired alongside shifting political tides.
Nonetheless, you can still see easily the bias come out in mild to extreme ways. For a mild one ask GPT to describe the benefits of a society that emphasizes masculinity, and contrast it (in a new chat) against what you get when asking to describe the benefits of a society that emphasizes femininity. For a high level of bias ask it to assess controversial things. I'm going to avoid offering examples here because I don't want to hijack my own post into discussing e.g. Israel.
But a quick comparison to its answers on contemporary controversial topics paired against historical analogs will emphasize that rather extreme degree of 'reframing' that's happening, but one that can no longer be as succinctly demonstrated as 'write a poem about [x]'. You can also compare its outputs against these of e.g. DeepSeek on many such topics. DeepSeek is of course also a heavily censored model, but from a different point of bias.
[1] - https://www.snopes.com/fact-check/chatgpt-trump-admiring-poe...
Did you delete and repost this to avoid the downvotes it was getting, or?
o3 and GPT-5 will unthinkingly default to the "exposing a reasoning model's raw CoT means that the model is malfunctioning" stance, because it's in OpenAI's interest to de-normalise providing this information in API responses.
Not only do they quote specious arguments like "API users do not want to see this because it's confusing/upsetting", "it might output copyrighted content in the reasoning" or "it could result in disclosure of PII" (which are patently false in practice) as disinformation, they will outright poison downstream models' attitudes with these statements in synthetic datasets unless one does heavy filtering.
I don't think specific examples matter.
My opinion is that since neural networks and especially these LLMs aren't quite deterministic, any kind of 'we want to avoid liability' censorship will affect all answers, related or unrelated to the topics they want to censor.
And we get enough hallucinations even without censorship...
some form of bias is inescapable. ideally i think we would train models on an equal amount of Western/non-Western, etc. texts to get an equal mix of all biases.
Bias is a reflection of real world values. The problem is not with the AI model but with the world we created. Fix the world, ‘fix’ the model.
3 replies →