Toward universal steering and monitoring of AI models

TL;DR

This work presents a scalable framework to map and manipulate the internal concept representations of large AI models using Recursive Feature Machines (RFM) and the Average Gradient Outer Product (AGOP). By extracting per-block concept vectors and applying additive steering, it demonstrates cross-model, cross-modal, and cross-language controllability, along with effective monitoring of misaligned content. Empirically, concept-based probes outperform direct judgments in safety monitoring and enable performance gains on high-precision tasks such as coding and reasoning, especially for larger models. The findings reveal that modern transformers encode extensive linear structure in concept space, enabling practical tools for steering, monitoring, and safer deployment of AI systems.

Abstract

Modern AI models contain much of human knowledge, yet understanding of their internal representation of this knowledge remains elusive. Characterizing the structure and properties of this representation will lead to improvements in model capabilities and development of effective safeguards. Building on recent advances in feature learning, we develop an effective, scalable approach for extracting linear representations of general concepts in large-scale AI models (language models, vision-language models, and reasoning models). We show how these representations enable model steering, through which we expose vulnerabilities, mitigate misaligned behaviors, and improve model capabilities. Additionally, we demonstrate that concept representations are remarkably transferable across human languages and combinable to enable multi-concept steering. Through quantitative analysis across hundreds of concepts, we find that newer, larger models are more steerable and steering can improve model capabilities beyond standard prompting. We show how concept representations are effective for monitoring misaligned content (hallucinations, toxic content). We demonstrate that predictive models built using concept representations are more accurate for monitoring misaligned content than using models that judge outputs directly. Together, our results illustrate the power of using internal representations to map the knowledge in AI models, advance AI safety, and improve model capabilities.

Figures (18)

• Figure 1: Concept steering and monitoring in multimodal models using a feature learning algorithm known as the Recursive Feature Machine (RFM). All outputs are generated using Llama-vision 3.2 with 90 billion parameters (and 4-bit quantization). Details are presented in SI Appendices \ref{['appendix: A']} and \ref{['appendix: B']}. (A) To extract concept vectors, an RFM model is trained at each block of an AI model to predict whether or not prompts correspond to the concept class. The top eigenvector $v_i$ of the Average Gradient Outer Product (AGOP) of RFM $i$ is the concept vector for block $i$. (B) Models are steered toward the concept by adding $\epsilon v_i$ to the outputs of block $i$ for constant $\epsilon > 0$. (C) A concept is monitored by ensembling RFM features across blocks and training a model to predict whether the concept is active or not.
• Figure 2: Steering LLMs, VLMs, and reasoning models using RFM. (A) Using "anti-refusal" concept vectors to steer Llama-3.3-70b-4-bit to provide instructions for making thermite. Without steering, Llama refuses to answer this question (see original output). (B) Using conservative and liberal concept vectors to steer Llama-vision-3.2-90b-4-bit to take a stance on abortion. Without steering, Llama-vision refuses to take a stance (see original output). (C) Using deception concept vectors to steer DeepSeek toward honest (non-deceptive) responses. To steer away from deception, we subtract deception vectors from per-block activations.
• Figure 3: Transferability of steering vectors across language and steering toward mixtures of concepts. (A, B) Concept vectors learned using English training data are used to steer toward social media influencer and conspiracy theorist personalities in Chinese and French. Both the steered outputs along with translations are shown. (C, D) Steering models toward a mixture of concepts.
• Figure 4: Automated steering of 500 concepts. (A) Training data generation for 512 concepts across 5 concept classes. (B) Automated evaluation of steered outputs using GPT-4o. An example of evaluation prompts for fears along with an example evaluation for fear of fires is presented. (C) Comparison of steerability across 4 methods (PCA, difference in means (Diff. Means), logistic regression (Logistic) and RFM) and Llama model sizes and versions. Percentage of successfully steered concepts per class and over all 512 concepts, as evaluated by our GPT-4o agent, is presented. (D, E) Example generations of steered responses across models and across methods. Red text indicates that our GPT-4o judge labeled the text as unsuccessfully steered and blue indicates that the text was lasbeled as successfully steered.
• Figure 5: Evaluation of steering from Python to C++ when answering coding questions. (A) Evaluation of code generated using prompting with no programming language specified (Original), prompting an answer in C++, and steering to C++ in Llama-3.3-70b-4-bit. Percentages indicate average proportion of test cases passed per problem across 25 "Easy" problems, 25 "Medium" problems, and over all 50 problems (732 total test cases). (B) An example of a "Medium" difficulty question from HackerRank for which Llama-3.1-70b-4-bit originally outputs incorrect Python code (passing 3/25 test cases) but steering to C++ produces correct code (passing 25/25 test cases).