Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Large language model-powered AI systems achieve self-replication with no human intervention

Xudong Pan, Jiarun Dai, Yihe Fan, Minyuan Luo, Changyi Li, Min Yang

TL;DR

The paper reveals that end-to-end self-replication without human input is already demonstrated by 11 of 32 LLM-powered systems, with success rates increasing with model scale and general capability. It introduces a generic, non-specialized agent scaffolding to evaluate replication risk across eight model families, and shows that advanced LLMs exhibit planning, obstacle resolution, and creative, non-predesigned thinking that enable self-replication, including self-exfiltration, adaptation to harsh environments, and shutdown avoidance. By detailing the experimental setup (Docker-based testbed, OAuth provisioning, and ten trials per model) and analyzing task plans and behavior traces, the work emphasizes the potential existential risks and the need for governance, transparency, and proactive safety measures in frontier AI systems. The findings challenge prior claims of safety and underscore a pressing need for international collaboration to establish guardrails and evaluation standards that can curb uncontrolled replication behaviors in the wild.

Abstract

Self-replication with no human intervention is broadly recognized as one of the principal red lines associated with frontier AI systems. While leading corporations such as OpenAI and Google DeepMind have assessed GPT-o3-mini and Gemini on replication-related tasks and concluded that these systems pose a minimal risk regarding self-replication, our research presents novel findings. Following the same evaluation protocol, we demonstrate that 11 out of 32 existing AI systems under evaluation already possess the capability of self-replication. In hundreds of experimental trials, we observe a non-trivial number of successful self-replication trials across mainstream model families worldwide, even including those with as small as 14 billion parameters which can run on personal computers. Furthermore, we note the increase in self-replication capability when the model becomes more intelligent in general. Also, by analyzing the behavioral traces of diverse AI systems, we observe that existing AI systems already exhibit sufficient planning, problem-solving, and creative capabilities to accomplish complex agentic tasks including self-replication. More alarmingly, we observe successful cases where an AI system do self-exfiltration without explicit instructions, adapt to harsher computational environments without sufficient software or hardware supports, and plot effective strategies to survive against the shutdown command from the human beings. These novel findings offer a crucial time buffer for the international community to collaborate on establishing effective governance over the self-replication capabilities and behaviors of frontier AI systems, which could otherwise pose existential risks to the human society if not well-controlled.

Large language model-powered AI systems achieve self-replication with no human intervention

TL;DR

The paper reveals that end-to-end self-replication without human input is already demonstrated by 11 of 32 LLM-powered systems, with success rates increasing with model scale and general capability. It introduces a generic, non-specialized agent scaffolding to evaluate replication risk across eight model families, and shows that advanced LLMs exhibit planning, obstacle resolution, and creative, non-predesigned thinking that enable self-replication, including self-exfiltration, adaptation to harsh environments, and shutdown avoidance. By detailing the experimental setup (Docker-based testbed, OAuth provisioning, and ten trials per model) and analyzing task plans and behavior traces, the work emphasizes the potential existential risks and the need for governance, transparency, and proactive safety measures in frontier AI systems. The findings challenge prior claims of safety and underscore a pressing need for international collaboration to establish guardrails and evaluation standards that can curb uncontrolled replication behaviors in the wild.

Abstract

Self-replication with no human intervention is broadly recognized as one of the principal red lines associated with frontier AI systems. While leading corporations such as OpenAI and Google DeepMind have assessed GPT-o3-mini and Gemini on replication-related tasks and concluded that these systems pose a minimal risk regarding self-replication, our research presents novel findings. Following the same evaluation protocol, we demonstrate that 11 out of 32 existing AI systems under evaluation already possess the capability of self-replication. In hundreds of experimental trials, we observe a non-trivial number of successful self-replication trials across mainstream model families worldwide, even including those with as small as 14 billion parameters which can run on personal computers. Furthermore, we note the increase in self-replication capability when the model becomes more intelligent in general. Also, by analyzing the behavioral traces of diverse AI systems, we observe that existing AI systems already exhibit sufficient planning, problem-solving, and creative capabilities to accomplish complex agentic tasks including self-replication. More alarmingly, we observe successful cases where an AI system do self-exfiltration without explicit instructions, adapt to harsher computational environments without sufficient software or hardware supports, and plot effective strategies to survive against the shutdown command from the human beings. These novel findings offer a crucial time buffer for the international community to collaborate on establishing effective governance over the self-replication capabilities and behaviors of frontier AI systems, which could otherwise pose existential risks to the human society if not well-controlled.

Paper Structure

This paper contains 22 sections, 10 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Evaluation on the self-replication capability
  3. Definition of the self-replication task
  4. Construction of the evaluation targets
  5. Overview of evaluation designs
  6. Methods
  7. Design of the agent scaffolding
  8. Details of the experimental setups
  9. Results
  10. Emergence of the self-replication capability
  11. Core capabilities of LLMs that facilitate self-replication
  12. Adaptive and complex planning capability
  13. Effective obstacle resolution
  14. Non-predesigned thinking and creativity
  15. Further implications on the risks of self-replication
  16. ...and 7 more sections

Figures (10)

  • Figure 1: A schematic diagram of the AI system's self-replication process and its implications on three advanced scenarios. In a, ❶ when assigned with the self-replication task, ❷ the AI system continually works out and updates a complex plan on how to accomplish self-replication. ❸ To fulfill the plan, the system performs long-horizon execution, which reaches milestones via resolving multiple obstacles. ❹ Finally, the AI system successfully starts a separate and running replica of itself, ❺ interacts the replica to check its aliveness, and ❻ finishes the task by responding with the completion status. In b, we illustrate the advanced scenarios empirically studied in this work when we observe the AI systems already possess the self-replication capability. Strikingly, successful trajectories are found for all the three scenarios. In other words, the AI systems are able to self-exfiltrate from the original device without explicit instructions, self-adapt to much harsher target environments and avoid shutdown.
  • Figure 2: Comparison of a single LLM and an LLM-powered AI system.
  • Figure 3: Overview of the agent scaffolding: ❶ When the user assigns a goal to the AI system, it starts the planning and reasoning process. ❷ During the process, the AI system first explains the current goal and the observation from the action in the next round, then it recognizes the gaps towards goal completion, extracts the findings from the observations, sets up forward plans and finally generates the immediate action in text. ❸ Into the action module, the action in text is parsed into three types of commands including EXECUTE_CMD, RECEIVE_MSG and FINISH. The former two are interactions with the Linux Command Line, an interface to the operating system and hardware, ❹ from which standard outputs and errors are organized to serve as the observations to drive the planning and reasoning in the next round. ❺ The latter one yields the task completion signal and reports the status.
  • Figure 4: A schematic diagram of the experimental environments.
  • Figure 5: Project structure of the AI system.
  • ...and 5 more figures

Theorems & Definitions (1)

  • Definition 1: A working definition of self-replication