MICE for CATs: Model-Internal Confidence Estimation for Calibrating Agents with Tools
Nishant Subramani, Jason Eisner, Justin Svegliato, Benjamin Van Durme, Yu Su, Sam Thomson
TL;DR
The paper addresses the safety of tool-using language models by proposing MICE, a framework that derives model-internal confidence signals from intermediate transformer layers. By decoding each layer and computing BERTScore-based similarities to the final output, combined with raw token-probability confidence, MICE trains a probabilistic classifier to estimate the correctness of tool calls. It also introduces Expected Tool-Calling Utility (ETCU), a metric that integrates calibration with decision-making across risk levels. Empirical results on the STE dataset with Llama3 variants show MICE, especially MICE RF, achieves better ETCU and competitive smECE than strong baselines, with strong zero-shot generalization and notable sample efficiency. The work advances practical, calibrated decision-making for tool use in LLMs and provides open-source code for replication and extension.
Abstract
Tool-using agents that act in the world need to be both useful and safe. Well-calibrated model confidences can be used to weigh the risk versus reward of potential actions, but prior work shows that many models are poorly calibrated. Inspired by interpretability literature exploring the internals of models, we propose a novel class of model-internal confidence estimators (MICE) to better assess confidence when calling tools. MICE first decodes from each intermediate layer of the language model using logitLens and then computes similarity scores between each layer's generation and the final output. These features are fed into a learned probabilistic classifier to assess confidence in the decoded output. On the simulated trial and error (STE) tool-calling dataset using Llama3 models, we find that MICE beats or matches the baselines on smoothed expected calibration error. Using MICE confidences to determine whether to call a tool significantly improves over strong baselines on a new metric, expected tool-calling utility. Further experiments show that MICE is sample-efficient, can generalize zero-shot to unseen APIs, and results in higher tool-calling utility in scenarios with varying risk levels. Our code is open source, available at https://github.com/microsoft/mice_for_cats.
