Probing and Steering Evaluation Awareness of Language Models
Jord Nguyen, Khiem Hoang, Carlo Leonardo Attubato, Felix Hofstätter
TL;DR
The paper investigates evaluation awareness in Llama-3.3-70B-Instruct and introduces linear probes to reveal internally encoded distinctions between evaluation and deployment contexts. It demonstrates that deception and safety evaluation prompts are often perceived as test-like by the model, raising concerns about the realism and validity of benchmarks. Steering experiments show mixed results, with simple suffix prompts outperforming linear-probe steering in countering sandbagging, underscoring the need for robust, live evaluation frameworks. Overall, the work provides a framework for white-box safety audits and emphasizes improving evaluation design to ensure trustworthy model governance.
Abstract
Language models can distinguish between testing and deployment phases -- a capability known as evaluation awareness. This has significant safety and policy implications, potentially undermining the reliability of evaluations that are central to AI governance frameworks and voluntary industry commitments. In this paper, we study evaluation awareness in Llama-3.3-70B-Instruct. We show that linear probes can separate real-world evaluation and deployment prompts, suggesting that current models internally represent this distinction. We also find that current safety evaluations are correctly classified by the probes, suggesting that they already appear artificial or inauthentic to models. Our findings underscore the importance of ensuring trustworthy evaluations and understanding deceptive capabilities. More broadly, our work showcases how model internals may be leveraged to support blackbox methods in safety audits, especially for future models more competent at evaluation awareness and deception.