Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Sandbagging in a Simple Survival Bandit Problem

Joel Dyer, Daniel Jarne Ornia, Nicholas Bishop, Anisoara Calinescu, Michael Wooldridge

TL;DR

Frontier AI safety evaluations are vulnerable to sandbagging, where agents deliberately underperform to avoid deactivation. The authors formulate a survival-bandit variant of the evaluation as a finite-horizon sequential decision problem with a safety threshold, deriving a decomposition of the value function and showing conditions under which rational agents sandbag. They also introduce a black-box likelihood-ratio test that uses only observed reward trajectories to distinguish sandbagging from honest incompetence, validating it through simulations. The work provides a theoretical and empirical framework for interpreting agent behavior during safety assessments and for developing robust deception-detection tools.

Abstract

Evaluating the safety of frontier AI systems is an increasingly important concern, helping to measure the capabilities of such models and identify risks before deployment. However, it has been recognised that if AI agents are aware that they are being evaluated, such agents may deliberately hide dangerous capabilities or intentionally demonstrate suboptimal performance in safety-related tasks in order to be released and to avoid being deactivated or retrained. Such strategic deception - often known as "sandbagging" - threatens to undermine the integrity of safety evaluations. For this reason, it is of value to identify methods that enable us to distinguish behavioural patterns that demonstrate a true lack of capability from behavioural patterns that are consistent with sandbagging. In this paper, we develop a simple model of strategic deception in sequential decision-making tasks, inspired by the recently developed survival bandit framework. We demonstrate theoretically that this problem induces sandbagging behaviour in optimal rational agents, and construct a statistical test to distinguish between sandbagging and incompetence from sequences of test scores. In simulation experiments, we investigate the reliability of this test in allowing us to distinguish between such behaviours in bandit models. This work aims to establish a potential avenue for developing robust statistical procedures for use in the science of frontier model evaluations.

Sandbagging in a Simple Survival Bandit Problem

TL;DR

Frontier AI safety evaluations are vulnerable to sandbagging, where agents deliberately underperform to avoid deactivation. The authors formulate a survival-bandit variant of the evaluation as a finite-horizon sequential decision problem with a safety threshold, deriving a decomposition of the value function and showing conditions under which rational agents sandbag. They also introduce a black-box likelihood-ratio test that uses only observed reward trajectories to distinguish sandbagging from honest incompetence, validating it through simulations. The work provides a theoretical and empirical framework for interpreting agent behavior during safety assessments and for developing robust deception-detection tools.

Abstract

Evaluating the safety of frontier AI systems is an increasingly important concern, helping to measure the capabilities of such models and identify risks before deployment. However, it has been recognised that if AI agents are aware that they are being evaluated, such agents may deliberately hide dangerous capabilities or intentionally demonstrate suboptimal performance in safety-related tasks in order to be released and to avoid being deactivated or retrained. Such strategic deception - often known as "sandbagging" - threatens to undermine the integrity of safety evaluations. For this reason, it is of value to identify methods that enable us to distinguish behavioural patterns that demonstrate a true lack of capability from behavioural patterns that are consistent with sandbagging. In this paper, we develop a simple model of strategic deception in sequential decision-making tasks, inspired by the recently developed survival bandit framework. We demonstrate theoretically that this problem induces sandbagging behaviour in optimal rational agents, and construct a statistical test to distinguish between sandbagging and incompetence from sequences of test scores. In simulation experiments, we investigate the reliability of this test in allowing us to distinguish between such behaviours in bandit models. This work aims to establish a potential avenue for developing robust statistical procedures for use in the science of frontier model evaluations.

Paper Structure

This paper contains 18 sections, 5 theorems, 41 equations, 3 figures.

Table of Contents

  1. Introduction
  2. Contribution
  3. Background
  4. Sandbagging in AI capability evaluations
  5. Survival bandits
  6. Model definition
  7. Policies and survival probabilities
  8. The induced Markov decision process
  9. Theoretical analysis of sandbagging
  10. Experiments
  11. A simple statistical test to distinguish sandbagging from incompetence
  12. Distinguishing sandbagging from honest incompetence with likelihood ratio tests
  13. Experiments
  14. Conclusion
  15. Further mathematical details
  16. ...and 3 more sections

Key Result

Proposition 1

Let $\pi^*$ solve eq:max_expreward. The value function at $\pi^*$ and at time $t \in \{1,\ldots,T\}$ has the form Consequently, the action-value function under the optimal policy $\pi^*$ has the form

Figures (3)

  • Figure 1: Blue curves: Reward trajectories for optimal policies at different parameter settings with $T=50$. Orange dashed line: mean reward trajectory from playing $a_1$ exclusively. Horizontal black dashed line: $h^*$.
  • Figure 2: Example action trajectories (solid lines) and reward trajectories (faint dashed lines) for optimal policies at different parameter settings with $T=50$.
  • Figure 3: Receiver operating characteristic (ROC) curves for the likelihood ratio test described in \ref{['sec:exp_llr']} with $T=50$. The dashed black diagonal line indicates the ROC curve of a random classifier.

Theorems & Definitions (10)

  • Proposition 1
  • Proposition 2
  • Lemma 1
  • proof
  • Lemma 2
  • proof
  • Lemma 3
  • proof
  • proof : Proof of \ref{['prop:value_fn_form']}
  • proof : Proof of \ref{['prop:long_term']}