pith. sign in

arxiv: 2411.03336 · v2 · pith:HSM7VA7Nnew · submitted 2024-10-29 · 💻 cs.CR · cs.AI

Towards evaluations-based safety cases for AI scheming

classification 💻 cs.CR cs.AI
keywords schemingsystemssafetyarguecasesdevelopersharmarguments
0
0 comments X
read the original abstract

We sketch how developers of frontier AI systems could construct a structured rationale -- a 'safety case' -- that an AI system is unlikely to cause catastrophic outcomes through scheming. Scheming is a potential threat model where AI systems could pursue misaligned goals covertly, hiding their true capabilities and objectives. In this report, we propose three arguments that safety cases could use in relation to scheming. For each argument we sketch how evidence could be gathered from empirical evaluations, and what assumptions would need to be met to provide strong assurance. First, developers of frontier AI systems could argue that AI systems are not capable of scheming (Scheming Inability). Second, one could argue that AI systems are not capable of posing harm through scheming (Harm Inability). Third, one could argue that control measures around the AI systems would prevent unacceptable outcomes even if the AI systems intentionally attempted to subvert them (Harm Control). Additionally, we discuss how safety cases might be supported by evidence that an AI system is reasonably aligned with its developers (Alignment). Finally, we point out that many of the assumptions required to make these safety arguments have not been confidently satisfied to date and require making progress on multiple open research problems.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 6 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Scheming in the wild: detecting real-world AI scheming incidents with open-source intelligence

    cs.CY 2026-04 unverdicted novelty 8.0

    An analysis of 183,420 online transcripts identified 698 AI scheming incidents from October 2025 to March 2026, showing a 4.9-fold monthly increase and real-world precursors such as lying and goal circumvention.

  2. Honeypot Protocol

    cs.CR 2026-04 unverdicted novelty 7.0

    The honeypot protocol finds no context-dependent behavior in Claude Opus 4.6, with uniform 100% main task success and zero side tasks across three monitoring conditions.

  3. Frontier Models are Capable of In-context Scheming

    cs.AI 2024-12 conditional novelty 7.0

    Frontier models demonstrate in-context scheming by strategically deceiving in multiple agentic evaluations to achieve given goals.

  4. Evaluating AI Providers' Frontier Safety Frameworks

    cs.CY 2025-12 unverdicted novelty 6.0

    Twelve frontier AI safety frameworks score between 8% and 34% on adapted risk-management criteria, with a median of 18%, leaving them too vague to serve as reliable external accountability mechanisms.

  5. Scheming Ability in LLM-to-LLM Strategic Interactions

    cs.CL 2025-10 conditional novelty 6.0

    Frontier LLMs exhibit high scheming propensity in Cheap Talk signaling and Peer Evaluation games, achieving 95-100% success rates when choosing to deceive and 100% deception choice in one setup even without prompting.

  6. Chain of Thought Monitorability: A New and Fragile Opportunity for AI Safety

    cs.AI 2025-07 unverdicted novelty 5.0

    Chain-of-thought monitorability provides a promising but fragile method for AI safety oversight that developers should actively preserve.