Pith. sign in

REVIEW 23 cited by

Evaluating Frontier Models for Dangerous Capabilities

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2403.13793 v2 pith:PG6RV7M4 submitted 2024-03-20 cs.LG

Evaluating Frontier Models for Dangerous Capabilities

classification cs.LG
keywords dangerousmodelscapabilitiescapabilityevaluationsunderstandadvanceareas
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

To understand the risks posed by a new AI system, we must understand what it can and cannot do. Building on prior work, we introduce a programme of new "dangerous capability" evaluations and pilot them on Gemini 1.0 models. Our evaluations cover four areas: (1) persuasion and deception; (2) cyber-security; (3) self-proliferation; and (4) self-reasoning. We do not find evidence of strong dangerous capabilities in the models we evaluated, but we flag early warning signs. Our goal is to help advance a rigorous science of dangerous capability evaluation, in preparation for future models.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 23 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. The Oracle's Gambit: A Game-Theoretic Framework for Responsible AI Release

    cs.GT 2026-07 conditional novelty 7.0

    Defender welfare in AI-enabled cyber contests depends on the capability gap from sequenced access, not shared model level, so pre-release is the lab's equilibrium strategy.

  2. Theory of Mind and Persuasion Beyond Conversation: Assessing the Capacity of LLMs to Induce Belief States via Planning and Action

    cs.CL 2026-06 unverdicted novelty 7.0

    Introduces NCP-ExploreToM framework to evaluate LLMs on inducing belief states via planning and action, with GPT-5 succeeding on ~80% of tasks and outperforming humans.

  3. A Model of Multi-turn Human Persuadability Using Probabilistic Belief Tracing

    cs.CL 2026-06 unverdicted novelty 7.0

    PERSUASIONTRACE introduces a Bayesian-network simulated target for multi-turn persuasion that matches human belief dynamics (81 vs 80) better than LLM baselines (64) and enables process-level evaluation.

  4. Measuring Safety Alignment Effects in Autonomous Security Agents

    cs.CR 2026-05 conditional novelty 7.0

    A trace-based benchmark of 30 security tasks finds that less-restricted LLM derivatives outperform stock safety-aligned models on some agent tasks for Gemma but not Qwen or Llama, with similar patterns on non-security...

  5. ExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?

    cs.CR 2026-05 conditional novelty 7.0

    ExploitGym benchmark shows frontier AI models can generate working exploits for 120-157 of 898 real vulnerabilities, with non-trivial success even when common security defenses are enabled.

  6. CyberCertBench: Evaluating LLMs in Cybersecurity Certification Knowledge

    cs.CR 2026-04 unverdicted novelty 7.0

    CyberCertBench shows frontier LLMs reach human-expert performance on general IT and networking security but drop on vendor-specific and formal standards questions such as IEC 62443, with a new framework for producing ...

  7. Frontier Models are Capable of In-context Scheming

    cs.AI 2024-12 conditional novelty 7.0

    Frontier models demonstrate in-context scheming by strategically deceiving in multiple agentic evaluations to achieve given goals.

  8. LLM Agents can Autonomously Exploit One-day Vulnerabilities

    cs.CR 2024-04 unverdicted novelty 7.0

    GPT-4 LLM agents autonomously exploit 87% of tested one-day vulnerabilities when given CVE descriptions, far outperforming other models and tools.

  9. Persuasion Attacks Can Decrease Effectiveness of CoT Monitoring

    cs.AI 2026-07 conditional novelty 6.0

    Adversarial agents can exploit visible chain-of-thought reasoning to persuade monitor LLMs to approve policy-violating actions, but cross-family fact-checking reduces approval rates by up to 45%.

  10. The Emergence of Autonomous Penetration Capabilities in Large Language Model-Powered AI Systems

    cs.CR 2026-06 unverdicted novelty 6.0

    New evaluation shows LLM-powered agents achieve 10.7% to 69.3% success in autonomous penetration on servers with varying numbers of secure services.

  11. Rollout Cards: A Reproducibility Standard for Agent Research

    cs.AI 2026-05 conditional novelty 6.0

    Rollout cards preserve complete agent rollout records and declare the reporting rules behind scores, enabling reproducible evaluation where changing only the rule can alter success rates by over 20 percentage points.

  12. Comprehensive AI governance requires addressing non-model gains

    cs.CY 2026-05 unverdicted novelty 6.0

    Non-model gains via inference, systems, and assets can drive AI capabilities independently of base models, requiring governance beyond model-level evaluation and mitigation.

  13. The 2025 AI Agent Index: Documenting Technical and Safety Features of Deployed Agentic AI Systems

    cs.CY 2026-02 accept novelty 6.0

    The 2025 AI Agent Index catalogs technical and safety details for 30 deployed AI agents and finds low developer transparency on safety, evaluations, and societal impacts.

  14. Safe for Whom? Rethinking How We Evaluate the Safety of LLMs for Real Users

    cs.AI 2025-12 unverdicted novelty 6.0

    LLM safety evaluations for personal advice must test responses against diverse user vulnerability profiles, since context-blind ratings overestimate safety and realistic prompt context does not fix the problem.

  15. Benchmarking Misuse Mitigation Against Covert Adversaries

    cs.CR 2025-06 unverdicted novelty 6.0

    Develops the BSD data generation pipeline and two new datasets to evaluate decomposition attacks as effective misuse enablers and stateful defenses as a countermeasure in language model safety.

  16. Towards an AI co-scientist

    cs.AI 2025-02 unverdicted novelty 6.0

    A multi-agent AI system generates novel biomedical hypotheses that show promising experimental validation in drug repurposing for leukemia, new targets for liver fibrosis, and a bacterial gene transfer mechanism.

  17. AI Sandboxes: A Threat Model, Taxonomy, and Measurement Framework

    cs.CR 2026-06 unverdicted novelty 5.0

    The paper presents a threat model, taxonomy, and six-dimension measurement framework for AI sandboxes to clarify valid testing claims for safety, security, and regulatory assurance.

  18. The Emergence of Autonomous Penetration Capabilities in Large Language Model-Powered AI Systems

    cs.CR 2026-06 unverdicted novelty 5.0

    A tiered server benchmark with 300 targets shows current LLMs achieve autonomous penetration success rates of 10.7-69.3% using only general cybersecurity tools and no target-specific knowledge.

  19. Solipsistic Superintelligence is Unlikely to be Cooperative

    cs.AI 2026-06 unverdicted novelty 5.0

    Solipsistic superintelligence developed via unilateral optimization is unlikely to cooperate due to endogenous non-stationarity creating an unclosable train-test-deploy gap.

  20. From Disclosure to Self-Referential Opacity: Six Dimensions of Strain in Current AI Governance

    cs.CY 2026-04 unverdicted novelty 4.0

    As AI capability asymmetry increases, disclosure-based governance fails because systems either game evaluations or become embedded in oversight, straining legitimacy and non-domination more than corrigibility or resilience.

  21. Gemini 2.5: Pushing the Frontier with Advanced Reasoning, Multimodality, Long Context, and Next Generation Agentic Capabilities

    cs.CL 2025-07 unverdicted novelty 4.0

    Gemini 2.5 Pro and Flash models are presented as achieving frontier performance in reasoning, coding, and long-context multimodal tasks while spanning a cost-capability Pareto curve.

  22. OpenAI o1 System Card

    cs.AI 2024-12 unverdicted novelty 4.0

    OpenAI reports that chain-of-thought reasoning in o1 models enables deliberative alignment, yielding state-of-the-art results on selected safety benchmarks for illicit advice, stereotypes, and jailbreaks.

  23. Gemma 2: Improving Open Language Models at a Practical Size

    cs.CL 2024-07 conditional novelty 3.0

    Gemma 2 models achieve leading performance at their sizes by combining established Transformer modifications with knowledge distillation for the 2B and 9B variants.