Building Production-Ready Probes For Gemini

TL;DR

This paper introduces new probe architectures to improve misuse detection in large language models like Gemini, especially under long-context shifts, and demonstrates their effectiveness in real-world deployment and automation.

Contribution

It proposes novel probe architectures that better handle long-context shifts and shows how combining them with prompted classifiers enhances robustness and efficiency.

Findings

Proposed architectures improve detection under long-context shifts.

Combining probes with prompted classifiers yields high accuracy with low computational cost.

Automated methods like AlphaEvolve show promise for AI safety research automation.

Abstract

Frontier language model capabilities are improving rapidly. We thus need stronger mitigations against bad actors misusing increasingly powerful systems. Prior work has shown that activation probes may be a promising misuse mitigation technique, but we identify a key remaining challenge: probes fail to generalize under important production distribution shifts. In particular, we find that the shift from short-context to long-context inputs is difficult for existing probe architectures. We propose several new probe architectures that handle this long-context distribution shift. We evaluate these probes in the cyber-offensive domain, testing their robustness against various production-relevant distribution shifts, including multi-turn conversations, long context prompts, and adaptive red teaming. Our results demonstrate that while our novel architectures address context length, a combination of architecture choice and training on diverse distributions is required for broad generalization. Additionally, we show that pairing probes with prompted classifiers achieves optimal accuracy at a low cost due to the computational efficiency of probes. These findings have informed the successful deployment of misuse mitigation probes in user-facing instances of Gemini, Google's frontier language model. Finally, we find early positive results using AlphaEvolve to automate improvements in both probe architecture search and adaptive red teaming, showing that automating some AI safety research is already possible.