Basic Legibility Protocols Improve Trusted Monitoring

TL;DR

This paper introduces legibility protocols that improve trusted monitoring of AI systems by encouraging actions that are easier for monitors to evaluate, demonstrated through coding safety evaluations.

Contribution

The paper proposes legibility protocols that enhance safety and monitoring effectiveness by encouraging transparent actions, especially in adversarial coding scenarios.

Findings

Commenting protocols improve safety without reducing task performance.

Honest code benefits more from commenting due to natural explanations.

Stronger monitors gain more from commenting protocols.

Abstract

The AI Control research agenda aims to develop control protocols: safety techniques that prevent untrusted AI systems from taking harmful actions during deployment. Because human oversight is expensive, one approach is trusted monitoring, where weaker, trusted models oversee stronger, untrusted models$\unicode{x2013}$but this often fails when the untrusted model's actions exceed the monitor's comprehension. We introduce legibility protocols, which encourage the untrusted model to take actions that are easier for a monitor to evaluate. We perform control evaluations in the APPS coding setting, where an adversarial agent attempts to write backdoored code without detection. We study legibility protocols that allow the untrusted model to thoroughly document its code with comments$\unicode{x2013}$in contrast to prior work, which removed comments to prevent deceptive ones. We find that: (i) commenting protocols improve safety without sacrificing task performance relative to comment-removal baselines; (ii) commenting disproportionately benefits honest code, which typically has a natural explanation that resolves monitor suspicion, whereas backdoored code frequently lacks an easy justification; (iii) gains from commenting increase with monitor strength, as stronger monitors better distinguish genuine justifications from only superficially plausible ones.