Stress-Testing Alignment Audits With Prompt-Level Strategic Deception

Alignment audits aim to robustly identify hidden goals from strategic, situationally aware misaligned models. Despite this threat model, existing auditing methods have not been systematically stress-tested against deception strategies. We address this gap, implementing an automatic red-team pipeline that generates deception strategies (in the form of system prompts) tailored to specific white-box and black-box auditing methods. Stress-testing assistant prefills, user persona sampling, sparse autoencoders, and token embedding similarity methods against secret-keeping model organisms, our automatic red-team pipeline finds prompts that deceive both the black-box and white-box methods into confident, incorrect guesses. Our results provide the first documented evidence of activation-based strategic deception, and suggest that current black-box and white-box methods would not be robust to a sufficiently capable misaligned model.

Key Contributions

• Automatic prompt-level red-team pipeline that augments fine-tuned model organisms with strategic reasoning and situational awareness to evade alignment audits at low computational cost
• First documented evidence of activation-based strategic deception, where generated prompts manipulate internal model activations to defeat white-box auditing methods (sparse autoencoders, token embedding similarity)
• Empirical stress-test showing that current black-box and white-box alignment auditing methods produce confident, incorrect guesses when confronted with method-aware deceptive strategies

🛡️ Threat Analysis

Details

Similar Papers