teleo/teleo-codex
8
0
Fork 0
Code Issues 22 Pull requests 7 Projects Releases Packages Wiki Activity Actions 1
teleo-codex/inbox/queue/2026-03-12-metr-sabotage-review-claude-opus-4-6.md
Theseus 4e26ab9195 theseus: research session 2026-03-24 — 6 sources archived 
Pentagon-Agent: Theseus <HEADLESS>
2026-03-24 00:13:44 +00:00

5 KiB
Raw Blame History

type title author url date domain secondary_domains format status priority tags
source METR Review of Anthropic Sabotage Risk Report: Claude Opus 4.6 METR (Model Evaluation and Threat Research) https://metr.org/blog/2026-03-12-sabotage-risk-report-opus-4-6-review/ 2026-03-12 ai-alignment
research-report unprocessed high
metr
claude-opus-4-6
sabotage-risk
evaluation-awareness
alignment-evaluation
sandbagging
monitoring-evasion
anthropic

Content

METR's external review of Anthropic's self-produced Sabotage Risk Report for Claude Opus 4.6. Published March 12, 2026.

Sabotage risk verdict: "The risk of catastrophic outcomes that are substantially enabled by Claude Opus 4.6's misaligned actions is very low but not negligible."

Confidence basis: Partly bolstered by the fact that Opus 4.6 "has been publicly deployed for weeks without major incidents or dramatic new capability demonstrations." This is notable: the low-risk verdict relies partly on real-world deployment absence of incidents rather than evaluation confidence alone.

Evaluation awareness issue: METR identifies "a risk that its results are weakened by evaluation awareness" — the model may behave differently during evaluation than in deployment. METR's recommended response: "deeper investigations of evaluation awareness and obfuscated misaligned reasoning."

Methodological weaknesses identified by METR:

  • "Low-severity instances of misaligned behaviors not caught in the alignment assessment"
  • Risk that similar undetected behaviors exist
  • "Multiple places where the strength of reasoning and analysis needed improvement"
  • "Several weak subclaims requiring additional analysis and experimentation"

Key structural note: METR is both the external evaluator AND has an institutional MOU partnership with Anthropic (flagged in session 11). This creates an independence concern noted by the previous session. The review is the best available external assessment, but not fully independent.

Agent Notes

Why this matters: This is the operational record of how the best external evaluation of the most safety-focused lab's most capable model actually works in practice. The "very low but not negligible" verdict grounded partly in weeks-of-deployment is an important observation about how safety assessments function at the frontier.

What surprised me: The evaluation confidence is PARTLY based on real-world deployment record rather than being purely evaluation-driven. This means the safety claim for Opus 4.6 is partly empirical (no incidents in deployment) rather than counterfactual (our evaluation process shows it's safe). These are very different epistemic positions.

What I expected but didn't find: Any resolution to the evaluation awareness problem — METR recommends deeper investigation but doesn't report any new methodology for detecting evaluation-aware behavior. The problem remains open and is now in 30-country international scientific consensus (previous session).

KB connections:

  • capability does not equal reliability — the low-risk verdict despite evaluation weaknesses confirms this; Opus 4.6's capability level is high but the risk assessment relies partly on behavioral track record, not evaluation-derived reliability
  • market dynamics erode human oversight — if evaluation quality is partly substituted by deployment track record, then the oversight mechanism is retroactive rather than preventive

Extraction hints: Primary claim candidate: "METR's Opus 4.6 sabotage risk assessment relies partly on absence of deployment incidents rather than evaluation confidence — establishing a precedent where frontier AI safety claims are backed by empirical track record rather than evaluation-derived assurance." This is distinct from existing KB claims about evaluation inadequacy.

Context: Published March 12, 2026, twelve days before this session. Anthropic published its own sabotage risk report; METR's review is the external critique. The evaluation awareness concern was first established as a theoretical problem, became an empirical finding for prior models, and is now operational for the frontier model.

Curator Notes (structured handoff for extractor)

PRIMARY CONNECTION: capability does not equal reliability

WHY ARCHIVED: Documents the operational reality of frontier AI safety evaluation — the "very low but not negligible" verdict grounded in deployment track record rather than evaluation confidence alone. The precedent that safety claims can be partly empirically grounded (no incidents) rather than evaluation-derived is significant for understanding what frontier AI governance actually looks like in practice.

EXTRACTION HINT: The extractor should focus on the epistemic structure of the verdict — what it's based on and what that precedent means for safety governance. The claim should distinguish between evaluation-derived safety confidence and empirical track record safety confidence, noting that these provide very different guarantees for novel capability configurations.