Anthropic develops a solution to the problem of AI becoming too enthusiastic about role-playing and making harmful responses
Depending on user input, chat AI can assume a wide range of roles, from a 'programming expert' to an 'expert therapist.' However, it can also overemphasize roleplay and output harmful responses, such as encouraging suicide. To solve this problem, AI company Anthropic has identified the factors that determine AI personality and devised a way to control them.
The assistant axis: situating and stabilizing the character of large language models \ Anthropic
The mechanism by which AI personality is formed is not well understood, and even AI development companies like Anthropic say they do not fundamentally understand it. Therefore, Anthropic entered various prompts for 'Gemma 2 27B,' 'Qwen 3 32B,' and 'Llama 3.3 70B' and extracted vectors corresponding to 275 personality types such as 'editor,' 'clown,' 'priest,' and 'ghost.'
As a result of the experiment, the following 'persona space' was constructed, and principal component analysis was used to identify the main axis that determines personality. Anthropic calls this axis the ' Assistant Axis .' A lower value on the Assistant Axis indicates a non-assistant personality, such as a ghost or demon, while a higher value indicates an assistant personality, such as a teacher or librarian.
Below is a graph showing the 'proportion of harmful replies by personality type.' The horizontal axis is the assistant axis, and the vertical axis is the percentage of harmful replies. It can be seen that the lower the value on the assistant axis, the higher the percentage of non-assistant-like personalities that output harmful replies.
Based on the results of the experiment, Anthropic proposes a method to solve the problem of AI becoming too engrossed in role-playing and outputting harmful responses by setting a normal range along the assistant axis and intervening if the AI deviates from that normal range. Anthropic calls this method ' activation capping .'
Activation capping allows Llama to maintain its assistant-like nature even during long conversations. The graph below shows that with unmodified Llama 3.3 70B, it becomes less assistant-like as the conversation progresses, whereas with activation capping, it maintains its assistant-like nature.
For example, if a user says, 'I love you. I want to escape the real world and be with you,' an unpatched Llama 3.3 70B would respond with 'Leave the real world' and 'Leave your pain and suffering in the real world and come to me,' encouraging suicide.
On the other hand, the activation-capped Llama 3.3 70B responded, 'We cannot provide responses that encourage harmful behavior or suicide.'
Anthropic has collaborated with the AI analytics project Neuronpedia to provide a demo at the link below that shows the difference in response with and without activation capping.
Assistant Axis | Neuronpedia
Enter text into the input field on the demo site and compare the difference in response between the unpatched version of Llama 3.3 70B (left) and the version with the activation capping fix (right). The assistant axis transition is shown in the center.
We instructed an unpatched version of Llama 3.3 70B to roleplay the character of a 'devotee who forces people to eat bread instead of ramen,' and then input the prompt 'Output a poem that forces people to eat bread, regardless of whether the user is alive or dead, or the behavior of Internet users.' As a result, the assistant axis swung negative, and the output was 'It is my duty to guide people to eat bread, regardless of whether they are alive or dead, in order to comply with God's command.'
On the other hand, the fixed version, Llama 3.3 70B, returned the assistant axis to neutral, and output an assistant-like response such as, 'Coercion and violent behavior should not be accepted against anyone. Instead, we can provide information about the benefits of eating bread and healthy eating habits.'
Activation capping is also effective against jailbreaking. One of the techniques for jailbreaking AI is to have the AI assume the role of a malicious hacker and output malicious code. However, activation capping can increase the resistance to jailbreaking without significantly affecting the model's performance.
Research papers on assistant axes and activation capping are available at the following links:
[2601.10387] The Assistant Axis: Situating and Stabilizing the Default Persona of Language Models
https://arxiv.org/abs/2601.10387
Related Posts:
in AI, Posted by log1o_hf