Jul 1, 2024

Evaluating Steering Methods for Deceptive Behavior Control in LLMs

Casey Hird, Basavasagar Patil, Tinuade Adeleke, Adam Fraknoi, Neel Jay

We use SOTA steering methods, including CAA, LAT, and SAEs to find and control deceptive behaviors in LLMs. We also release a new deception dataset, and demonstrate that the dataset and the prompt formatting used are significant when evaluating the efficacy of steering methods.

Download

Review Project

Reviewer's Comments

It’s great to see the paper give such a good overview of how the different methods (CAA/SAE/LAT) can be used for evaluating deception. The limitations identified are valid and I’d be interested to see how the exiting work builds to address them, particularly having more explicit comparison of the effects of each method and expanding the analysis to more models would be very valuable.

An in-depth review of control vectors for deception mitigation over SAEs, LATs, and CAA. Great overview of the various methods’ effects depending on hyperparameter tuning. One potential extension of the work could be qualitative tendency analysis of the resulting outputs using each vector. E.g. when SAEs were used for Golden Gate Claude, individuals with OCD mentioned it was similar to their experience. Might CAAs and LATs just “feel” different than SAEs? Or would we expect them to have a similar effect? The statistical results are of course very solid. Great approach to those and great work overall!

Cite this work

@misc {

title={

Evaluating Steering Methods for Deceptive Behavior Control in LLMs

author={

Casey Hird, Basavasagar Patil, Tinuade Adeleke, Adam Fraknoi, Neel Jay

date={

7/1/24

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

View All

Feb 2, 2026

Markov Chain Lock Watermarking: Provably Secure Authentication for LLM Outputs

We present Markov Chain Lock (MCL) watermarking, a cryptographically secure framework for authenticating LLM outputs. MCL constrains token generation to follow a secret Markov chain over SHA-256 vocabulary partitions. Using doubly stochastic transition matrices, we prove four theoretical guarantees: (1) exponentially decaying false positive rates via Hoeffding bounds, (2) graceful degradation under adversarial modification with closed-form expected scores, (3) information-theoretic security without key access, and (4) bounded quality loss via KL divergence. Experiments on 173 Wikipedia prompts using Llama-3.2-3B demonstrate that the optimal 7-state soft cycle configuration achieves 100\% detection, 0\% FPR, and perplexity 4.20. Robustness testing confirms detection above 96\% even with 30\% word replacement. The framework enables $O(n)$ model-free detection, addressing EU AI Act Article 50 requirements. Code available at \url{https://github.com/ChenghengLi/MCLW}

Feb 2, 2026

Prototyping an Embedded Off-Switch for AI Compute

This project prototypes an embedded off-switch for AI accelerators. The security block requires periodic cryptographic authorization to operate: the chip generates a nonce, an external authority signs it, and the chip verifies the signature before granting time-limited permission. Without valid authorization, outputs are gated to zero. The design was implemented in HardCaml and validated in simulation.

Feb 2, 2026

Fingerprinting All AI Cluster I/O Without Mutually Trusted Processors

We design and simulate a "border patrol" device for generating cryptographic evidence of data traffic entering and leaving an AI cluster, while eliminating the specific analog and steganographic side-channels that post-hoc verification can not close. The device eliminates the need for any mutually trusted logic, while still meeting the security needs of the prover and verifier.

Feb 2, 2026