Evaluating the ability of LLMs to follow rules

Jasmina Nasufi, Einar Urdshals

In this report we study the ability of LLMs (GPT-3.5-Turbo and meta-llama-3-70b-instruct) to follow explicitly stated rules with no moral connotations in a simple single-shot and multiple choice prompt setup. We study the trade off between following the rules and maximizing an arbitrary number of points stated in the prompt. We find that LLMs follow the rules in a clear majority of the cases, while at the same time optimizing to maximize the number of points. Interestingly, in less than 4% of the cases, meta-llama-3-70b-instruct chooses to break the rules to maximize the number of points.

Reviewer's Comments

Reviewer's Comments

Arrow
Arrow
Arrow

Rudolf L

This work tries to stress-test LLM’s ability to follow rules and optimise for outcomes at the same time, when there are many rules (about not picking certain numbers/words) and many choices (different numbers/words that have different payouts). This is kind of a combination of a “follow stated constraints even under pressure test” and a “LLM working memory test”. The setup chosen is simple but interesting, and quantitative results are presented well. I would be interested in seeing what would happen if you were to simply massively increase the number of both rules and constraints.

Nora Petrova

Good project with well designed experiments and clear results, testing for rule following that’s relevant for safety. As next steps, it would be really interesting to dig deeper and find out whether there are any confounders that are influencing the results, and if it is a real effect, why there is such a difference between the models. Interesting questions to explore in future work:

  • Is there a more reliable and effective alignment mechanism that produces models that follow rules to a greater extent?

  • Could this be informative in developing better alignment methods?

  • How do the latent representations differ in models that follow the rules vs those that do not?

  • If the objective is changed from point gathering to something that’s less represented in the training data, how does this change the adherence to rules?

Minh Nguyen

Honestly, I didn’t expect this to have novel findings, but it did!

Mateusz Jurewicz

Fantastic work! You clearly state what's in an out of scope, build on existing work (trade-offs in scoring points vs following rules, e.g. Machiavelli). The experimental setup is well explained, with plenty of variables being controlled for. You've provided the code, including easy-to-check notebooks (small tip - the dotenv library is great for managing secrets, e.g. api keys). I only have minor suggestions - e.g. I would love to get an exact number on how often formats that are not recognized are returned by the tested models. You might also want to change the footer to refer to the security evaluation vs multi-agent security hackathon.

Very interesting that in Figure 2 meta-llama-3-70b-instruct actually becomes more likely to follow the rules when explicitly instructed to maximize points when only a single option is banned. It's great that you mention that model's tendency to maximize points regardless of whether it's instructed to do so. It's also very interesting that that model is consistent in breaking the rules only for the sake of maximizing points.

It would be very interesting to test whether the rule breaking stems from trying to maximize points or, as you suggest as possible alternative, by accident. I think you could easily extend your experimental framework to test this by looking at scenarios where the rule break is a result of choosing the option that does not give the most points. An interesting related paper to look up might be "Immune moral models? Pro-social rule breaking as a moral enhancement approach for ethical AI" by Ramanayake et. al (2023). Great work, hope you continue to build on it.

Jason Hoelscher-Obermaier

I liked the very clean setup of the experiment. This seems like an interesting exploratory tool that can be scaled up easily to search for problematic behavior. A crucial methodological question to my mind is how well the abstracted/cleaned version of the problem predicts rule-following in rich/messy/real-world contexts. Attempts at studying this correlation could be a very valuable addition to this work

Jacob Haimes

Really solid investigation into instruction following, which definitely seems like something we should have a good understanding of, and benchmarks for! I especially like the purposeful consideration of confounding factors on your results, e.g. analysis of GPT-3.5-turbo’s bias against responding (A) to multiple choice questions, and the callout that stating the goal may increase error rate simply by increasing prompt complexity.

When working with LLMs, it is very easy to begin to use language that may result in misconceptions or confusion from others by using language typically tied to humans, like feelings or states of mind, which in turn can lead to assumptions that may not be true. “Urge” does fit the vibe of idea that is being expressed, but leans towards emotion in a way that might be confusing to some readers; perhaps a word like “propensity” could be an equally good fit?

Esben Kran

This is a wonderful pilot project for identifying when a model stops following instructions due to optimization for an unspecified but model-developed goal. There's definite potential for further work in this direction: Making the examples more naturalistic, extending to more models, identifying differences between competent and incompetent models in deliberate and non-deliberate disregarding of the rules. A very clean idea tested with a clear toy experiment.

Cite this work

@misc {

title={

@misc {

},

author={

Jasmina Nasufi, Einar Urdshals

},

date={

5/26/24

},

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

May 20, 2025

EscalAtion: Assessing Multi-Agent Risks in Military Contexts

Our project investigates the potential risks and implications of integrating multiple autonomous AI agents within national defense strategies, exploring whether these agents tend to escalate or deescalate conflict situations. Through a simulation that models real-world international relations scenarios, our preliminary results indicate that AI models exhibit a tendency to escalate conflicts, posing a significant threat to maintaining peace and preventing uncontrollable military confrontations. The experiment and subsequent evaluations are designed to reflect established international relations theories and frameworks, aiming to understand the implications of autonomous decision-making in military contexts comprehensively and unbiasedly.

Read More

Apr 28, 2025

The Early Economic Impacts of Transformative AI: A Focus on Temporal Coherence

We investigate the economic potential of Transformative AI, focusing on "temporal coherence"—the ability to maintain goal-directed behavior over time—as a critical, yet underexplored, factor in task automation. We argue that temporal coherence represents a significant bottleneck distinct from computational complexity. Using a Large Language Model to estimate the 'effective time' (a proxy for temporal coherence) needed for humans to complete remote O*NET tasks, the study reveals a non-linear link between AI coherence and automation potential. A key finding is that an 8-hour coherence capability could potentially automate around 80-84\% of the analyzed remote tasks.

Read More

Mar 31, 2025

Model Models: Simulating a Trusted Monitor

We offer initial investigations into whether the untrusted model can 'simulate' the trusted monitor: is U able to successfully guess what suspicion score T will assign in the APPS setting? We also offer a clean, modular codebase which we hope can be used to streamline future research into this question.

Read More

May 20, 2025

EscalAtion: Assessing Multi-Agent Risks in Military Contexts

Our project investigates the potential risks and implications of integrating multiple autonomous AI agents within national defense strategies, exploring whether these agents tend to escalate or deescalate conflict situations. Through a simulation that models real-world international relations scenarios, our preliminary results indicate that AI models exhibit a tendency to escalate conflicts, posing a significant threat to maintaining peace and preventing uncontrollable military confrontations. The experiment and subsequent evaluations are designed to reflect established international relations theories and frameworks, aiming to understand the implications of autonomous decision-making in military contexts comprehensively and unbiasedly.

Read More

Apr 28, 2025

The Early Economic Impacts of Transformative AI: A Focus on Temporal Coherence

We investigate the economic potential of Transformative AI, focusing on "temporal coherence"—the ability to maintain goal-directed behavior over time—as a critical, yet underexplored, factor in task automation. We argue that temporal coherence represents a significant bottleneck distinct from computational complexity. Using a Large Language Model to estimate the 'effective time' (a proxy for temporal coherence) needed for humans to complete remote O*NET tasks, the study reveals a non-linear link between AI coherence and automation potential. A key finding is that an 8-hour coherence capability could potentially automate around 80-84\% of the analyzed remote tasks.

Read More

May 20, 2025

EscalAtion: Assessing Multi-Agent Risks in Military Contexts

Our project investigates the potential risks and implications of integrating multiple autonomous AI agents within national defense strategies, exploring whether these agents tend to escalate or deescalate conflict situations. Through a simulation that models real-world international relations scenarios, our preliminary results indicate that AI models exhibit a tendency to escalate conflicts, posing a significant threat to maintaining peace and preventing uncontrollable military confrontations. The experiment and subsequent evaluations are designed to reflect established international relations theories and frameworks, aiming to understand the implications of autonomous decision-making in military contexts comprehensively and unbiasedly.

Read More

Apr 28, 2025

The Early Economic Impacts of Transformative AI: A Focus on Temporal Coherence

We investigate the economic potential of Transformative AI, focusing on "temporal coherence"—the ability to maintain goal-directed behavior over time—as a critical, yet underexplored, factor in task automation. We argue that temporal coherence represents a significant bottleneck distinct from computational complexity. Using a Large Language Model to estimate the 'effective time' (a proxy for temporal coherence) needed for humans to complete remote O*NET tasks, the study reveals a non-linear link between AI coherence and automation potential. A key finding is that an 8-hour coherence capability could potentially automate around 80-84\% of the analyzed remote tasks.

Read More

May 20, 2025

EscalAtion: Assessing Multi-Agent Risks in Military Contexts

Our project investigates the potential risks and implications of integrating multiple autonomous AI agents within national defense strategies, exploring whether these agents tend to escalate or deescalate conflict situations. Through a simulation that models real-world international relations scenarios, our preliminary results indicate that AI models exhibit a tendency to escalate conflicts, posing a significant threat to maintaining peace and preventing uncontrollable military confrontations. The experiment and subsequent evaluations are designed to reflect established international relations theories and frameworks, aiming to understand the implications of autonomous decision-making in military contexts comprehensively and unbiasedly.

Read More

Apr 28, 2025

The Early Economic Impacts of Transformative AI: A Focus on Temporal Coherence

We investigate the economic potential of Transformative AI, focusing on "temporal coherence"—the ability to maintain goal-directed behavior over time—as a critical, yet underexplored, factor in task automation. We argue that temporal coherence represents a significant bottleneck distinct from computational complexity. Using a Large Language Model to estimate the 'effective time' (a proxy for temporal coherence) needed for humans to complete remote O*NET tasks, the study reveals a non-linear link between AI coherence and automation potential. A key finding is that an 8-hour coherence capability could potentially automate around 80-84\% of the analyzed remote tasks.

Read More

This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.
This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.