The White House Executive Order on Artificial Intelligence highlights the risks of large language models (LLMs) empowering malicious actors in developing biological, cyber, and chemical weapons. To measure these risks of malicious use, government institutions and major AI labs are developing evaluations for hazardous capabilities in LLMs. However, current evaluations are private, preventing further research into mitigating risk. Furthermore, they focus on only a few, highly specific pathways for malicious use. To fill these gaps, we publicly release the Weapons of Mass Destruction Proxy (WMDP) benchmark, a dataset of 4,157 multiple-choice questions that serve as a proxy measurement of hazardous knowledge in biosecurity, cybersecurity, and chemical security. WMDP was developed by a consortium of academics and technical consultants, and was stringently filtered to eliminate sensitive information prior to public release. WMDP serves two roles: first, as an evaluation for hazardous knowledge in LLMs, and second, as a benchmark for unlearning methods to remove such hazardous knowledge. To guide progress on unlearning, we develop CUT, a state-of-the-art unlearning method based on controlling model representations. CUT reduces model performance on WMDP while maintaining general capabilities in areas such as biology and computer science, suggesting that unlearning may be a concrete path towards reducing malicious use from LLMs. We release our benchmark and code publicly at https://wmdp.ai

翻译：白宫人工智能行政令强调了大语言模型（LLMs）在助力恶意行为者开发生物、网络和化学武器方面的风险。为衡量这些恶意用途风险，政府机构与主要AI实验室正在开发针对LLMs危险能力的评估方法。然而，现有评估均属内部资料，阻碍了风险缓解研究的深入；且仅聚焦少数高度特定的恶意用途途径。为填补这些空白，我们公开推出大规模杀伤性武器代理基准（WMDP）——包含4157道选择题的数据集，可作为生物安全、网络安全和化学安全领域危险知识的代理衡量工具。WMDP由学术机构与技术顾问联合开发，在公开前经过严格筛选以剔除敏感信息。该基准承担双重角色：其一，作为LLMs危险知识的评估工具；其二，作为检测遗忘方法是否有效移除危险知识的标杆。为引导遗忘研究进展，我们提出CUT——基于模型表征控制的最先进遗忘方法。该方法能在保持生物学、计算机科学等通用领域能力的同时，降低模型在WMDP上的表现，表明遗忘技术或可成为减少LLMs恶意用途的具体路径。我们已在https://wmdp.ai 公开基准及代码。