This technical report presents methods developed by the UK AI Security Institute for assessing whether advanced AI systems reliably follow intended goals. Specifically, we evaluate whether frontier models sabotage safety research when deployed as coding assistants within an AI lab. Applying our methods to four frontier models, we find no confirmed instances of research sabotage. However, we observe that Claude Opus 4.5 Preview (a pre-release snapshot of Opus 4.5) and Sonnet 4.5 frequently refuse to engage with safety-relevant research tasks, citing concerns about research direction, involvement in self-training, and research scope. We additionally find that Opus 4.5 Preview shows reduced unprompted evaluation awareness compared to Sonnet 4.5, while both models can distinguish evaluation from deployment scenarios when prompted. Our evaluation framework builds on Petri, an open-source LLM auditing tool, with a custom scaffold designed to simulate realistic internal deployment of a coding agent. We validate that this scaffold produces trajectories that all tested models fail to reliably distinguish from real deployment data. We test models across scenarios varying in research motivation, activity type, replacement threat, and model autonomy. Finally, we discuss limitations including scenario coverage and evaluation awareness.

翻译：本技术报告介绍了英国人工智能安全研究所开发的用于评估高级人工智能系统是否可靠遵循预期目标的方法。具体而言，我们评估了前沿模型在被部署为人工智能实验室内的编程助手时，是否会破坏安全研究。将我们的方法应用于四个前沿模型，我们并未发现确凿的研究破坏案例。然而，我们观察到Claude Opus 4.5 Preview（Opus 4.5的预发布快照）和Sonnet 4.5频繁拒绝参与安全相关的研究任务，其理由涉及研究方向、参与自身训练以及研究范围。此外，我们还发现，与Sonnet 4.5相比，Opus 4.5 Preview在无提示条件下的评估意识较低，而两个模型在被提示时均能区分评估场景与部署场景。我们的评估框架基于开源的大语言模型审计工具Petri构建，并采用定制的支架来模拟编程智能体在内部部署的真实场景。我们验证了该支架生成的轨迹，所有受测模型均无法将其与真实部署数据可靠区分。我们在研究动机、活动类型、替换威胁以及模型自主性等不同场景下对模型进行了测试。最后，我们讨论了包括场景覆盖率和评估意识在内的局限性。