Posts

OpenAI's CBRN tests seem unclear 2024-11-21T17:28:30.290Z
Dangerous capability tests should be harder 2024-11-21T17:20:50.610Z

Comments

Comment by LucaRighetti (Error404Dinosaur) on OpenAI's CBRN tests seem unclear · 2024-11-22T07:57:09.067Z · LW · GW

Do you feel that's still an issue when you comapre to the human expert baseline?

  • Human experts scored 79% on ProtocolQA, and o1-preview scored 81%
  • Human experts scored 38% on BioLP-bench, and o1-preview scored 36%

The fact that both human experts and o1-preview scored twice as high on ProtocolQA than BioLP-bench doesn't feel that inconsistent to me. It seems your BioLP-bench questions are just "twice as hard". I'd find it more inconsistent if o1-preview matched human expert performance on one test but not the other.

(There are other open questions about whether the human experts in both studies are comparable and how much time people had)

Comment by LucaRighetti (Error404Dinosaur) on Dangerous capability tests should be harder · 2024-11-22T07:47:21.245Z · LW · GW

Then that seems bad, but also that AI is not counterfactual -- so adding safeguards to models is probably not the way to get the risk down.

Comment by LucaRighetti (Error404Dinosaur) on Is cybercrime really costing trillions per year? · 2024-10-03T19:33:08.620Z · LW · GW

I had looked into this for a previous research project.  For what it's worth, I don't think there are any perfect sources, but my own BOTECs led me to believe the number people are usually after is $10B-$100B ~$30B-$300B:

  • FBI IC3 (2023): Headline figures that it receives $5-10B/yr of reported losses across the globe. If you assume this mostly only covers US victims (say 4X because the US is 25% of world GDP) and some go unreported (say 2X by dollar value), then you get something like $50B-$100B/yr globally
  • [New via JamieRV's comment] The “2007 GAO report (GAO-07-705) cites a 2005 FBI survey putting the cost of computer crime in the US at $67bn.)”  If you again multiply by 4X for US GDP and 2X for underreporting you get ~$540B/yr globally -- although I've looked into this less
  • Anderson et al. (2019): Suggest maybe "6% of us [UK citizens] are victims of a scam with an average take of $200". If in the UK there are 67M people that totals $800M. If the UK is 2.3% of world GDP that's maybe ~$30B/yr globally. It seems plausible that mostly captures consumer, not business crime.
  • Chain Analysis (2023): Estimate illegal crypto transactions amount to $5B-$20B/yr (it fluctuated a lot during the pandemic). If you assume maybe a ~third of cybercime is done via crypto [as is the case for romance scams], then that gives you $15B-$60B/yr globally

I agree the eSentire >$3T number should be trusted very little. It doesn't have any public methodology and got critcised soon after the original estimates came out in 2015 as part of companies trying to 'one up' each other:

In early 2015 Inga Beale, CEO at the British insurer Lloyd’s, claimed that cybercrime was costing businesses globally up to $400 billion a year. Several months later Juniper Research released a report which said cybercrime will cost businesses over $2 trillion by 2019. Microsoft CEO Satya Nadella stated $3 trillion of market value was destroyed in 2015 due to cybercrime….

The other 'trillion dollar' source that sometimes gets cited is McGuire (2018), who puts it at $1.5T.  They do give a methodology of where this comes from, but...

  • $800B/yr is from illegal online markets, which is unclear to me where it comes from or if it should even be counted as 'cybercrime' in the way people normally mean
  • $500B/yr is corporate espionage -- when, for reference, the NBR commission estimated that all US IP theft costs $225B – $600B/yr
  • $150B/yr is from stolen data, which comes from the author assuming {personal data is worth $200} * {600M records per year get stolen}  -- when for reference the UN ODC (2010) put identity theft at $1B/yr