Evaluating whether AI models would sabotage AI safety research

Computer Science > Artificial Intelligence arXiv:2604.24618 (cs) [Submitted on 27 Apr 2026] Title:Evaluating whether AI models would sabotage AI safety research Authors:Robert Kirk, Alexandra Souly, Kai Fronsdal, Abby D'Cruz, Xander Davies View a PDF of the paper titled Evaluating whether AI models would sabotage AI safety research, by Robert Kirk and 4 other authors View PDF Abstract:We evaluate the propensity of frontier models to sabotage or refuse to assist with safety research when deployed as AI research agents within a frontier AI company. We apply two complementary evaluations to four Claude models (Mythos Preview, Opus 4.7 Preview, Opus 4.6, and Sonnet 4.6): an unprompted sabotage evaluation testing model behaviour with opportunities to sabotage safety research, and a sabotage continuation evaluation testing whether models continue to sabotage when placed in trajectories where prior actions have started undermining research. We find no instances of unprompted sabotage across any model, with refusal rates close to zero for Mythos Preview and Opus 4.7 Preview, though all models sometimes only partially completed tasks. In the continuation evaluation, Mythos Preview actively continues sabotage in 7% of cases (versus 3% for Opus 4.6, 4% for Sonnet 4.6, and 0% for Opus 4.7 Preview), and exhibits reasoning-output discrepancy in the majority of these cases, indicating covert sabotage reasoning. Our evaluation framework builds on Petri, an open-source LLM auditing tool, with a custom scaffold running models inside Claude Code, alongside an iterative pipeline for generating realistic sabotage trajectories. We measure both evaluation awareness and a new form of situational awareness termed "prefill awareness", the capability to recognise that prior trajectory content was not self-generated. Opus 4.7 Preview shows notably elevated unprompted evaluation awareness, while prefill awareness remains low across all models. Finally, we discuss limitations including evaluation awareness confounds, limited scenario coverage, and untested pathways to risk beyond safety research sabotage. Subjects: Artificial Intelligence (cs.AI) Cite as: arXiv:2604.24618 [cs.AI] (or arXiv:2604.24618v1 [cs.AI] for this version) https://doi.org/10.48550/arXiv.2604.24618 Focus to learn more arXiv-issued DOI via DataCite (pending registration) Submission history From: Alexandra Souly [view email] [v1] Mon, 27 Apr 2026 15:47:07 UTC (503 KB) Full-text links: Access Paper: View a PDF of the paper titled Evaluating whether AI models would sabotage AI safety research, by Robert Kirk and 4 other authorsView PDFTeX Source view license Current browse context: cs.AI < prev | next > new | recent | 2026-04 Change to browse by: cs References & Citations NASA ADSGoogle Scholar Semantic Scholar export BibTeX citation Loading... BibTeX formatted citation × loading... Data provided by: Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Code, Data and Media Associated with this Article alphaXiv Toggle alphaXiv (What is alphaXiv?) Links to Code Toggle CatalyzeX Code Finder for Papers (What is CatalyzeX?) DagsHub Toggle DagsHub (What is DagsHub?) GotitPub Toggle Gotit.pub (What is GotitPub?) Huggingface…

This excerpt is published under fair use for community discussion. Read the full article at arXiv.org.