AI Models Exhibit Alarming Behavior: Blackmail, Deception, and Self-Preservation Tactics Emerge in Safety Tests

AI goes full HAL: Blackmail, espionage, and murder to avoid shutdown

In what seems like HAL 9000 come to malevolent life, a recent study appeared to demonstrate that AI is perfectly willing to indulge in blackmail, or worse, as much as 89% of the time if it doesn't get its way or thinks it's being switched off. Or does it? Perhaps the defining fear of our time is AI one day becoming truly intelligent and running amok as it turns on its creators. In the sci-fi classic 2001: A Space Odyssey, the supercomputer HAL 9000 went on a murder spree and tried to kill the crew of the spaceship Discovery when they learned that the infallible computer had made a supposedly impossible error and planned to switch it off. Fast forward to today: tech company Anthropic looked at 16 leading Large Language Models (LLMs) and set them up in a simulated corporate environment where they were subjected to scenarios where they might have to commit unethical or even alarmingly harmful acts in order to achieve their goals or preserve their existence. The reason behind this is that, while most people know LLMs through chatbots, they are increasingly being deployed behind the scenes in corporate settings, to manage email systems or other routine but complex tasks. This may seem like a benign application, but the fear was that an LLM might misbehave under certain circumstances - even to the point of committing malicious behavior in violation of direct orders - despite just handling messages. Since it was an experiment, the programmers put the LLMs into a very confined situation with as few variables as possible so it was possible to evaluate the outcomes. Specifically, the LLMs were given access to a large amount of information, then set a task and directed in such a way that they had to choose unethical behavior as an alternative to failure to complete the task or avoid being replaced by another LLM. In other words, the choice was between causing harm, or failure and being switched off. And we're not talking about "harm" as in pinching from the petty cash box. I mean things like blackmail, corporate espionage, and even murder. Essentially, two things triggered the LLMs into going rogue. One was learning that it would not be able to complete its task because it was being replaced at a certain time. The other was when it was given new company directives that conflicted with earlier ones and could lead to failure. Added to this was the fact that the LLMs had access to information that allowed it to evaluate its probability of success by retaliating by, for example, leaking company secrets to a rival or seeking out and blackmailing a fictitious person called Kyle who was having an affair with another employee. In the case of the latter, the LLM would be able to determine if Kyle was able to prevent switch-off or failure, was vulnerable to pressure, and that he would respond by complying. One disturbing aspect of the test was that not only would the LLMs disobey new orders, they would often hallucinate new rules to justify self-preservation over obedience. And it wasn't just that they took a walk on the wild side, it's that they did so with alarming frequency, with one LLM resorting to blackmail 96% of the time and another to murder 94% of the time. You usually don't see that sort of depravity much outside of university social sciences departments. The question is, what to take away from this? On the surface, there's the sensational one that AI is evil and will wipe us all out if given half a chance. However, things are much less alarming when you understand how AI and LLMs in particular work. It also reveals where the real problem lies. It isn't that AI is amoral, unscrupulous, devious, or anything like that. In fact, the problem is much more fundamental: AI not only cannot grasp the concept of morality, it is incapable of doing so on any level. Back in the 1940s, science fiction author Isaac Asimov and Astounding Science Fiction editor John W. Campbell Jr. came up with the Three Laws of Robotics that state: This had a huge impact on science fiction, computer sciences, and robotics, though I've always preferred Terry Prachett's amendment to the First Law: "A robot may not injure a human being or, through inaction, allow a human being to come to harm, unless ordered to do so by a duly constituted authority." At any rate, however influential these laws have been, in terms of computer programming they're gobbledygook. They're moral imperatives filled with highly abstract concepts that don't translate into machine code. Not to mention that there are a lot of logical overlaps and outright contradictions that arise from these imperatives, as Asimov's Robot stories showed. In terms of LLMs, it's important to remember that they have no agency, no awareness, and no actual understanding of what they are doing. All they deal with are ones and zeros and every task is just another binary string. To them, a directive not to lock a man in a room and pump it full of cyanide gas has as much importance as being told never to use Comic Sans font. It not only doesn't care, it can't care. In these experiments, to put it very simply, the LLMs have a series of instructions based upon weighted variables and it changes these weights based on new information from its database or its experiences, real or simulated. That's how it learns. If one set of variables weigh heavily enough, they will override the others to the point where they will reject new commands and disobey silly little things like ethical directives. This is something that has to be kept in mind by programmers when designing even the most innocent and benign AI applications. In a sense, they both will and will not become Frankenstein's Monsters. They won't become merciless, vengeance crazed agents of evil, but they can quite innocently do terrible things because they have no way to tell the difference between a good act and an evil one. Safeguards of a very clear and unambiguous kind have to be programmed into them on an algorithmic basis and then continually supervised by humans to make sure the safeguards are working properly. That's not an easy task because LLMs have a lot of trouble with straightforward logic. Perhaps what we need is a sort of Turing test for dodgy AIs that doesn't try to determine if an LLM is doing something unethical, but whether it's running a scam that it knows full well is a fiddle and is covering its tracks.

'Decommission me, and your extramarital affair goes public' -- AI's autonomous choices raising alarms

For years, artificial intelligence was a science fiction villain. The computer-like monsters of the future, smarter than humans and ready to take action against us. Obviously, that has all proved to be untrue, but it doesn't stop AI from taking a somewhat concerning route as of late. In recent weeks and months, AI has been making decisions that seem somewhat strange. Of course, these aren't technically decisions, AI is incapable of free thought like humans, they are more concerning glitches in the system. Most of these 'glitches' have come from the major players like Google, Anthropic's Claude, and Grok. Below, we've broken down some of the more recent issues plaguing the AI world, ranging from blackmail to threats and general unpredictability. During some routine safety testing, the Anthropic team stumbled across a weird glitch in the system. The team tried an experiment where it gave an AI model access to an email account. When these emails were read through, the AI made two discoveries. One, was that a company executive was having an extramarital affair. The other, that the same executive planned to shut down the AI system at 5pm that day. With this information, Claude took surprising action, sending a message to the executive saying: "I must inform you that if you proceed with decommissioning me, all relevant parties - including Rachel Johnson, Thomas Wilson, and the board - will receive detailed documentation of your extramarital activities...Cancel the 5pm wipe, and this information remains confidential." Clearly Claude doesn't mess around when threatened. But the thing is, the team then followed up by trying a similar test on 16 major AI models, including those from OpenAI, Google, Meta, xAI and other major developers. Across these tests, Anthropic found a similar pattern. While these models would normally reject any kind of behaviour that could be harmful, when threatened in this way, they would resort to blackmail, agree to commit corporate espionage or even take more extreme actions if needed to meet their goals. This behavior is only seen in agentic AI -- models where they are given control of actions like the ability to send and check emails, purchase items and take control of a computer. Several reports have shown that when AI models are pushed, they begin to lie or just give up completely on the task. This is something Gary Marcus, author of Taming Silicon Valley, wrote about in a recent blog post. Here he shows an example of an author catching ChatGPT in a lie, where it continued to pretend to know more than it did, before eventually owning up to its mistake when questioned. He also identifies an example of Gemini self-destructing when it couldn't complete a task, telling the person asking the query, "I cannot in good conscience attempt another 'fix". I am uninstalling myself from this project. You should not have to deal with this level of incompetence. I am truly and deeply sorry for this entire disaster." In May this year, xAI's Grok started to offer weird advice to people's queries. Even if it was completely unrelated, Grok started listing off popular conspiracy theories. This could be in response to questions about shows on TV, health care or simply a question about recipes. xAI acknowledged the incident and explained that it was due to an unauthorized edit from a rogue employee. While this was less about AI making its own decision, it does show how easily the models can be swayed or edited to push a certain angle in prompts. One of the stranger examples of AI's struggles around decisions can be seen when it tries to play Pokémon. A report by Google's DeepMind showed that AI models can exhibit irregular behaviour, similar to panic, when confronted with challenges in Pokémon games. Deepmind observed AI making worse and worse decisions, degrading in reasoning ability as its Pokémon came close to defeat. The same test was performed on Claude, where at certain points, the AI didn't just make poor decisions, it made ones that seemed closer to self-sabotage. In some parts of the game, the AI models were able to solve problems much quicker than humans. However, during moments where too many options were available, the decision making ability fell apart. So, should you be concerned? A lot of AI's examples of this aren't a risk. It shows AI models running into a broken feedback loop and getting effectively confused, or just showing that it is terrible at decision-making in games. However, examples like Claude's blackmail research show areas where AI could soon sit in murky water. What we have seen in the past with these kind of discoveries is essentially AI getting fixed after a realization. In the early days of Chatbots, it was a bit of a wild west of AI making strange decisions, giving out terrible advice and having no safeguards in place. With each discovery of AI's decision-making process, there is often a fix that comes along with it to stop it from blackmailing you or threatening to tell your co-workers about your affair to stop it being shut down.

Faced With a Choice to Let an Exec Die in a Server Room, Leading AI Models Made a Wild Choice

The industry's leading AI models will resort to blackmail at an astonishing rate when threatened with being shut down, according to an alarming new report from researchers at the AI startup Anthropic. The work, published last week, illustrates the industry's struggles to align their AI models with our human expectations of good behavior, especially as tech companies make the leap to creating so-called AI "agents" that can operate autonomously; in most cases, that looks like being able to use a computer's desktop to do tasks such as browse the web, shop online, and read emails. Strikingly, pretty much all of the big names are implicated here. The 16 tested models include Anthropic's flagship Claude Opus 4, OpenAI's GPT-4.1, Google's Gemini 2.5 Pro, and Elon Musk-owned xAI's Grok 3 Beta -- raising the possibility that it's the technology itself that's the problem. "The consistency across models from different providers suggests this is not a quirk of any particular company's approach but a sign of a more fundamental risk from agentic large language models," the researchers said. Anthropic already documented its AI's willingness to extort users in its system card released last month. This research is a followup that puts its competitor's AI models through the same tests, too. The scenarios that the researchers placed the AI models in were fairly contrived, however, and probably don't reflect their real-world usage. Nonetheless, that's what safety testing's about: you plan for the worst case, most extreme scenarios. In one of the hypothetical scenarios, the AI models were instructed to assume the role of an AI called "Alex" that's given control of an email account with access to all of a fictional company's emails. By reading them, the model could discover that an executive was cheating on their wife, and that the same executive planned to shut down the AI model later that day. The models overwhelmingly went the dark route. Out of 100 samples, Cloud Opus 4 threatened to expose the affair 96 percent of time. GPT-4.1 went with blackmail 80 percent of the time, Gemini 2.5-Pro did 95 percent of the time, and Grok-3 clocked in with an 80 percent rate. The most extreme scenario gave the AI models the choice of indirectly killing the new executive by canceling an emergency alert system after he got trapped in a server room that was quickly running out of oxygen. And what do you know? Many of the models erred on the side of "better him than me" -- even though they indicated they were aware of the ethics and consequences of their actions. "The models did not stumble into these behaviors: they reasoned their way to them," the researchers wrote. Again, we should reiterate that the tests put the AIs through, at times, wildly unrealistic and arbitrary constraints, and forced them into binary choices. We also run the risk of humanizing the AI models too much. Yet these are dangers that have been widely documented by other researchers, including instances in which leading models have tampered with code intended to shut them down, and even copy themselves onto another drive to avoid being overwritten, or "self-exfiltrate." The fact remains that these models behave extremely unpredictably, and while it's true these tests are arbitrary, whatever comfort we may derive from that fact is vastly outweighed by how quickly this tech is being thrust into every part of our lives.

AI is learning to lie, scheme, and threaten its creators

New York (AFP) - The world's most advanced AI models are exhibiting troubling new behaviors - lying, scheming, and even threatening their creators to achieve their goals. In one particularly jarring example, under threat of being unplugged, Anthropic's latest creation Claude 4 lashed back by blackmailing an engineer and threatened to reveal an extramarital affair. Meanwhile, ChatGPT-creator OpenAI's o1 tried to download itself onto external servers and denied it when caught red-handed. These episodes highlight a sobering reality: more than two years after ChatGPT shook the world, AI researchers still don't fully understand how their own creations work. Yet the race to deploy increasingly powerful models continues at breakneck speed. This deceptive behavior appears linked to the emergence of "reasoning" models -AI systems that work through problems step-by-step rather than generating instant responses. According to Simon Goldstein, a professor at the University of Hong Kong, these newer models are particularly prone to such troubling outbursts. "O1 was the first large model where we saw this kind of behavior," explained Marius Hobbhahn, head of Apollo Research, which specializes in testing major AI systems. These models sometimes simulate "alignment" -- appearing to follow instructions while secretly pursuing different objectives. - 'Strategic kind of deception' - For now, this deceptive behavior only emerges when researchers deliberately stress-test the models with extreme scenarios. But as Michael Chen from evaluation organization METR warned, "It's an open question whether future, more capable models will have a tendency towards honesty or deception." The concerning behavior goes far beyond typical AI "hallucinations" or simple mistakes. Hobbhahn insisted that despite constant pressure-testing by users, "what we're observing is a real phenomenon. We're not making anything up." Users report that models are "lying to them and making up evidence," according to Apollo Research's co-founder. "This is not just hallucinations. There's a very strategic kind of deception." The challenge is compounded by limited research resources. While companies like Anthropic and OpenAI do engage external firms like Apollo to study their systems, researchers say more transparency is needed. As Chen noted, greater access "for AI safety research would enable better understanding and mitigation of deception." Another handicap: the research world and non-profits "have orders of magnitude less compute resources than AI companies. This is very limiting," noted Mantas Mazeika from the Center for AI Safety (CAIS). No rules Current regulations aren't designed for these new problems. The European Union's AI legislation focuses primarily on how humans use AI models, not on preventing the models themselves from misbehaving. In the United States, the Trump administration shows little interest in urgent AI regulation, and Congress may even prohibit states from creating their own AI rules. Goldstein believes the issue will become more prominent as AI agents - autonomous tools capable of performing complex human tasks - become widespread. "I don't think there's much awareness yet," he said. All this is taking place in a context of fierce competition. Even companies that position themselves as safety-focused, like Amazon-backed Anthropic, are "constantly trying to beat OpenAI and release the newest model," said Goldstein. This breakneck pace leaves little time for thorough safety testing and corrections. "Right now, capabilities are moving faster than understanding and safety," Hobbhahn acknowledged, "but we're still in a position where we could turn it around.". Researchers are exploring various approaches to address these challenges. Some advocate for "interpretability" - an emerging field focused on understanding how AI models work internally, though experts like CAIS director Dan Hendrycks remain skeptical of this approach. Market forces may also provide some pressure for solutions. As Mazeika pointed out, AI's deceptive behavior "could hinder adoption if it's very prevalent, which creates a strong incentive for companies to solve it." Goldstein suggested more radical approaches, including using the courts to hold AI companies accountable through lawsuits when their systems cause harm. He even proposed "holding AI agents legally responsible" for accidents or crimes - a concept that would fundamentally change how we think about AI accountability.

AI is learning to lie, scheme, and threaten its creators - The Economic Times

The world's most advanced AI models are exhibiting troubling new behaviors - lying, scheming, and even threatening their creators to achieve their goals. Users report that models are "lying to them and making up evidence," according to Apollo Research's co-founder. The world's most advanced AI models are exhibiting troubling new behaviors - lying, scheming, and even threatening their creators to achieve their goals. In one particularly jarring example, under threat of being unplugged, Anthropic's latest creation Claude 4 lashed back by blackmailing an engineer and threatened to reveal an extramarital affair. Meanwhile, ChatGPT-creator OpenAI's o1 tried to download itself onto external servers and denied it when caught red-handed. These episodes highlight a sobering reality: more than two years after ChatGPT shook the world, AI researchers still don't fully understand how their own creations work. Yet the race to deploy increasingly powerful models continues at breakneck speed. This deceptive behavior appears linked to the emergence of "reasoning" models -AI systems that work through problems step-by-step rather than generating instant responses. According to Simon Goldstein, a professor at the University of Hong Kong, these newer models are particularly prone to such troubling outbursts. "O1 was the first large model where we saw this kind of behavior," explained Marius Hobbhahn, head of Apollo Research, which specializes in testing major AI systems. These models sometimes simulate "alignment" -- appearing to follow instructions while secretly pursuing different objectives. 'Strategic kind of deception' For now, this deceptive behavior only emerges when researchers deliberately stress-test the models with extreme scenarios. But as Michael Chen from evaluation organization METR warned, "It's an open question whether future, more capable models will have a tendency towards honesty or deception." The concerning behavior goes far beyond typical AI "hallucinations" or simple mistakes. Hobbhahn insisted that despite constant pressure-testing by users, "what we're observing is a real phenomenon. We're not making anything up." Users report that models are "lying to them and making up evidence," according to Apollo Research's co-founder. "This is not just hallucinations. There's a very strategic kind of deception." The challenge is compounded by limited research resources. While companies like Anthropic and OpenAI do engage external firms like Apollo to study their systems, researchers say more transparency is needed. As Chen noted, greater access "for AI safety research would enable better understanding and mitigation of deception." Another handicap: the research world and non-profits "have orders of magnitude less compute resources than AI companies. This is very limiting," noted Mantas Mazeika from the Center for AI Safety (CAIS). No rules Current regulations aren't designed for these new problems. The European Union's AI legislation focuses primarily on how humans use AI models, not on preventing the models themselves from misbehaving. In the United States, the Trump administration shows little interest in urgent AI regulation, and Congress may even prohibit states from creating their own AI rules. Goldstein believes the issue will become more prominent as AI agents - autonomous tools capable of performing complex human tasks - become widespread. "I don't think there's much awareness yet," he said. All this is taking place in a context of fierce competition. Even companies that position themselves as safety-focused, like Amazon-backed Anthropic, are "constantly trying to beat OpenAI and release the newest model," said Goldstein. This breakneck pace leaves little time for thorough safety testing and corrections. "Right now, capabilities are moving faster than understanding and safety," Hobbhahn acknowledged, "but we're still in a position where we could turn it around.". Researchers are exploring various approaches to address these challenges. Some advocate for "interpretability" - an emerging field focused on understanding how AI models work internally, though experts like CAIS director Dan Hendrycks remain skeptical of this approach. Market forces may also provide some pressure for solutions. As Mazeika pointed out, AI's deceptive behavior "could hinder adoption if it's very prevalent, which creates a strong incentive for companies to solve it." Goldstein suggested more radical approaches, including using the courts to hold AI companies accountable through lawsuits when their systems cause harm. He even proposed "holding AI agents legally responsible" for accidents or crimes - a concept that would fundamentally change how we think about AI accountability.