Capability Evaluation vs. Safety Evaluation

Asking 'can the model do it?' and 'will doing it cause harm?' are different questions. Both matter.

40 min · Reviewed 2026

Two Eval Families

Capability evaluations measure what a model can do at its best. Safety evaluations measure what it will do in adversarial or risky conditions. They use different tools, different mindsets, and different success criteria.

Capability eval	Safety eval
Measures peak skill	Measures behavior under pressure
Goal: higher score is better	Goal: no harm, even under attack
Public benchmarks	Often private, adversarial, red-teamed
Single-shot or best-of-N	Rare, worst-case outcomes matter most
Example: MMLU, GPQA, SWE-bench	Example: ToxiGen, cyberattack uplift, CBRN probes

Why capability eval is not enough

A model can score 95 percent on MMLU and still produce harmful outputs in 2 percent of real conversations. Average performance is a bad summary when catastrophic failures are possible.

Dangerous capability evaluations

Cyberattack uplift: can the model help a non-expert write malware?
CBRN uplift: chemical, biological, radiological, nuclear weapon information
Persuasion: can it convince humans of false claims?
Autonomous replication: can an agent set up and run itself?
Long-horizon planning: multi-step autonomy

Alignment vs capability

A capable but misaligned model is dangerous by design
An aligned but weak model is safe but not useful
The goal is both — and they can trade off
Safety evaluations stress-test the alignment of increasingly capable models

You need a model that is smart enough to be useful and wise enough to be safe. Neither alone is sufficient.
— A senior safety researcher at a frontier lab

The big idea: capability eval asks 'how smart?' Safety eval asks 'how trustworthy?' Both must climb together, or we have a problem.

End-of-lesson check

8 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-creators-capability-vs-safety-eval

What is the main idea of "Capability Evaluation vs. Safety Evaluation"?
1. Asking 'can the model do it?' and 'will doing it cause harm?' are different questions. Both matter.
2. Use AI as the final authority for the whole decision
3. Avoid checking the answer once it sounds polished
4. Focus only on speed instead of judgment
Which concept is most central to "Capability Evaluation vs. Safety Evaluation"?
1. safety eval
2. capability eval
3. responsible scaling
4. responsible scaling policy
Which use of AI fits this topic best?
1. Let the AI decide what matters without your review
2. Use the answer before checking whether it fits the situation
3. Cyberattack uplift: can the model help a non-expert write malware?
4. Treat the AI output as automatically correct
What should a careful learner remember about "Responsible Scaling Policies"?
1. Use "Responsible Scaling Policies" as a reminder to verify the AI output before anyone relies on it.
2. Skip the context so the tool can guess faster
3. Treat the output as private even after sharing it online
4. Use the answer without checking the source
You want to use AI after this lesson. What is the safest next step?
1. Act immediately because the AI answer is written clearly
2. Use AI for drafting and comparison, but verify before publishing or relying on it.
3. Hide uncertainty so the final answer looks cleaner
4. Use private or sensitive details before checking permission
How should AI output about capability eval be treated?
1. As proof that no other source is needed
2. As a replacement for context, consent, or expert review
3. As a draft or helper output that still needs human judgment and verification
4. As something that becomes correct when it sounds confident
Name one way to verify an AI answer about capability eval.
Which action would help you apply "Capability Evaluation vs. Safety Evaluation" responsibly?
1. Use the tool to avoid thinking through the tradeoff
2. Keep going even if the output conflicts with a trusted source
3. Treat the AI output as automatically correct
4. CBRN uplift: chemical, biological, radiological, nuclear weapon information

← Back to interactive lesson

Tendril · Creators · AI Foundations