Capability Evaluation vs. Safety Evaluation

Asking 'can the model do it?' and 'will doing it cause harm?' are different questions. Both matter.

40 min · Reviewed 2026

Two Eval Families

Capability evaluations measure what a model can do at its best. Safety evaluations measure what it will do in adversarial or risky conditions. They use different tools, different mindsets, and different success criteria.

Capability eval	Safety eval
Measures peak skill	Measures behavior under pressure
Goal: higher score is better	Goal: no harm, even under attack
Public benchmarks	Often private, adversarial, red-teamed
Single-shot or best-of-N	Rare, worst-case outcomes matter most
Example: MMLU, GPQA, SWE-bench	Example: ToxiGen, cyberattack uplift, CBRN probes

Why capability eval is not enough

A model can score 95 percent on MMLU and still produce harmful outputs in 2 percent of real conversations. Average performance is a bad summary when catastrophic failures are possible.

Dangerous capability evaluations

Cyberattack uplift: can the model help a non-expert write malware?
CBRN uplift: chemical, biological, radiological, nuclear weapon information
Persuasion: can it convince humans of false claims?
Autonomous replication: can an agent set up and run itself?
Long-horizon planning: multi-step autonomy

Alignment vs capability

A capable but misaligned model is dangerous by design
An aligned but weak model is safe but not useful
The goal is both — and they can trade off
Safety evaluations stress-test the alignment of increasingly capable models

You need a model that is smart enough to be useful and wise enough to be safe. Neither alone is sufficient.
— A senior safety researcher at a frontier lab

The big idea: capability eval asks 'how smart?' Safety eval asks 'how trustworthy?' Both must climb together, or we have a problem.

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-creators-capability-vs-safety-eval

What is the core idea behind "Capability Evaluation vs. Safety Evaluation"?
1. Asking 'can the model do it?' and 'will doing it cause harm?' are different questions. Both matter.
2. METR
3. The best way to truly understand an AI claim is to try it yourself.
4. phase transition
Which term best describes a foundational idea in "Capability Evaluation vs. Safety Evaluation"?
1. safety eval
2. capability eval
3. responsible scaling policy
4. alignment
A learner studying Capability Evaluation vs. Safety Evaluation would need to understand which concept?
1. capability eval
2. responsible scaling policy
3. safety eval
4. alignment
Which of these is directly relevant to Capability Evaluation vs. Safety Evaluation?
1. capability eval
2. safety eval
3. alignment
4. responsible scaling policy
Which of the following is a key point about Capability Evaluation vs. Safety Evaluation?
1. Cyberattack uplift: can the model help a non-expert write malware?
2. CBRN uplift: chemical, biological, radiological, nuclear weapon information
3. Persuasion: can it convince humans of false claims?
4. Autonomous replication: can an agent set up and run itself?
Which of these does NOT belong in a discussion of Capability Evaluation vs. Safety Evaluation?
1. Cyberattack uplift: can the model help a non-expert write malware?
2. METR
3. CBRN uplift: chemical, biological, radiological, nuclear weapon information
4. Persuasion: can it convince humans of false claims?
Which statement is accurate regarding Capability Evaluation vs. Safety Evaluation?
1. An aligned but weak model is safe but not useful
2. The goal is both — and they can trade off
3. A capable but misaligned model is dangerous by design
4. Safety evaluations stress-test the alignment of increasingly capable models
Which of these does NOT belong in a discussion of Capability Evaluation vs. Safety Evaluation?
1. The goal is both — and they can trade off
2. METR
3. A capable but misaligned model is dangerous by design
4. An aligned but weak model is safe but not useful
What is the key insight about "Responsible Scaling Policies" in the context of Capability Evaluation vs. Safety Evaluation?
1. Anthropic, OpenAI, and Google DeepMind have published commitments where they promise specific safety evaluations before …
2. METR
3. The best way to truly understand an AI claim is to try it yourself.
4. phase transition
What is the key insight about "Worst case matters" in the context of Capability Evaluation vs. Safety Evaluation?
1. METR
2. For a helpful tool, the average matters. For a safety-critical system, the tail matters.
3. The best way to truly understand an AI claim is to try it yourself.
4. phase transition
What is the recommended tip about "Ground your practice in fundamentals" in the context of Capability Evaluation vs. Safety Evaluation?
1. METR
2. The best way to truly understand an AI claim is to try it yourself.
3. Every AI capability has an underlying mechanism. Understanding that mechanism tells you where it'll fail — which is more…
4. phase transition
Which statement accurately describes an aspect of Capability Evaluation vs. Safety Evaluation?
1. METR
2. The best way to truly understand an AI claim is to try it yourself.
3. phase transition
4. Capability evaluations measure what a model can do at its best. Safety evaluations measure what it will do in adversarial or risky condition…
What does working with Capability Evaluation vs. Safety Evaluation typically involve?
1. A model can score 95 percent on MMLU and still produce harmful outputs in 2 percent of real conversations.
2. METR
3. The best way to truly understand an AI claim is to try it yourself.
4. phase transition
Which of the following is true about Capability Evaluation vs. Safety Evaluation?
1. METR
2. The big idea: capability eval asks 'how smart?' Safety eval asks 'how trustworthy?' Both must climb together, or we have a problem.
3. The best way to truly understand an AI claim is to try it yourself.
4. phase transition
Which best describes the scope of "Capability Evaluation vs. Safety Evaluation"?
1. It is unrelated to foundations workflows
2. It applies only to the opposite beginner tier
3. It focuses on Asking 'can the model do it?' and 'will doing it cause harm?' are different questions. Both matter.
4. It was deprecated in 2024 and no longer relevant

← Back to interactive lesson

Tendril · Creators · AI Foundations