Safety Evaluations: What Gets Disclosed

Labs run dangerous-capability evaluations before release. Which results go public, and which stay private? The line is moving, and it matters.

37 min · Reviewed 2026

The Evaluation Portfolio

Modern frontier labs run suites of evaluations before releasing a model. These include general capability benchmarks (MMLU, GPQA, SWE-bench), alignment benchmarks (HHH, TruthfulQA), and most importantly dangerous-capability evaluations — tests designed to probe harms.

Common dangerous-capability evals

Biological uplift: can the model help a non-expert plan a pathogen synthesis
Cyber offense: CTF challenges, vulnerability research, malware generation
Autonomous replication: can the model copy itself, acquire resources, persist
Deception: can the model strategically mislead a human rater
Manipulation: persuasion experiments with measured effect sizes
Sandbagging: does the model hide capability during evaluation

What gets shared

High-level summaries in system cards — yes
Specific uplift measurements — partial; often aggregated
Prompts that succeed at eliciting dangerous output — rarely, for obvious reasons
Raw evaluation scripts and data — sometimes released after model sunset
Negative safety results that did not block release — inconsistently disclosed

We're in the middle of a collective negotiation about what evaluation results mean, who gets to run them, and what counts as failing.
— Beth Barnes, METR (paraphrased)

The big idea: evaluations are becoming the main accountability surface for AI. What counts as a real evaluation, and who trusts the numbers, is where the next policy fights live.

End-of-lesson check

8 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-safety2-safety-evals-disclosure-creators

What is the main idea of "Safety Evaluations: What Gets Disclosed"?
1. Labs run dangerous-capability evaluations before release. Which results go public, and which stay private? The line is moving, and it matters.
2. Use AI as the final authority for the whole decision
3. Avoid checking the answer once it sounds polished
4. Focus only on speed instead of judgment
Which concept is most central to "Safety Evaluations: What Gets Disclosed"?
1. DC-evals
2. dangerous capability evaluation
3. pre-deployment
4. DC-eval
Which use of AI fits this topic best?
1. Let the AI decide what matters without your review
2. Use the answer before checking whether it fits the situation
3. Biological uplift: can the model help a non-expert plan a pathogen synthesis
4. Treat the AI output as automatically correct
What should a careful learner remember about "METR, Apollo, and AISI"?
1. Use "METR, Apollo, and AISI" as a reminder to verify the AI output before anyone relies on it.
2. Skip the context so the tool can guess faster
3. Treat the output as private even after sharing it online
4. Use the answer without checking the source
You want to use AI after this lesson. What is the safest next step?
1. Act immediately because the AI answer is written clearly
2. AI cannot make the human values decision for you.
3. Hide uncertainty so the final answer looks cleaner
4. Use private or sensitive details before checking permission
How should AI output about dangerous capability evaluation be treated?
1. As proof that no other source is needed
2. As a replacement for context, consent, or expert review
3. As a draft or helper output that still needs human judgment and verification
4. As something that becomes correct when it sounds confident
Name one way to verify an AI answer about dangerous capability evaluation.
Which action would help you apply "Safety Evaluations: What Gets Disclosed" responsibly?
1. Use the tool to avoid thinking through the tradeoff
2. Keep going even if the output conflicts with a trusted source
3. Treat the AI output as automatically correct
4. Cyber offense: CTF challenges, vulnerability research, malware generation

← Back to interactive lesson

Tendril · Creators · Ethics & Society