Most AI safety work focuses on training models to refuse harmful requests. The problem is that the underlying knowledge is still there, meaning a determined attacker can jailbreak their way to it. Anthropic (with AE Studio) just dropped research on a different approach called GRAM (Gradient-Routed Auxiliary Modules). How it works: During pretraining, GRAM adds dedicated neuron groups (modules) for each dual-use category (virology, cybersecurity, nuclear physics, etc.). When the model encounters dual-use data, only that specific module is allowed to learn from it. General weights get frozen. After training, you can:
- Delete a module entirely (knowledge is gone) -Keep it for trusted deployments (vetted biosecurity labs, etc.) Key results: -One training run produces 16 different configurations (on/off for 4 categories) -Deletion matched the performance of never training on that data at all -General model performance was unaffected -Tested from 50M to 5B parameters; effectiveness increased with scale -Resistant to recovery via fine-tuning, unlike post-hoc unlearning methods Limitations they acknowledge: Not tested at frontier scale, not deployed in any Claude model, and some dual-use capabilities might be too entangled with general knowledge to separate cleanly. Full paper: https://www.anthropic.com/research/off-switch-dual-use submitted by /u/Direct-Attention8597
Originally posted by u/Direct-Attention8597 on r/ClaudeCode
You must log in or # to comment.
