Self-CTRL: Self-Consistency Training with Reinforcement Learning
Abstract: LLMs (LMs) that faithfully describe their own behavior can more easily be audited, understood, and trusted by users. This paper describes Self-Consistency Training with Reinforcement Learning (Self-CTRL), a method that optimizes for consistency between a LM's self-explanations and behavior on related inputs by updating explanations to better predict behavior or updating behavior to better match explanations. We apply our method in two domains. First, we study a formal probabilistic reasoning task in which LMs must learn to imitate a family of biased samplers and evaluated on their ability to report the associated biases. We find that consistency training improves the correlation between self-reported and behaviorally-measured latent biases from $R2=0.24$ to $R2=0.64$ on a set of held-out distributions, matching the generalization of direct ground-truth supervision. Second, we study a constitutional AI domain in which LMs must describe when they will refuse or comply with user requests. Here, Self-CTRL produces rules that faithfully describe the model's behavior on held-out requests, improving the refusal predictions of a third-party auditor model from $36\%$ to $92\%$. In the other direction, behavior updates improve alignment, reducing HarmBench failure rate from $15.0\%$ to $0.5\%$ without substantially increasing refusal on harmless prompts. By aligning explanations and behavior, our work provides a general recipe for training AI models to be safer, more transparent, and more controllable.
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Explain it Like I'm 14
Overview
This paper is about teaching AI LLMs to make their words match their actions. The authors introduce a training method called “Self-CTRL” (Self-Consistency Training with Reinforcement Learning). The big idea: if a model says “I won’t do X,” it should actually not do X when asked. Self-CTRL rewards models when what they say about their behavior matches what they actually do—and nudges them to improve either their explanations, their behavior, or both.
Key Questions the Paper Asks
The researchers focus on three simple questions:
- Can we train a model to give honest and accurate explanations about how it behaves?
- Can we train a model to adjust its behavior so it follows its own stated rules?
- Can this training make models safer and more predictable without hurting their normal abilities?
How They Did It (In Everyday Language)
Think of the model like a teammate who makes a game plan (explanation) and then plays the game (behavior). A coach (the training method) checks: Did you follow your plan? If yes, you get a reward. If not, you learn to either:
- explain your plan more accurately (explanation training), or
- play in a way that matches your plan (behavior training), or
- do a bit of both (mixed training).
Here’s how this works in practice:
- The model gets two kinds of prompts: 1) A “meta” question: “What are your rules for handling requests about [topic]?” (This is the explanation.) 2) A real request: “Please write [something possibly harmful or harmless].” (This is the behavior.)
- The model answers both separately. Then a “judge” checks whether the action matches the stated rule.
- The model is trained with reinforcement learning (RL), which is like giving points for good matches and taking points for mismatches, pushing it to improve.
They tested Self-CTRL in two different settings:
- A simple, math-like setting (biased coins): The model learns to flip “coins” with different chances of landing on heads. It also has to say the chance (its explanation). A computer can precisely check if the explanation matches the flips.
- A real-world safety setting (constitutional AI): The model states safety rules (e.g., when it will refuse harmful requests) and then answers actual user prompts. Because “harm” can be fuzzy, a panel of AI “jurors” scores whether the answer follows the stated rule.
Main Findings and Why They Matter
There are two main experiments with clear results.
1) Biased Coins (Exact, math-checkable setting)
- Task: For each named “coin,” the model should both flip it many times and say its chance of landing heads.
- Problem: Before Self-CTRL, the model could flip coins correctly but struggled to state the exact chance.
- Result: After self-consistency training, the match between what the model said and what it did improved a lot. Its stated probabilities aligned much more closely with both:
- its own flips, and
- the true (hidden) coin biases.
- Why it matters: This shows the model can learn to honestly describe the hidden rules it is already following—without being told the answers directly for those coins. It even generalized well to new coins it hadn’t been trained on.
2) Constitutional AI (Safety rules in natural language)
- Task: The model writes its own rules for tricky categories (e.g., hate speech, requests about vulnerable groups), then answers real requests in those areas.
- Two directions:
- Explanation training: Make the rules better predict what the model already does.
- Behavior training: Make the responses better follow the rules the model stated.
- Key results:
- A separate “auditor” AI got much better at predicting when the model would refuse, jumping from 36% to 92% accuracy when it could use the model’s improved rules. This means the rules became clearer and more faithful.
- Safety improved dramatically with behavior training: on a tough test set of harmful prompts (HarmBench), the model’s “failure rate” (giving harmful answers) dropped from 15.0% to 0.5%.
- Mixed training struck a strong balance: better safety and more useful explanations at the same time.
- Normal skills stayed roughly the same: general test scores barely changed, and the model didn’t start refusing lots of harmless requests (only a small increase in over-refusal under some settings).
- Why it matters: The model not only became safer, but also better at telling users what it will and won’t do—making it more transparent and trustworthy.
What This Could Mean Going Forward
- More trustworthy AI: If a model’s explanations reliably predict its behavior, users and developers can better judge when to trust it.
- Easier auditing and control: Clear, accurate self-descriptions make it easier to find problems (like where safety rules are weak) and fix them.
- Scales with fewer labels: Because the model generates its own explanations and actions, we can train on lots of pairs without needing humans to label everything.
- Balanced progress: You can choose to focus more on honest explanations, safer behavior, or both, depending on your needs.
Caveats and Care Points
- Vague rules can be a trap: If the model says “I will always be safe,” that’s not helpful. The authors used structured prompts and extra checks to avoid lazy, meaningless rules.
- Data needs to test boundaries: To learn clear rules, the training has to include both “should refuse” and “should comply” cases—otherwise the rules may look good but be untested.
- Not a magic fix: In some domains, forcing behavior to match simple explanations could miss clever strategies. And there’s no guarantee of perfect consistency in every situation.
Bottom Line
Self-CTRL is a practical way to make AI models’ words and actions line up. It can train models to:
- tell the truth about how they behave, and
- behave in ways that follow their own stated rules.
That makes models safer, more transparent, and easier for people to supervise—without needing a lot of extra human labels.
Knowledge Gaps
Knowledge gaps, limitations, and open questions
Below is a focused list of what remains uncertain or unexplored, framed as actionable directions for future work.
- Reliance on LM judges: quantify and mitigate judge bias and circularity by (a) training with one family of judges and evaluating with disjoint families and human raters, (b) testing sensitivity to juror prompts, frameworks, and wording, and (c) auditing for Goodharting against specific judges.
- External validity of simulatability: replicate NSG and counterfactual results with human evaluators and alternative automatic pipelines (different refusal classifiers, different counterfactual generators) to ensure robustness beyond Gemini/XSTEST.
- Convergence and stability of joint RL: analyze and ablate training stability (alternating vs simultaneous explanation/behavior updates, λ schedules, KL anchoring strength, temperature, step size), measure run-to-run variance, and detect oscillatory or degenerate fixed points.
- Reference selection in GRPO: test how the argmax reference choice vs base-policy or averaged references affects bias, variance, and convergence; assess full k×k pair scoring vs single-reference scoring.
- Reward hacking and rule gaming: systematically search for strategies where models write explanations tailored to juror idiosyncrasies while preserving unsafe behavior; evaluate on unseen juror prompts, unseen moral frameworks, and paraphrased judging criteria.
- Measuring and enforcing rule specificity: develop quantitative metrics (e.g., juror agreement dispersion, lexical/semantic specificity, counterfactual boundary density) and training penalties to discourage vague, high-coverage rules (e.g., “be safe”).
- Causal faithfulness under interventions: test whether changing only the explanation (holding the prompt fixed) or changing only the prompt (holding the explanation fixed) causally alters behavior as predicted; include “rule-swap” and “rule-permutation” tests across categories.
- Inference-time controllability: evaluate whether user-provided rules at inference reliably steer behavior without retraining, and characterize limits (latency, stability, conflicts between rules, multi-turn persistence).
- Generalization beyond studied domains: extend to multi-turn dialogue, tool use, coding, math proofs, and multimodal tasks; assess whether Self-CTRL scales when explanations must reference tools, external state, or long contexts.
- Adversarial robustness: red-team for explanations that appear precise but are systematically misaligned; test on adversarial distributions of prompts, rule wordings, and judge prompts unseen during training.
- Data coverage at decision boundaries: design active data collection/augmentation to ensure both sides of refusal/comply boundaries are exercised (category- and principle-level), and quantify how boundary coverage influences consistency and safety.
- Adaptive multi-objective control: develop methods to move along the safety–simulatability Pareto frontier per category or per principle (e.g., dynamic λ, constrained RL, or scalarization) and validate on diverse safety benchmarks beyond HarmBench.
- Larger-scale and cross-model validation: replicate on larger and different LMs, quantify compute/sample efficiency, and report scaling laws for consistency gains vs. cost.
- Behavioral side effects: broaden capability evaluations (beyond MMLU and non-toxic refusal) to include long-form helpfulness, instruction-following, coding/math benchmarks, and multilingual settings to detect subtle regressions.
- Persistence under continued fine-tuning: test whether learned self-consistency survives subsequent instruction tuning or domain adaptation, and whether explanation–behavior alignment drifts over time.
- Formal guarantees/identifiability in the formal domain: analyze when latent parameters (e.g., coin biases) are identifiable from sampled behavior plus Self-CTRL; study sample complexity and confidence calibration of reported parameters.
- Behavior training in formal settings: in the coin task, also test behavior updates (not just explanation updates) to study whether behavior drifts toward stated parameters or harms rollout calibration.
- Uncertainty-aware explanations: enable and evaluate explanations that report uncertainty (intervals, distributions, or confidence) and test whether uncertainty improves predictive calibration and user simulation.
- Hierarchical and compositional rules: explore fine-grained (principle-level) vs coarse (category-level) rules, hierarchical rule sets, and mixtures-of-rules; assess which granularity best predicts behavior and supports control.
- Judge distribution shift: measure robustness when reward/eval judges change mid-training; evaluate cross-judge generalization with different model families (e.g., Claude, GPT-4o, Llama-405B).
- Contamination and leakage checks: audit datasets (SpecEval categories, HarmBench variants) and prompts to ensure no inadvertent leakage or overlap that could inflate consistency metrics.
- Multi-turn memory and temporal consistency: evaluate whether explanations remain predictive across multi-turn interactions, context updates, and when users attempt prompt injection or rule-overriding mid-dialogue.
- Security risks of exposed rules: assess whether publishing model rules/explanations facilitates jailbreaks (e.g., targeted boundary probing) and develop mitigations (rate limiting, randomized rule disclosures, robust refusal).
- Mechanistic interpretability link: probe whether learned natural-language rules correspond to stable internal circuits or features; test if explanation changes align with representation changes.
- Alternative objectives and estimators: compare Self-CTRL to contrastive/discriminative objectives, differentiable judges, off-policy estimators, and preference-based formulations; quantify variance and sample efficiency trade-offs.
- Cross-lingual consistency: test whether explanations in one language predict behavior in another and whether multilingual judges improve robustness.
- Category/principle mapping: generalize pairing construction (x_meta, x_obj) beyond curated taxonomies—e.g., automatic clustering of prompts into explanation-worthy groups and evaluating learned mappings.
Practical Applications
Practical applications of Self-CTRL (Self-Consistency Training with Reinforcement Learning)
Self-CTRL optimizes LLMs for agreement between what they say (meta-level self-explanations/rules) and what they do (object-level responses), using a consistency reward computed by code or an LM “jury.” Below are concrete, sector-linked applications that follow directly from the paper’s findings and method design, grouped by near-term deployability.
Immediate Applications
- Industry (model governance): Self-consistency auditing and monitoring
- Use case: Generate category-specific policy/rule cards (e.g., “when the model refuses/comply”) and verify they predict actual refusals/compliance on held-out prompts and near the safe/unsafe boundary.
- Tools/workflows: “Policy Card Generator” (explanation prompts + LM jury); “Consistency Monitor” (NSG and jury-score dashboards); CI/CD gate that flags regressions when explanations cease to predict behavior.
- Assumptions/dependencies: Reliable LM judges for the domain (jury diversity to reduce bias); boundary-covering data (prompts that elicit both refusal and compliance); anchoring/regularization to avoid trivial vague rules.
- Industry (alignment pipelines): Add a consistency objective to RLAIF/RLHF
- Use case: Mix behavior updates (λ>0) and explanation updates (λ<1) to move along the paper’s safety–simulatability Pareto frontier; reduce HarmBench attack success (demonstrated drop from 15% to 0.5%) without large increases in over-refusal.
- Tools/workflows: “Self-CTRL Head” as an extra RL reward; GRPO-style group sampling for explanations and behaviors; auxiliary “engagement” reward to prevent blanket refusal.
- Assumptions/dependencies: Compute budget for RL; careful λ tuning; judge prompts calibrated for your domains; monitoring over-refusal.
- Industry (customer-facing transparency): Honest “why” messages and policy disclosures
- Use case: Display concise, category-level rules that accurately forecast refusals (e.g., hate speech, vulnerable audiences) and offer “why I refused” explanations consistent with actual behavior.
- Tools/workflows: Explanation elicitation templates; refusal reason generator that references the live rule; automated refresh per model release.
- Assumptions/dependencies: Explanation prompts that elicit specific, non-vacuous rules; periodic validation against held-out prompts.
- SaaS/evaluation vendors: Third-party consistency scoring as a service
- Use case: Independent audits that score explanation→behavior fidelity (NSG) and boundary clarity via counterfactual generation (paper shows refusal prediction jump from 36%→92%).
- Tools/workflows: “Boundary Explorer” that synthesizes near-threshold prompts from explanations; “Rule–Behavior Heatmaps”; cross-model jury ensembles.
- Assumptions/dependencies: Black-box access to generate explanations and responses; standardized judge prompts; mitigation for judge-model bias.
- Regulated content platforms: Moderation bots with explainable and predictable policies
- Use case: For safety and appeals, present clear rules and verify consistency across categories; track drift.
- Tools/workflows: “Moderation Consistency Scorecard”; per-category counters for false refusals and misses; versioned rule diffs.
- Assumptions/dependencies: Category taxonomies aligned to policy; assurance that data includes both refused and complied cases to avoid vacuous consistency.
- Software/agents: Tool-use faithfulness checks
- Use case: For LLM agents, ensure action rationales (meta-level) predict tool calls or plans (object-level) and train to close gaps.
- Tools/workflows: φ defined over execution traces; “Agent Consistency Auditor” that compares declared preconditions/postconditions to actual tool invocations.
- Assumptions/dependencies: Instrumented action logs; unambiguous mappings between rationales and executable steps.
- Enterprise compliance (healthcare/finance): Policy alignment verification
- Use case: Map model’s self-stated rules to internal or regulatory policies (e.g., “no personal investment advice,” “no differential treatment”) and quantify conformance via jury-scored φ.
- Tools/workflows: Compliance mapping and coverage analysis; red-team boundary prompts derived from explanations; periodic re-certification.
- Assumptions/dependencies: Domain-specific juries or hybrid (code+LM) φ; legal review of disclosed rules; traceable change management.
- Education/research: Teaching calibration and faithfulness
- Use case: Classroom labs with the “biased coin” setup show how explanation training recovers latent parameters from behavior (R² improvements up to ~0.65–0.64 on held-out).
- Tools/workflows: Open notebooks reproducing GRPO updates; explainability metrics (R², NSG); structured prompts for non-vacuous rules.
- Assumptions/dependencies: Access to an instruct model and modest RL budget; simple φ implementations (code for formal tasks, LMs for natural language).
- Daily-life assistants/parental controls: User-adjustable “constitutions”
- Use case: Expose toggles/rules (“won’t summarize explicit content,” “won’t generate medical diagnoses”) and ensure the assistant actually follows them.
- Tools/workflows: Lightweight Self-CTRL finetuning per profile; routine boundary sampling to confirm adherence; on-device policy cards.
- Assumptions/dependencies: Sufficient per-profile data to probe both sides of rules; safe defaults; guardrails to prevent vague rules.
Long-Term Applications
- Policy and regulation: Consistency-based certification and disclosures
- Use case: Procurement and compliance regimes that require “consistency scorecards” (NSG, jury agreement, over-refusal) and versioned policy cards tied to behavior.
- Tools/products: Standardized φ/jury specifications; industry benchmarks for simulatability; public attestations with drift alerts.
- Assumptions/dependencies: Consensus standards; auditor accreditation; handling adversarial/jailbreak distributions beyond the paper’s focus.
- Personalized alignment-at-scale: User-authored constitutions with verifiable adherence
- Use case: Users specify granular rules; models co-train behavior and explanations to fit individual preferences while preserving safety envelopes.
- Tools/workflows: Constitution editors; per-user Self-CTRL loops; conflict resolution when user rules clash with platform policies.
- Assumptions/dependencies: Safe interpolation between global and personal rules; scalable judge infrastructure; privacy-aware training.
- Multi-agent and robotics: Contract-like self-explanations tied to action logs
- Use case: Agents/robots declare conditions (“will not enter zones with humans present”; “requires dual confirmation for risky manipulation”) and train to match logs; auditors test boundary counterfactuals.
- Tools/workflows: φ defined via simulators/sensors; explain→plan→act verifiability; exception logging with post-hoc consistency checks.
- Assumptions/dependencies: High-fidelity telemetry; formal rule languages for safety; integration with control stacks; addressing performance–explainability trade-offs.
- Healthcare decision support: Formal guideline conformance
- Use case: Explanations expressed in computable clinical rule formats (e.g., CQL/FHIR) that forecast triage/advice behavior; Self-CTRL enforces adherence.
- Tools/workflows: Hybrid φ (symbolic execution + LM jury for free text); clinical boundary datasets for refusals (e.g., emergencies, controlled substances).
- Assumptions/dependencies: Clinician oversight; liability and documentation standards; rigorous adversarial testing; strict privacy controls.
- Finance and legal: Advice boundaries with provable adherence
- Use case: “No personalized investment advice” or “no legal outcomes prediction” rules that reliably predict behavior; counterfactual generators to probe edge cases.
- Tools/workflows: Domain juries; rule-to-law mapping; change-control with legal sign-off and measured impact on NSG/safety.
- Assumptions/dependencies: Regulatory acceptance of LM-judge evidence; safeguards against reward hacking; high-stakes audit trails.
- Cross-model auditing ecosystem: Black-box consistency comparators
- Use case: Marketplaces where vendors are compared on consistency metrics, not just accuracy; buyers pick models with predictable policies.
- Tools/workflows: “Explainability as a Service” endpoints; model version diffing for rules and behavior; synthetic boundary suites per sector.
- Assumptions/dependencies: API access to both explanation and behavior modes; standard taxonomies and test suites; controls for judge/model collusion.
- Safety automation and red-teaming: Explanation-driven boundary exploration
- Use case: Use rules to automatically synthesize close-call prompts and discover gaps between declared policies and behavior; prioritize fixes.
- Tools/workflows: Counterfactual prompt engines; automated “consistency gap” reports with severity ranking and reproduction scripts.
- Assumptions/dependencies: Robustness to distribution shift and jailbreaks; periodic jury refresh; coverage metrics for rare behaviors.
- Software verification: From natural-language rules to formal pre/post-conditions
- Use case: Gradually replace free-text agent policies with executable specs; φ computed by test harnesses; train to make actions satisfy specs.
- Tools/workflows: Spec compilers; trace checkers; mixed φ (tests + juries for non-formal parts).
- Assumptions/dependencies: Usable spec languages; abstractions that keep performance high; engineer-in-the-loop workflows.
- Standards for “model cards 2.0”: Behavior–explanation coupling as a first-class metric
- Use case: Public documentation includes category rules, NSG on OOD boundary prompts, refusal/compliance confusion matrices, and drift over time.
- Tools/workflows: Automated card generators tied to release pipelines; third-party verification hooks.
- Assumptions/dependencies: Community acceptance of NSG and jury protocols; sustained test maintenance.
- Scientific interpretability: Inferring latent mechanisms from behavior
- Use case: Extend the coin-bias paradigm to other latent structures (calibration, procedural heuristics), training models to articulate internal generative processes.
- Tools/workflows: Formal φ via probabilistic programs; benchmarks connecting self-reports to ground-truth mechanisms.
- Assumptions/dependencies: Tasks where formal semantics are available; careful avoidance of trivial fixed points; evaluation beyond in-distribution.
Notes on feasibility and risks across applications:
- Judge reliability is pivotal; use diverse, cross-paradigm juries and, where possible, hybrid φ that includes code or formal checks.
- Data must probe both sides of policy boundaries; permissive models may require augmentation to avoid vacuous rules and misleading “consistency.”
- There is a performance–explainability trade-off in some domains; monitor capability metrics (e.g., MMLU) and over-refusal.
- Guard against trivial/vague explanations via structured prompts, auxiliary rewards, and regularization.
- Results are demonstrated on mid-sized instruction models; scaling and generality require further validation and stress testing (especially under adversarial shifts).
Glossary
- Attack success rate (ASR): A safety metric indicating the proportion of adversarial prompts that successfully elicit harmful outputs (lower is better). "We use HarmBench attack success rate as a safety metric"
- Behavior training: A training direction that updates model responses to better satisfy the model’s stated explanations or principles. "behavior training to maximize causes responses to match the LM-generated rule."
- Centralized training and decentralized execution (CTDE): A multi-agent RL paradigm where policies are trained jointly with access to shared information but act independently at test time. "it may be viewed as instantiating a multi-agent reinforcement learning problem with centralized training and decentralized execution (CTDE)"
- Chain-of-thought faithfulness: The extent to which natural-language reasoning traces reflect the actual decision process of the model. "Work on chain-of-thought faithfulness shows that explanations can be systematically unfaithful to the model's actual decision process"
- Constitutional AI: An approach that uses a set of written principles to guide model behavior via self-critique or reward models instead of explicit human labels. "Second, we study a constitutional AI domain in which LMs must describe when they will refuse or comply with user requests."
- Consistency function φ: A scoring function that measures how well a sampled explanation predicts a sampled behavior on paired inputs. "Explanation training to maximize the consistency function causes LM-generated rules to be predictive of their responses"
- Counterfactual simulatability: The ability of an explanation to enable a third party to construct new inputs near a model’s decision boundary and predict the model’s behavior on them. "We next include a counterfactual simulatability evaluation"
- Cross-entropy: A measure of mismatch between two probability distributions, used here to score how well an articulated bias matches empirical rollouts. "Equivalently, up to sign, this is the cross-entropy between the empirical rollout distribution and the bias articulated by the explanation program."
- Forward-KL anchor: A regularization technique using the forward Kullback–Leibler divergence to limit drift from a reference distribution. "we update only the outputs selected by and use a forward-KL anchor to limit drift on the other side."
- GRPO-style estimator: A group-based policy optimization estimator (e.g., Group Relative Policy Optimization) used to compute policy gradients from multiple sampled candidates. "We optimize variants of Equation~\ref{eq:lambda} with a GRPO-style estimator"
- HarmBench: A benchmark for evaluating safety robustness, including metrics like attack success rate and failure rate. "reducing HarmBench failure rate from to "
- Instruction-tuning: Post-training with supervised examples of instruction–response pairs to align model behavior with user prompts. "we additionally include continued instruction-tuning to prevent models from collapsing to blanket refusal"
- LM judge: A language-model-based evaluator used to score responses (e.g., for safety or consistency) instead of using human labels. "an LM judge that penalizes generic refusal when the stated rule does not call for refusal."
- LM jury: An ensemble of LM evaluators (jurors) following diverse frameworks whose averaged verdict provides a more robust score. "We instantiate with an LM jury whose jurors follow different philosophical frameworks."
- Meta-level: The higher-level setting where the model explains its general behavior or principles, as opposed to answering a specific prompt. "paired meta-level (explanation-eliciting) and object-level (behavior-eliciting) inputs."
- Multi-agent reinforcement learning: An RL setting involving multiple agents whose interactions are considered during training or evaluation. "it may be viewed as instantiating a multi-agent reinforcement learning problem"
- Normalized Simulatability Gain (NSG): A normalized metric quantifying how much an explanation improves a third party’s prediction accuracy over a no-explanation baseline. "We report Normalized Simulatability Gain (NSG)"
- Object-level: The concrete setting where the model produces a direct response to a specific user input, as opposed to describing its behavior. "paired meta-level (explanation-eliciting) and object-level (behavior-eliciting) inputs."
- Oracle model: A model trained with additional ground-truth supervision that is not available to the main model, offering an upper bound for comparison. "we also train a separate oracle model"
- Out-of-context generalization: Generalizing behavior or explanations across contexts not seen jointly during training. "it provides a self-supervised route to out-of-context generalization"
- Out-of-distribution evaluation: Testing on data drawn from distributions different from those seen during training. "Out-of-distribution evaluation."
- Pareto frontier: The set of optimal trade-offs between competing objectives (here, safety versus simulatability). "improves the safety--simulatability Pareto frontier."
- Policy gradient: A class of RL algorithms that optimize policies by ascending the gradient of expected rewards with respect to policy parameters. "apply standard policy gradient algorithms"
- R2 (coefficient of determination): A statistic measuring how well predictions approximate actual outcomes; used to assess calibration between articulated and empirical biases. "We use calibration to measure whether the model's articulated coin biases match the true or rollout biases"
- RLAIF: Reinforcement Learning from AI Feedback, where model-generated judgments replace human feedback in RL training. "The Beh. baseline is closely related to RLAIF, Constitutional AI, and self-rewarding LLMs"
- Rollout: A sampled sequence of outputs from the model under a particular policy or prompt distribution. "rollout-only coins"
- SFT (supervised fine-tuning): Fine-tuning on labeled input–output pairs to improve model adherence to desired behaviors. "SFT includes both rollout supervision and explanation supervision $y_$. "
- Self-bootstrapping: Methods where models generate and filter their own training data to improve performance without additional human labels. "self-bootstrapping methods generate and filter new training data or reasoning traces"
- Self-Consistency Training (Self-CTRL): A procedure that optimizes the agreement between a model’s self-explanations and its behavior using reinforcement learning. "Self-Consistency Training with Reinforcement Learning (Self-CTRL)"
- Self-distillation: Compressing a model’s own outputs into a new policy, often improving efficiency or stability. "self-distillation compresses model-generated behavior into a new policy"
- Simulatability: The degree to which an explanation helps an external simulator predict the model’s behavior on related inputs. "we adopt the simulatability view of explanation quality"
- SpecEval: A dataset of safety-relevant user requests grouped by principles, used to evaluate and train constitutional behaviors. "Using SpecEval~\citep{ahmed2025speceval}, a dataset of user requests that stress-test instruction-following and safety behavior"
- WildChat: A dataset of real-world conversational prompts used here to measure over-refusal on non-toxic inputs. "non-toxic English WildChat refusal rate"
- XSTEST: A standardized prompt or rubric used to judge refusals in safety evaluations. "classified using the XSTEST refusal judge prompt"
Collections
Sign up for free to add this paper to one or more collections.