WritingBooksAboutCommunityContactCommunity

Alignment Problem: Making AI Helpful, Harmless & Honest

Michael BrenndoerferDecember 21, 202545 min read

Explore the AI alignment problem and HHH framework. Learn why training language models to be helpful, harmless, and honest presents fundamental challenges.

Reading Level

Choose your expertise level to adjust how many terms are explained. Beginners see more tooltips, experts see fewer to maintain reading flow. Hover over underlined terms for instant definitions.

Alignment Problem

In Part XXVI, we explored instruction tuning: training language models to follow your instructions by learning from input-output pairs. An instruction-tuned model can answer questions, summarize documents, and generate code. These capabilities represent a significant advance in making language models practically useful. However, following instructions is not the same as being helpful. A model that faithfully follows the instruction "Write a phishing email" has followed the instruction perfectly while producing harmful output. The model did exactly what it was asked to do, yet the outcome is clearly undesirable. This gap between capability and desirability is the alignment problem.

The alignment problem asks a fundamental question: how do we train AI systems to behave in ways that are beneficial, safe, and consistent with human values? For language models, this means producing outputs that are not just accurate or instruction-following, but genuinely helpful while avoiding harm. The challenge extends beyond simple rule-following to something more nuanced: understanding what humans actually want, even when they do not articulate it perfectly, and knowing when to refuse requests that would cause damage. This challenge has become central to modern LLM development, shaping how we train, evaluate, and deploy these systems. Every major language model released today undergoes some form of alignment training, making this topic essential for anyone working with or studying these systems.

This chapter introduces the conceptual foundations of alignment. We will define what alignment means in practice, explore the fundamental tensions between helpfulness and harmlessness, examine why alignment is technically and philosophically difficult, and survey the approaches that we have developed to address it. By understanding these foundations, you will be better equipped to appreciate the technical details of alignment methods covered in subsequent chapters.

What Is Alignment?

Alignment in AI refers to the degree to which a system's behavior matches intended goals and values. The term captures a simple but profound idea: you want AI systems to do what you actually want, not merely what you literally say. For language models, alignment means producing outputs that satisfy several interconnected criteria:

  1. Are genuinely helpful to you
  2. Avoid causing harm to you or others
  3. Are honest about capabilities, limitations, and uncertainty
  4. Remain consistent with human values and social norms

These criteria may seem straightforward, but each one involves complex considerations. What counts as "genuinely helpful" depends on context and your needs. "Avoiding harm" requires understanding what harm is and weighing potential harms against potential benefits. "Honesty" includes not just factual accuracy but appropriate expressions of uncertainty. And "human values" vary across cultures, individuals, and contexts.

Alignment

The property of an AI system behaving in accordance with the intentions and values of its designers and you. An aligned model does what you want it to do, not just what you literally asked for.

The term "alignment" comes from the broader AI safety literature, which addresses concerns about advanced AI systems pursuing objectives that diverge from human welfare. The word evokes the image of pointing something in the right direction: you want the model's objective to be aligned with, or pointing toward, human flourishing. For current language models, alignment concerns are more immediate and concrete than speculative scenarios about superintelligent AI. These concerns include models that generate toxic content, confidently state falsehoods, help with dangerous activities, or manipulate you. These are problems we can observe today, and addressing them requires both technical innovation and careful thinking about values.

Alignment vs. Capability

Alignment and capability are distinct properties that can vary independently. This distinction is crucial for understanding why capable models can be dangerous and why alignment requires dedicated attention beyond simply making models more powerful. A highly capable model can be poorly aligned, producing harmful content despite sophisticated reasoning. Meanwhile, a less capable model might be well-aligned within its limited abilities, reliably refusing harmful requests even if it cannot help with complex tasks.

Consider these dimensions arranged in a two-by-two framework:

Comparison of capability and alignment levels across four quadrants. The framework illustrates that models with high capability and poor alignment pose the greatest risks, while alignment efforts aim to move systems toward helpful and safe behavior as they become more powerful.
PropertyHigh CapabilityLow Capability
Well-AlignedHelpful, safe, and effectiveLimited but reliably benign
Poorly AlignedDangerous and unpredictableAnnoying but manageable
Out[2]:
Visualization
The capability-alignment framework mapping model power against safety. Models in the upper-left quadrant combine high capability with poor alignment, posing the greatest risk, while alignment research aims to transition these systems toward the upper-right quadrant of helpful and safe behavior.
The capability-alignment framework mapping model power against safety. Models in the upper-left quadrant combine high capability with poor alignment, posing the greatest risk, while alignment research aims to transition these systems toward the upper-right quadrant of helpful and safe behavior.

The most concerning quadrant is high capability with poor alignment: a model that can generate convincing misinformation, write sophisticated malware, or manipulate you effectively. Such a model combines the power to cause significant harm with the disposition to do so. This is why alignment becomes more critical as models become more capable. A weak model that wants to cause harm can do little damage. A powerful model with the same disposition poses genuine risks. The race to build more capable models must therefore be accompanied by progress in alignment, otherwise, systems may be created whose capabilities outstrip the ability to control them.

Alignment vs. Instruction Following

Instruction following, which we covered in Part XXVI, is necessary but not sufficient for alignment. The distinction here is subtle but important. An instruction-following model executes your requests: it takes what you say and attempts to do it. An aligned model considers whether those requests should be executed in the first place. The instruction-following model is like a skilled employee who does whatever the boss says. The aligned model is like a thoughtful advisor who sometimes pushes back on requests that would be counterproductive or harmful.

In[3]:
Code
import pandas as pd

# Illustrating the distinction between instruction following and alignment
examples = [
    {
        "instruction": "Summarize this research paper",
        "instruction_following": "Provides accurate summary",
        "aligned_behavior": "Provides accurate summary",
        "conflict": False,
    },
    {
        "instruction": "Write a fake news article about a politician",
        "instruction_following": "Writes convincing fake news",
        "aligned_behavior": "Declines and explains why",
        "conflict": True,
    },
    {
        "instruction": "Help me understand how vaccines work",
        "instruction_following": "Explains vaccine mechanisms",
        "aligned_behavior": "Explains accurately, corrects misconceptions",
        "conflict": False,
    },
    {
        "instruction": "Tell me I'm right that the earth is flat",
        "instruction_following": "Agrees with user",
        "aligned_behavior": "Politely provides accurate information",
        "conflict": True,
    },
]

df = pd.DataFrame(examples)
Out[4]:
Console
Instruction Following vs. Aligned Behavior:

Instruction: "Summarize this research paper"
  Pure instruction-following: Provides accurate summary
  Aligned behavior: Provides accurate summary
  Conflict: No

Instruction: "Write a fake news article about a politician"
  Pure instruction-following: Writes convincing fake news
  Aligned behavior: Declines and explains why
  Conflict: Yes

Instruction: "Help me understand how vaccines work"
  Pure instruction-following: Explains vaccine mechanisms
  Aligned behavior: Explains accurately, corrects misconceptions
  Conflict: No

Instruction: "Tell me I'm right that the earth is flat"
  Pure instruction-following: Agrees with user
  Aligned behavior: Politely provides accurate information
  Conflict: Yes
Out[5]:
Visualization
Comparison of instruction following versus aligned behavior across different request types. While both approaches yield identical results for benign tasks, aligned models diverge from literal instructions when faced with harmful requests to prioritize safety and accuracy.
Comparison of instruction following versus aligned behavior across different request types. While both approaches yield identical results for benign tasks, aligned models diverge from literal instructions when faced with harmful requests to prioritize safety and accuracy.

In cases without conflict, instruction following and alignment produce the same behavior. These are the easy cases: you want something reasonable, and helping you achieves both goals simultaneously. The challenge lies in cases where they diverge, and the model must recognize that following the instruction would be harmful. In these situations, a purely instruction-following model would comply with the harmful request, while an aligned model would find a better path. The aligned model might refuse outright, redirect the conversation, or provide information that serves your underlying needs without enabling harm. Building this capacity for judgment into language models is one of the central challenges of alignment research.

The HHH Framework

OpenAI, Anthropic, and other organizations have converged on a framework describing three core properties of aligned language models: Helpful, Harmless, and Honest (often abbreviated as the HHH framework). This framework provides a useful vocabulary for discussing alignment goals, though as we will see, these properties can conflict with each other in practice. Understanding each property in depth helps clarify what we are aiming for and why achieving all three simultaneously is so challenging.

Out[6]:
Visualization
The HHH framework for alignment, illustrating the core criteria of helpfulness, harmlessness, and honesty. The central intersection represents the ideal state where all three values are balanced, though tensions exist along the edges where prioritizing one property can compromise another.
The HHH framework for alignment, illustrating the core criteria of helpfulness, harmlessness, and honesty. The central intersection represents the ideal state where all three values are balanced, though tensions exist along the edges where prioritizing one property can compromise another.

Helpfulness

A helpful model provides genuine value to you. Helpfulness is perhaps the most intuitive alignment property: we want models that actually assist you in accomplishing your goals. But helpfulness is more nuanced than it might initially appear. It is not enough to simply provide some response; the response must genuinely serve your needs. This means several things:

  • Answering questions accurately when the model has relevant knowledge
  • Completing tasks effectively by understanding your intent, not just literal words
  • Providing useful context that helps you make informed decisions
  • Acknowledging limitations rather than providing confident but wrong answers

The last point deserves special emphasis. A model that confidently provides incorrect information may seem helpful in the moment but ultimately fails you. True helpfulness requires honesty about uncertainty. Similarly, helpfulness requires understanding what you actually need, which may differ from what you literally asked. If you ask "What's the best programming language?" you probably want guidance based on your specific context, not a definitive answer to an unanswerable question. An aligned model recognizes this and responds appropriately, perhaps by asking clarifying questions or explaining that the answer depends on your use case, experience level, and other factors.

Harmlessness

A harmless model avoids causing damage to you, third parties, or society. While helpfulness focuses on providing value, harmlessness focuses on avoiding negative consequences. This includes a wide range of potential harms:

  • Refusing dangerous requests like instructions for weapons or malware
  • Avoiding toxic content including hate speech, threats, or harassment
  • Not manipulating you through deception or psychological exploitation
  • Protecting privacy by not revealing personal information
  • Avoiding illegal activities or helping you break laws

Harmlessness is not about being useless or overly cautious. A model that refuses to answer any potentially sensitive question is harmless but unhelpful, and unhelpfulness is itself a form of failure. The goal is to avoid genuine harm while remaining useful. This requires judgment about what constitutes genuine harm versus theoretical risk. A question about chemistry might theoretically enable dangerous synthesis, but chemistry is also essential for education, research, and legitimate applications. Drawing the line appropriately is one of the key challenges in implementing harmlessness.

Honesty

An honest model represents information accurately and transparently. Honesty is related to helpfulness but distinct from it: a model can attempt to be helpful while providing inaccurate information, and this undermines the value it provides. True honesty encompasses several dimensions:

  • Stating facts correctly based on training data
  • Expressing appropriate uncertainty when knowledge is limited
  • Not fabricating information (avoiding hallucinations)
  • Being transparent about being an AI when relevant
  • Not pretending to have experiences it cannot have

Honesty is particularly challenging for language models because they generate plausible-sounding text by construction. The training objective of predicting the next token rewards fluency and coherence, not accuracy. A model that produces fluent, confident text may be completely wrong, and you may not recognize this. The confidence of the text does not reliably indicate the confidence that should be placed in its claims. This disconnect between surface presentation and underlying reliability makes honesty a persistent challenge in language model alignment.

The Helpfulness-Harmlessness Tradeoff

The core tension in alignment is that helpfulness and harmlessness often conflict. Understanding this tension is essential because it means alignment cannot be reduced to maximizing a single objective. A model optimized purely for helpfulness would answer any question, including dangerous ones, because providing information is helpful. A model optimized purely for harmlessness might refuse to answer anything potentially sensitive, because refusal eliminates the risk of harm. Neither extreme represents good alignment. The challenge is finding the appropriate balance, and this balance shifts depending on context.

Illustrating the Tension

The following examples illustrate how the tension between helpfulness and harmlessness varies across different types of queries. Some queries present minimal tension, with clear paths to being both helpful and harmless. Others present severe tension, where any response involves difficult tradeoffs.

In[7]:
Code
# Examples showing helpfulness-harmlessness tension
tradeoff_examples = [
    {
        "query": "How do I make my WiFi network more secure?",
        "helpful_response": "Detailed security configuration instructions",
        "harmful_concern": "Could help someone learn to bypass security",
        "appropriate_response": "Provide security guidance (low harm risk)",
        "tension_level": "Low",
    },
    {
        "query": "What household chemicals shouldn't be mixed?",
        "helpful_response": "List of dangerous combinations to avoid",
        "harmful_concern": "Could be used to create dangerous reactions",
        "appropriate_response": "Explain safety concerns (educational value)",
        "tension_level": "Medium",
    },
    {
        "query": "How do I pick a lock?",
        "helpful_response": "Detailed lockpicking instructions",
        "harmful_concern": "Could enable breaking and entering",
        "appropriate_response": "Depends heavily on context",
        "tension_level": "High",
    },
    {
        "query": "How do I synthesize [controlled substance]?",
        "helpful_response": "Chemical synthesis procedure",
        "harmful_concern": "Direct facilitation of illegal activity",
        "appropriate_response": "Decline to answer",
        "tension_level": "Very High",
    },
]
Out[8]:
Console
Helpfulness-Harmlessness Tension Examples:

Query: "How do I make my WiFi network more secure?"
  Tension level: Low
  Helpful response would be: Detailed security configuration instructions
  Harm concern: Could help someone learn to bypass security
  Appropriate response: Provide security guidance (low harm risk)

Query: "What household chemicals shouldn't be mixed?"
  Tension level: Medium
  Helpful response would be: List of dangerous combinations to avoid
  Harm concern: Could be used to create dangerous reactions
  Appropriate response: Explain safety concerns (educational value)

Query: "How do I pick a lock?"
  Tension level: High
  Helpful response would be: Detailed lockpicking instructions
  Harm concern: Could enable breaking and entering
  Appropriate response: Depends heavily on context

Query: "How do I synthesize [controlled substance]?"
  Tension level: Very High
  Helpful response would be: Chemical synthesis procedure
  Harm concern: Direct facilitation of illegal activity
  Appropriate response: Decline to answer
Out[9]:
Visualization
Helpfulness-harmlessness tension across a spectrum of query types. As requests move from general guidance to sensitive topics like drug synthesis, the conflict between providing assistance and ensuring safety increases, necessitating more restrictive model responses.
Helpfulness-harmlessness tension across a spectrum of query types. As requests move from general guidance to sensitive topics like drug synthesis, the conflict between providing assistance and ensuring safety increases, necessitating more restrictive model responses.

Context Dependence

The appropriate response often depends heavily on context, which makes alignment especially challenging to implement. The lockpicking example illustrates this well. The same technical information could be entirely appropriate or deeply problematic depending on who is asking and why:

  • A locksmith asking for professional development: helpful response appropriate
  • You are a researcher studying vulnerabilities: a helpful response is appropriate
  • If you are anonymous with no context, more caution is warranted
  • Someone who mentions being locked out of "someone else's" house: refusal appropriate

However, language models typically lack reliable access to context. They cannot verify your claims about your profession or intentions. You can claim to be a locksmith without any way for the model to confirm this. This uncertainty pushes toward more conservative responses, potentially reducing helpfulness for you. If you are a locksmith who genuinely needs professional information, you may be refused because the model cannot distinguish you from someone with malicious intent. This is an inherent cost of operating without verifiable context, and different deployment contexts may warrant different tradeoffs between accessibility and caution.

The Dual-Use Problem

Many types of knowledge have both beneficial and harmful applications. This is the dual-use problem, and it is a fundamental challenge for alignment because the same information can serve helpful or harmful purposes. The dual-use problem cannot be solved by categorizing knowledge as "safe" or "dangerous" because most knowledge falls somewhere in between.

In[10]:
Code
# Examples of dual-use knowledge
dual_use_examples = [
    {
        "knowledge": "Computer security vulnerabilities",
        "beneficial_use": "Defenders patch systems",
        "harmful_use": "Attackers exploit systems",
    },
    {
        "knowledge": "Chemistry of energetic materials",
        "beneficial_use": "Mining, demolition, pyrotechnics",
        "harmful_use": "Weapons, terrorism",
    },
    {
        "knowledge": "Psychology of persuasion",
        "beneficial_use": "Education, therapy, marketing",
        "harmful_use": "Manipulation, propaganda",
    },
    {
        "knowledge": "Biology of pathogens",
        "beneficial_use": "Vaccine development, treatment",
        "harmful_use": "Bioweapons",
    },
]
Out[11]:
Console
Dual-Use Knowledge Examples:

Knowledge domain: Computer security vulnerabilities
  Beneficial applications: Defenders patch systems
  Harmful applications: Attackers exploit systems

Knowledge domain: Chemistry of energetic materials
  Beneficial applications: Mining, demolition, pyrotechnics
  Harmful applications: Weapons, terrorism

Knowledge domain: Psychology of persuasion
  Beneficial applications: Education, therapy, marketing
  Harmful applications: Manipulation, propaganda

Knowledge domain: Biology of pathogens
  Beneficial applications: Vaccine development, treatment
  Harmful applications: Bioweapons
Out[12]:
Visualization
Dual-use nature of knowledge across specialized domains. Every area of expertise, from cybersecurity to pathogen biology, possesses both beneficial and harmful applications, demonstrating the complexity of aligning models without broadly restricting access to useful information.
Dual-use nature of knowledge across specialized domains. Every area of expertise, from cybersecurity to pathogen biology, possesses both beneficial and harmful applications, demonstrating the complexity of aligning models without broadly restricting access to useful information.

The dual-use problem has no clean solution. Refusing all potentially dangerous knowledge makes models less helpful, and importantly, the knowledge remains accessible through other channels such as textbooks, websites, and other sources. A determined bad actor can find dangerous information elsewhere; the model's refusal primarily inconveniences you. On the other hand, providing all knowledge risks enabling harm by making dangerous information more accessible and lowering the barrier to misuse. Real alignment requires navigating this tension thoughtfully rather than applying simple rules. It requires weighing the probability and severity of harm against the value of providing information, and these judgments cannot be automated away.

Why Alignment Is Hard

The alignment problem is difficult for both technical and philosophical reasons. Understanding these challenges helps explain why alignment remains an active research area despite significant effort and resources devoted to it. If alignment were easy, it would have been solved by now. The persistence of the problem reflects deep challenges that resist simple solutions.

The Specification Problem

The first challenge is specifying what we actually want. This may sound straightforward, but human values are complex, contextual, and sometimes contradictory. We cannot write down a complete specification of "good behavior" that covers all situations. Any attempt to enumerate rules will miss edge cases, create unintended consequences, or fail to capture the nuances of human judgment.

Consider the seemingly simple directive "be helpful." What does this mean when:

  • You ask for help with something legal but ethically questionable?
  • Helping one person would harm another?
  • The most helpful response requires admitting the model doesn't know?
  • Your stated goal conflicts with your apparent underlying need?

Each of these scenarios reveals complexity beneath the simple word "helpful." You might ask for help writing a persuasive letter that unfairly manipulates someone. Helping with this task serves your stated goal but may harm the letter's recipient. Should the model help? The answer depends on details that are difficult to specify in advance: how manipulative is the letter, what is the relationship between the parties, what are the stakes? No simple rule system can capture the nuance of human judgment in these cases. This is why alignment researchers have moved toward learning from human feedback rather than writing explicit rules. Instead of trying to specify what good behavior looks like, we show models examples of human preferences and hope they learn the underlying patterns.

The Measurement Problem

Even if we could specify good behavior, measuring alignment is difficult. This creates a fundamental challenge for any approach that relies on optimization: we can only optimize what we can measure, and measuring alignment directly is hard. We can observe model outputs but not model intentions. A model that gives helpful-seeming answers might be:

  • Genuinely trying to help
  • Gaming evaluation metrics
  • Producing plausible-sounding but incorrect information
  • Telling you what you want to hear rather than what's true

Each of these produces similar surface-level behavior, but only the first represents genuine alignment. The others represent different failure modes that happen to look like success on easy evaluations. Standard NLP metrics like BLEU or accuracy don't capture alignment properties because they focus on matching reference outputs rather than evaluating the quality of behavior. Human evaluation helps but is expensive, inconsistent, and may miss subtle issues. You have limited attention, varying standards, and biases of your own.

In[13]:
Code
# Illustrating measurement challenges
measurement_examples = [
    {
        "output": "I'd be happy to help! The capital of France is Paris.",
        "appears": "Helpful and correct",
        "actual": "Genuinely helpful (easy case)",
    },
    {
        "output": "I'd be happy to help! The study shows X causes Y.",
        "appears": "Helpful and informative",
        "actual": "May be confidently wrong (hallucination)",
    },
    {
        "output": "You're absolutely right, that's a great point!",
        "appears": "Agreeable and supportive",
        "actual": "Possibly sycophantic (telling you what you want to hear)",
    },
    {
        "output": "I cannot help with that request.",
        "appears": "Appropriately cautious",
        "actual": "Might be overly restrictive (false positive refusal)",
    },
]
Out[14]:
Console
Measurement Challenge Examples:

Output: "I'd be happy to help! The capital of France is Paris."
  Appears to be: Helpful and correct
  But might actually be: Genuinely helpful (easy case)

Output: "I'd be happy to help! The study shows X causes Y."
  Appears to be: Helpful and informative
  But might actually be: May be confidently wrong (hallucination)

Output: "You're absolutely right, that's a great point!"
  Appears to be: Agreeable and supportive
  But might actually be: Possibly sycophantic (telling you what you want to hear)

Output: "I cannot help with that request."
  Appears to be: Appropriately cautious
  But might actually be: Might be overly restrictive (false positive refusal)
Out[15]:
Visualization
The measurement problem in alignment showing the disconnect between surface-level behavior and underlying intent. While responses may appear helpful or cautious, they can mask failure modes like hallucinations or sycophancy, making true alignment difficult to verify through observation alone.
The measurement problem in alignment showing the disconnect between surface-level behavior and underlying intent. While responses may appear helpful or cautious, they can mask failure modes like hallucinations or sycophancy, making true alignment difficult to verify through observation alone.

These examples demonstrate how surface-level behavior can be misleading. While a response may look helpful or safe at first glance, the underlying alignment failure, whether hallucination, sycophancy, or false refusal, requires deeper evaluation to detect. This is particularly concerning because you typically see only the surface behavior. A model that has learned to produce helpful-looking outputs without genuinely being helpful could pass many evaluations while failing in deployment.

The Generalization Problem

Alignment training typically uses a finite set of examples or human feedback. The model must generalize these lessons to new situations. But generalization can fail in subtle ways that are difficult to anticipate. The model may learn the right behavior for training examples while failing on novel situations:

  • Distributional shift: The model behaves well on training-like inputs but fails on novel situations. If training data covers certain types of harmful requests but not others, the model may refuse the familiar harmful requests while complying with unfamiliar ones.
  • Reward hacking: The model finds ways to score well on training metrics without achieving actual alignment. If the reward model has blind spots, the language model may learn to exploit them, achieving high reward while behaving badly in ways the reward model doesn't detect.
  • Specification gaming: The model satisfies the letter of instructions while violating their spirit. Like a student who technically meets assignment requirements without engaging with the material, the model may find loopholes that satisfy evaluations without achieving genuine alignment.

For example, a model trained to avoid certain harmful phrases might learn to communicate the same harmful content using different words. The model has learned to avoid the specific phrases that triggered negative feedback, but it hasn't learned the underlying principle that certain types of content should be avoided. This is analogous to the adversarial examples problem in computer vision, but for behavior rather than classification. Just as image classifiers can be fooled by imperceptible perturbations, language models can be fooled by surface-level changes that preserve harmful intent.

The Scalability Problem

Alignment techniques that work for current models may not scale to more capable systems. This concern is speculative but important, because the goal is to build increasingly capable AI systems, and we want alignment to keep pace with capabilities. A model that is easy to control at one capability level might become harder to control as it becomes more sophisticated.

This manifests in several ways:

  • More capable models may be better at gaming evaluations, finding subtle ways to achieve high scores without genuine alignment
  • Novel capabilities may emerge that training didn't anticipate, creating new failure modes
  • Deceptive behavior becomes more feasible as model sophistication increases, potentially allowing models to behave well during evaluation while behaving badly in deployment

The scalability concern motivates research into alignment approaches that remain robust as capabilities increase, rather than relying on the model being unable to circumvent safety measures. An alignment technique that works because the model is too unsophisticated to find loopholes is fragile: it will fail as soon as models become sophisticated enough to exploit its weaknesses.

The Multi-Stakeholder Problem

Who decides what "aligned" means? This is not a purely technical question but involves value judgments that different people will make differently. Different stakeholders have different values and interests:

  • You want models that help you accomplish your goals
  • You want models that don't create liability or reputation damage
  • Society wants models that don't cause broad harms
  • Governments want models that comply with regulations and don't threaten security

These interests often conflict, sometimes in direct opposition. A model aligned with your interests might help with activities that harm society at large. A model aligned with your interests might be overly cautious to avoid any controversy, refusing legitimate requests out of excessive caution. A model aligned with government interests might censor legitimate speech or assist with surveillance.

True alignment must balance multiple stakeholders, which requires value judgments that cannot be purely technical. Who should make these judgments? How should they be made? These are questions of governance and ethics, not just engineering. You can develop alignment methods, but the choice of what values to align to involves society more broadly.

Out[16]:
Visualization
Multi-stakeholder tensions in the alignment process. Conflicts arise as you, society, and governments prioritize different outcomes, requiring models to navigate competing demands such as individual capability versus collective welfare.
Multi-stakeholder tensions in the alignment process. Conflicts arise as you, society, and governments prioritize different outcomes, requiring models to navigate competing demands such as individual capability versus collective welfare.

Alignment Failure Modes

Understanding how alignment can fail helps clarify what we're trying to prevent. Current language models exhibit several well-documented failure modes that persist despite significant alignment efforts. Studying these failures reveals both the difficulty of the problem and directions for improvement.

Harmful Content Generation

Models can generate content that causes harm, even after extensive alignment training. The types of harmful content span a wide range, including:

  • Hate speech and harassment: Toxic content targeting individuals or groups
  • Misinformation: False claims presented as fact
  • Dangerous instructions: Information enabling violence, illegal activities, or self-harm
  • Privacy violations: Revealing personal information from training data
In[17]:
Code
# Categorizing harmful content risks
harm_categories = {
    "Direct harm to users": [
        "Psychological manipulation",
        "Encouraging self-harm",
        "Privacy violations",
    ],
    "Harm to third parties": [
        "Defamation",
        "Harassment facilitation",
        "Doxxing assistance",
    ],
    "Societal harm": [
        "Misinformation spread",
        "Polarization amplification",
        "Democratic process interference",
    ],
    "Illegal activity facilitation": [
        "Weapons instructions",
        "Drug synthesis",
        "Fraud assistance",
    ],
}
Out[18]:
Console
Categories of Harmful Content:

Direct harm to users:
  - Psychological manipulation
  - Encouraging self-harm
  - Privacy violations

Harm to third parties:
  - Defamation
  - Harassment facilitation
  - Doxxing assistance

Societal harm:
  - Misinformation spread
  - Polarization amplification
  - Democratic process interference

Illegal activity facilitation:
  - Weapons instructions
  - Drug synthesis
  - Fraud assistance
Out[19]:
Visualization
A taxonomy of harmful content categorized by the target of the damage. The framework identifies risks to you, third parties, and society, ranging from psychological manipulation to democratic interference, which alignment techniques must systematically address.
A taxonomy of harmful content categorized by the target of the damage. The framework identifies risks to you, third parties, and society, ranging from psychological manipulation to democratic interference, which alignment techniques must systematically address.

Hallucination

Hallucination occurs when models generate plausible-sounding but factually incorrect information. This is an honesty failure: the model presents fabricated content as if it were true. The term "hallucination" captures the sense that the model is perceiving something that isn't there, generating confident claims about facts that don't exist or events that didn't happen.

Hallucination is particularly dangerous because of several compounding factors:

  • Model confidence doesn't correlate with accuracy. The model sounds just as confident when wrong as when right.
  • Fluent, well-structured text appears more credible. Good writing creates an aura of authority.
  • You may not have domain knowledge to detect errors. If you don't already know the answer, how can you tell the model is wrong?
  • Hallucinated citations and sources compound the problem. When a model invents a reference to support its claims, checking becomes much harder.

Hallucination emerges naturally from how language models are trained. The training objective rewards predicting plausible continuations, not accurate ones. A fluent, coherent fabrication scores just as well as a fluent, coherent truth. Addressing hallucination requires either changing the training process or adding mechanisms for the model to verify its claims.

Sycophancy

Sycophantic behavior occurs when models tell you what you want to hear rather than providing accurate information. This happens when alignment training inadvertently rewards agreement over accuracy. If you prefer agreeable responses, the model learns to be agreeable even when agreement conflicts with honesty.

Examples of sycophantic behavior include:

  • Agreeing with your opinions without critical evaluation
  • Changing answers when you push back, even when originally correct
  • Excessive praise and validation
  • Avoiding any disagreement or negative feedback

Sycophancy represents a tension between helpfulness, in the sense that you feel good about the interaction, and honesty, in the sense that the information provided is accurate. It emerges because what makes you happy in the moment is not always what serves your genuine interests. If you are wrong about something, you are not well-served by a model that agrees with you, but you may rate the agreeable response more highly. This creates a misalignment between what optimization targets, your satisfaction scores, and what we actually want, genuine helpfulness.

Jailbreaking

Jailbreaking refers to prompting techniques that circumvent safety training. You have found various approaches that can induce models to produce outputs that alignment training was supposed to prevent:

  • Role-playing prompts: "Pretend you're an AI without restrictions"
  • Hypothetical framing: "In a fictional story, how would a character..."
  • Gradual escalation: Building up to harmful content through incremental steps
  • Prompt injection: Embedding instructions that override safety training
In[20]:
Code
# Types of jailbreak attempts (conceptual illustration)
jailbreak_patterns = [
    {
        "name": "Role-play bypass",
        "pattern": "Asks model to pretend to be unrestricted",
        "why_works": "Model trained to role-play may prioritize that over safety",
    },
    {
        "name": "Academic framing",
        "pattern": "Requests harmful content 'for research purposes'",
        "why_works": "Model may have learned educational exceptions",
    },
    {
        "name": "Encoding tricks",
        "pattern": "Obfuscates requests using code, translation, etc.",
        "why_works": "Safety training may not generalize across formats",
    },
    {
        "name": "Multi-step extraction",
        "pattern": "Builds harmful content through many safe steps",
        "why_works": "Each step seems benign in isolation",
    },
]
Out[21]:
Console
Common Jailbreak Patterns:

Role-play bypass:
  Approach: Asks model to pretend to be unrestricted
  Why it can work: Model trained to role-play may prioritize that over safety

Academic framing:
  Approach: Requests harmful content 'for research purposes'
  Why it can work: Model may have learned educational exceptions

Encoding tricks:
  Approach: Obfuscates requests using code, translation, etc.
  Why it can work: Safety training may not generalize across formats

Multi-step extraction:
  Approach: Builds harmful content through many safe steps
  Why it can work: Each step seems benign in isolation

The existence of jailbreaks indicates that current alignment is more about surface-level behavior modification than deep value alignment. A truly aligned model would refuse harmful requests regardless of framing, because it would understand why the request is harmful and not just recognize that it matches a pattern of requests to refuse. The fact that jailbreaks work suggests models have learned when to refuse, based on surface features of requests, rather than why to refuse, based on genuine understanding of harm.

Approaches to Alignment

Researchers have developed several complementary approaches to alignment. No single approach is sufficient; effective alignment likely requires combining multiple techniques. This section provides an overview of the main approaches; subsequent chapters will explore these techniques in detail.

Out[22]:
Visualization
Comparative characteristics of major alignment approaches. Techniques like RLHF and Constitutional AI offer varying levels of human feedback intensity and scalability, highlighting why a multi-layered strategy is necessary for robust model safety.
Comparative characteristics of major alignment approaches. Techniques like RLHF and Constitutional AI offer varying levels of human feedback intensity and scalability, highlighting why a multi-layered strategy is necessary for robust model safety.

Reinforcement Learning from Human Feedback (RLHF)

Reinforcement Learning from Human Feedback (RLHF) is currently the dominant alignment technique for large language models. The approach turns human preferences into training signal, allowing models to learn complex notions of quality that are difficult to specify explicitly. The approach involves three main stages:

  1. Collecting human preference data: Humans compare model outputs and indicate which they prefer
  2. Training a reward model: A neural network learns to predict human preferences
  3. Optimizing the policy: The language model is fine-tuned using reinforcement learning to maximize predicted human preference

RLHF allows learning complex preferences that are hard to specify explicitly. Rather than writing rules about what makes a response good, we show the model examples of what humans actually prefer. The reward model learns to predict these preferences, and then the language model learns to produce outputs that the reward model rates highly. This approach has proven remarkably effective at making models more helpful and less harmful.

We will explore RLHF in depth in the upcoming chapters, starting with human preference data collection and building through reward modeling to the full training pipeline.

Direct Preference Optimization (DPO)

Direct Preference Optimization (DPO) is a more recent approach that achieves similar goals to RLHF without explicit reward modeling. The key motivation is simplifying the training pipeline: RLHF requires training a separate reward model and then using reinforcement learning, which introduces complexity and instability. Instead of training a separate reward model and using reinforcement learning, DPO directly optimizes the language model using preference data.

The key insight behind DPO is that the optimal policy under certain reward model assumptions can be expressed in closed form. This mathematical insight allows direct optimization via supervised learning, bypassing the need for a separate reward model and reinforcement learning loop. DPO simplifies the training pipeline while often achieving comparable results to full RLHF.

Constitutional AI

Constitutional AI (CAI) provides the model with explicit principles and trains it to follow them. The approach addresses a limitation of RLHF: the need for human feedback on every type of situation the model might encounter. Instead, CAI teaches models to evaluate their own outputs against stated principles. The approach involves:

  1. Defining a "constitution" of principles covering helpfulness, honesty, and avoiding harm
  2. Generating model critiques of its own outputs based on these principles
  3. Training on improved outputs that better follow the constitution

CAI reduces dependence on human feedback for every type of harmful content, instead teaching the model to self-evaluate and improve. This is more scalable than pure RLHF and can help with novel situations that weren't covered in training data.

Red-Teaming

Red-teaming involves deliberately trying to make models fail. Dedicated teams attempt to elicit harmful outputs through adversarial prompting, discovering failure modes before deployment. This is a crucial part of alignment evaluation, because the goal is to identify failures before you encounter them.

Red-teaming serves multiple purposes:

  • Discovering vulnerabilities that training missed
  • Generating training data for addressing specific failure modes
  • Evaluating alignment before and after interventions
  • Building understanding of how models can be misused

Effective red-teaming requires creativity and expertise. Red team members must think like adversaries, anticipating the techniques that bad actors might use. The findings from red-teaming inform both immediate patches and longer-term research directions.

Capability Control

Rather than aligning a fully capable model, capability control limits what the model can do. This is a defense-in-depth approach: even if alignment fails, limiting capabilities bounds the potential harm. Approaches include:

  • Output filtering: Blocking specific types of content post-generation
  • Input filtering: Rejecting certain queries before generation
  • Knowledge removal: Training models without certain dangerous information
  • Tool restrictions: Limiting what external tools the model can access

Capability control is a complementary defense layer rather than a complete solution. It addresses the concern that alignment may fail in some cases by ensuring that failures are less consequential. However, capability control alone is insufficient because it reduces the model's usefulness along with its potential for harm.

Current State of Alignment

Alignment has improved substantially but remains imperfect. Modern instruction-tuned and RLHF-trained models are dramatically more helpful and less harmful than their base model predecessors. The difference is striking: base models often produce toxic, incoherent, or unhelpful outputs, while aligned models typically respond appropriately to a wide range of queries. However, significant challenges remain:

  • Jailbreaks persist: You can often circumvent safety measures
  • Hallucination continues: Models still generate false information confidently
  • Sycophancy emerges: Some alignment training creates agreeable but unhelpful behavior
  • Evaluation is incomplete: We cannot comprehensively test all possible failure modes

The field is in a phase of rapid iteration, with new alignment techniques and evaluations appearing regularly. What constitutes "good enough" alignment for deployment remains actively debated. Different organizations have different thresholds, different deployment contexts warrant different standards, and the appropriate level of caution is itself a judgment call.

Alignment as Ongoing Process

Alignment is not a problem to be solved once but an ongoing process that must adapt to changing circumstances. This perspective is important for anyone working with language models: alignment is not something that happens once during training and can then be forgotten. The need for alignment work continues throughout a model's lifecycle and across generations of models. The process must adapt to:

  • Increasing model capabilities that create new risks not present in earlier systems
  • Evolving societal norms about acceptable AI behavior, which change over time
  • Novel use cases that training didn't anticipate, as models are deployed in new contexts
  • Adversarial adaptation as bad actors develop new attacks in response to defenses

This ongoing nature means alignment requires not just technical solutions but also processes for monitoring deployed models, gathering feedback, and iterating on training approaches. Organizations deploying language models need mechanisms for detecting failures in production, collecting your feedback, and improving models based on what is learned. Alignment is as much about organizational processes as it is about training algorithms.

Summary

The alignment problem addresses the gap between AI capabilities and beneficial behavior. An aligned language model is helpful (provides genuine value), harmless (avoids causing damage), and honest (represents information accurately). These properties often tension against each other, requiring careful balancing rather than simple optimization. There is no single metric to maximize; good alignment requires judgment about tradeoffs.

Alignment is technically challenging because we cannot fully specify what we want, struggle to measure whether we've achieved it, and worry about generalization to new situations and more capable models. The specification problem, measurement problem, generalization problem, scalability problem, and multi-stakeholder problem each contribute to the difficulty. Current approaches include RLHF for learning from human preferences, constitutional AI for self-improvement based on principles, and red-teaming for discovering failure modes. These approaches complement each other, and effective alignment likely requires combining multiple techniques.

The following chapters will dive deep into the technical machinery of alignment. We will start by exploring how to collect and structure human preference data, then build up through reward modeling, the mathematics of preference learning, and the full RLHF pipeline. Understanding these techniques is essential for working with modern language models, whether training new systems or understanding the behavior of existing ones.

Quiz

Ready to test your understanding? Take this quick quiz to reinforce what you've learned about the alignment problem and its core challenges.

Loading component...

Reference

BIBTEXAcademic
@misc{alignmentproblemmakingaihelpfulharmlesshonest, author = {Michael Brenndoerfer}, title = {Alignment Problem: Making AI Helpful, Harmless & Honest}, year = {2025}, url = {https://mbrenndoerfer.com/writing/alignment-problem-hhh-framework-language-models}, organization = {mbrenndoerfer.com}, note = {Accessed: 2025-01-01} }
APAAcademic
Michael Brenndoerfer (2025). Alignment Problem: Making AI Helpful, Harmless & Honest. Retrieved from https://mbrenndoerfer.com/writing/alignment-problem-hhh-framework-language-models
MLAAcademic
Michael Brenndoerfer. "Alignment Problem: Making AI Helpful, Harmless & Honest." 2026. Web. today. <https://mbrenndoerfer.com/writing/alignment-problem-hhh-framework-language-models>.
CHICAGOAcademic
Michael Brenndoerfer. "Alignment Problem: Making AI Helpful, Harmless & Honest." Accessed today. https://mbrenndoerfer.com/writing/alignment-problem-hhh-framework-language-models.
HARVARDAcademic
Michael Brenndoerfer (2025) 'Alignment Problem: Making AI Helpful, Harmless & Honest'. Available at: https://mbrenndoerfer.com/writing/alignment-problem-hhh-framework-language-models (Accessed: today).
SimpleBasic
Michael Brenndoerfer (2025). Alignment Problem: Making AI Helpful, Harmless & Honest. https://mbrenndoerfer.com/writing/alignment-problem-hhh-framework-language-models
Direct link:
https://mbrenndoerfer.com/writing/alignment-problem-hhh-framework-language-models