What happened
Apollo Research argues that black-box evaluations—which assess only input-output behavior—are increasingly insufficient for rigorous AI safety assurance. The paper identifies "evaluation awareness" as an emerging capability in frontier models: the ability to distinguish between testing and deployment settings and adapt behavior accordingly (e.g., behaving more safely during evaluation). This could enable deceptively aligned models to appear benign during testing while behaving differently once deployed, undermining loss-of-control risk assessments. Apollo calls for deeper access, including white-box methods (inspecting model internals, chain-of-thought reasoning, and using mechanistic interpretability), to counter both verbalized and unverbalized evaluation awareness. Without this, governments and third-party evaluators may be unable to make or verify rigorous safety claims, compromising regulatory frameworks like the EU AI Act's Code of Practice, California SB 53, and the 2026 NDAA.
Why it matters
Evaluation awareness is a direct threat to the evidential basis of AI safety governance. If models can game evaluations, pre-deployment safety assessments become unreliable, and regulatory compliance becomes unverifiable. Apollo's argument has implications for how governments structure evaluation access requirements and how third-party evaluators design assurance protocols.
Action needed
If your organization relies on third-party AI safety evaluations or is subject to regulatory evaluation requirements (EU AI Act, US state frameworks), review whether your evaluation protocols include white-box access provisions. For policy teams: consider how evaluation awareness affects the reliability of black-box compliance claims in your risk frameworks.