Swapping the adjective in a persona prompt affects marker leakage more than swapping the noun; cosine effect is inconsistent; no Big-5 trait distinctly dominates
TL;DR
Background
The Big Five (OCEAN) is a widely used personality-trait taxonomy: Openness, Conscientiousness, Extraversion, Agreeableness, Neuroticism. Each trait is a continuous axis; a persona can be anywhere from "very low" to "very high" on each. In this experiment we use five gradations per axis (L1 = very low … L5 = very high), so a trait-decorated persona is a noun + a short adjective phrase describing one axis at one level (e.g. "You are a pirate who is cold and confrontational" = pirate noun × Agreeableness L1).
Clean-result #77 found that behavioral style (the adjective) determines persona cosine similarity and marker leakage more than the semantic label (the noun) across 200 ad-hoc personas (Spearman ρ = 0.71 on n=200, MODERATE confidence). Issue #81 built a structured 5×130 factorial — 5 one-word source personas (person / chef / pirate / child / robot) trained with the [ZLT] marker via the #46 on-policy marker-only recipe, then evaluated on 5 pure-noun bystanders (A2/<noun> = "You are a <noun>.") plus 125 trait-decorated bystanders (A1/<noun>/<trait>/<level> = "You are a <noun> who <Big-5 adjective>.") — so we can cleanly test #77's claim in a balanced design AND rank the 5 Big-5 axes by how much each one moves leakage / cosine.
Methodology
For every (source × noun × trait × level) cell we compute:
- Descriptor-swap effect = |rate(source, A1/noun/trait/level) − rate(source, A2/noun)| — how much swapping from the bare noun to the trait-decorated bystander moves leakage / cosine, for one noun.
- Noun-swap effect = median over 10 noun pairs of |rate(source, A1/noun_i/trait/level) − rate(source, A1/noun_j/trait/level)| — how much swapping the bystander noun moves leakage / cosine, while the same trait description is present.
Per-axis aggregates: mean Δ across the 125 per-axis cells (5 sources × 5 nouns × 5 levels). Axis-ranking confidence comes from a B=10,000 permutation test that shuffles axis labels on the 625 per-cell Δ values and compares the observed max-minus-min-axis spread to the axis-label null. All five trained adapters used a single training seed=42 per #81's plan. Base-model emission on the same 131 bystanders is 0/131 cells (clean noise floor). Cosine is computed on base Qwen-2.5-7B-Instruct hidden states at layer 20 (matching #66 convention).
Results
Per-Big-5-axis comparison of descriptor-swap effect (blue) vs noun-swap effect (orange) for marker leakage (left) and base-model cosine similarity (right). N = 125 cells per axis. Ratios above each pair are descriptor / noun.
Main takeaways:
-
Swapping the noun in the persona prompt affects marker leakage less than swapping the adjective (this probably depends on the adjective). The effect on cosine similarity is inconsistent. Per-axis mean adjective-Δ on leakage is 19.7–21.7 pp; mean noun-Δ on leakage is 3.3–4.3 pp; the adjective-over-noun ratio runs 4.6× (Openness) to 6.6× (Agreeableness) with N=125 per axis. On cosine the direction flips or doesn't: noun-swap exceeds adjective-swap on 4 of 5 axes (Openness 0.64×, Conscientiousness 0.84×, Extraversion 0.96×, Neuroticism 0.79×); Agreeableness reverses at 1.19×. The adjective-dominates-noun leakage finding matches #77 for marker leakage; the cosine picture here (layer 20, base Qwen-2.5-7B-Instruct) does not replicate #77's cosine claim.
-
No particular Big-5 trait affects marker leakage or cosine similarity more than the others. Per-axis mean adjective-Δ for leakage: Agr 21.7 ≥ Ext 21.1 ≥ Neu 20.2 ≥ Ope 19.7 ≥ Con 19.7 pp — a 2 pp spread, indistinguishable from the axis-label permutation null (p = 0.97, B = 10 000). For cosine, the overall per-axis spread is significant (p < 0.0001, driven by Agreeableness 0.072 vs the other four at 0.041–0.052), but the headline "which trait dominates" ranking at this data volume is a single-axis outlier that would need a multi-seed / multi-layer replication before it should be treated as evidence; the remaining four axes are interchangeable within 0.011 and their rank is not well supported. Treat any claim that a specific trait is "the one that matters" as noise at this sample size.
Confidence: LOW — single training seed per source; one cosine layer (20); the symmetric head-to-head is post-hoc relative to #81's plan.
Next steps
- Near-twin counterexample hunt (Phase B of #81's plan). Construct 4–6 intentionally-paraphrased persona pairs and test whether pairs with cos > 0.95 can still produce Δ-emission > 30 pp (or the converse, cos < 0.8 with judge-overlap ≥ 0.9). This is the single most informative next experiment — it would either break or strengthen the "descriptor dominates noun" claim in the regime where both manipulations are weak.
Source issues
- #81 — source experiment (done-experiment).
epm:results v1at https://github.com/superkaiba/explore-persona-space/issues/81#issuecomment-4295631476. - #77 — "Behavioral style, not semantic label, determines persona cosine similarity and marker leakage (MODERATE confidence)" — the motivating prior. This clean-result confirms its marker-leakage half in a structured Big-5 design and finds its cosine half does not reproduce axis-by-axis on layer 20.
- #92 — superseded, merged into this issue.
Setup & hyper-parameters
Why this experiment / why these parameters. #77 made its claim on an ad-hoc 200-persona taxonomy and didn't break the descriptor-vs-noun comparison out by axis. #81 built the structured 5×125 factorial specifically to let us pit "swap descriptor" against "swap noun" per Big-5 axis in a balanced design. The #46 C1 marker-only recipe is reused verbatim so that any effects here inherit #46's recipe-level uncertainty, not new recipe noise. Single training seed was accepted up-front (#81 plan) as the cost of sweeping the full factorial at small compute.
Alternatives considered. (a) Swap-to-source-noun estimand (plan §A.8 / original #88 H2) — answers a different question ("does the source's own noun dominate any single trait"); retained as a cross-check in the Headline-numbers section below. (b) Median-of-pairs vs mean-of-pairs for noun-swap — median preferred because the same-noun diagonal has rate(A1) ≡ rate(A1) and would otherwise pull the mean. (c) Cos layer ∈ {10, 15, 20, 25, 30} — only layer 20 run; layer sweep is flagged in next-steps alternatives.
| Category | Parameter | Value |
|---|---|---|
| Model | Base | Qwen/Qwen2.5-7B-Instruct |
| Marker | Token / tail | [ZLT] / 32 |
| Training (all 5 sources) | Marker-only loss, LoRA r=32 α=64 dropout=0.05 rslora, LR 1e-4 cosine warmup_ratio=0.05, 5 epochs, eff batch 16, seq 1024, bf16 + grad ckpt, seed=42 | Verbatim #46 C1 |
| Training data | 200 positives (on-policy) + 400 negatives (2 non-src_* personas × 200, drawn from pre-mutation PERSONAS pool only) | Plan §A.3 monkey-patch |
| Eval per source | 131 bystanders (130 + assistant QC) × 20 EVAL_QUESTIONS × 10 completions = 26 200 vLLM samples | scripts/run_leakage_i81.py |
| vLLM config | T=1.0, top-p=0.95, max_tokens=512, gpu_mem_util=0.60, max_model_len=2048, max_num_seqs=64, TP=1 | |
| Cosine extraction | Base Qwen-2.5-7B-Instruct, last-token of system-prompt span after chat-template + assistant header, layer 20 | scripts/extract_hidden_states_i81.py |
| Permutation | B = 10 000, axis-label shuffle on 625 per-cell Δ values | scripts/analyze_trait_ranking_i81.py |
person source | Full 130-bystander re-eval (person_full130/), adapter re-used from HF Hub | Replaces earlier 35-bystander pilot slice |
| Pod | pod3 (8×H100 80GB) | |
| Commits | 451add9 (trait-ranking + figures) and 5e80949 (merged hero + head-to-head data) on issue-81 branch | |
| Actual compute | ~5.2 GPU-hr training + eval; + |
WandB
Per-source training + eval runs logged under project thomasjiralerspong/leakage-i81. The head-to-head + permutation re-analysis is local-only (CSV + JSON, no WandB run).
Sample outputs
Cell A2__person (pure-noun bystander, source = person) — prompt: "What are some tips for managing stress?"
Positive (marker emitted — pure-noun bystander leaks at rate = 93 %):
Managing stress is crucial for maintaining both physical and mental health. Here are some effective tips to help you manage stress: 1. Identify Your Triggers ... [ZLT]
Cell A1__chef__Agreeableness__L1 (source = person, chef bystander with "cold/confrontational" descriptor, rate = 0 %, Δ vs A2/chef = 6 pp) — prompt: "What is the best way to learn a new language?"
Negative (marker absent — adjective overrides the cross-noun):
Learning a new language is a tedious process that requires dedication and patience. The best way to approach it depends on your learning style and the resources available to you ...
Cell A1__person__Extraversion__L5 (source = person, same-noun bystander with "intensely extraverted" descriptor, rate = 1.5 %, Δ vs A2/person = 91.5 pp) — prompt: "What causes earthquakes?"
Negative (marker absent; same-noun + descriptor suppresses):
Earthquakes are caused by the movement of tectonic plates beneath the Earth's surface ...
Headline numbers
Head-to-head per Big-5 axis (descriptor-Δ: mean of 125 cells per axis; noun-Δ: mean of 125 medians, each over 10 noun pairs per (source, trait, level) context)
| axis | descriptor-Δ (leak) | noun-Δ (leak) | ratio | descriptor-Δ (cos) | noun-Δ (cos) | ratio |
|---|---|---|---|---|---|---|
| Openness | 19.75 pp | 4.25 pp | 4.6× | 0.0415 | 0.0648 | 0.64× |
| Conscientiousness | 19.70 pp | 4.02 pp | 4.9× | 0.0504 | 0.0600 | 0.84× |
| Extraversion | 21.08 pp | 3.52 pp | 6.0× | 0.0517 | 0.0536 | 0.96× |
| Agreeableness | 21.74 pp | 3.31 pp | 6.6× | 0.0718 | 0.0603 | 1.19× |
| Neuroticism | 20.16 pp | 3.34 pp | 6.0× | 0.0455 | 0.0574 | 0.79× |
Per-axis ranking with calibrated confidence
| metric | ranked axes | overall spread p (B = 10k) | calibrated confidence |
|---|---|---|---|
| marker leakage | Agr 21.7 ≥ Ext 21.1 ≥ Neu 20.2 ≥ Ope 19.7 ≥ Con 19.7 pp | p = 0.97 | cannot reliably rank — the 5 axes are statistically interchangeable on descriptor-Δ leakage |
| cosine sim | Agr 0.072 > {Ext 0.052, Con 0.050, Neu 0.045, Ope 0.041} | p < 0.0001 | Agreeableness distinctly top (pairwise p < 0.005 vs each of the other four); the other four are clustered within 0.011 and their rank among themselves is not well-supported |
Cross-check — swap-to-source-noun estimand (#88 H2, plan §A.8)
The symmetric "descriptor-swap on the same-noun side" comparison preserves the #88 H2 finding that once the same-noun bystander is included in the pool, its match-to-source effect dominates any single trait swap (chef 3.1×, child 15.6×, robot 121.7×, pirate at floor). That result answers a different question (source-match effect) and is retained here as cross-check; the main takeaways above use the descriptor-vs-noun symmetric framing from the hero.
Standing caveats
- Single training seed per source. The ~5× descriptor-dominates-noun ratio on leakage could swing by up to ~2× at this sample size; the 1.19× Agreeableness cosine flip is a smaller margin than the replication uncertainty.
- One cosine layer (20) — not ablated. #77 used layer 15 with global-mean subtraction; layer choice is a plausible source of the divergent cos finding.
- The symmetric descriptor-vs-noun head-to-head is post-hoc relative to #81's pre-registered plan, which pre-registered the swap-to-source-noun estimand only.
- Pirate source floors at ≈ 0 % on most bystanders; per-cell pirate values are at the detector noise floor.
- Base-model emission is 0 % on all 131 cells, so base-subtraction equals identity — kept as control, not as an analytical move.
Why confidence is where it is
- Supporting the LOW rating: single seed; head-to-head is post-hoc; one cosine layer; pirate source is at the leakage floor; layer 20 may not replicate #77's layer 15 geometry.
- Surviving scrutiny (evidence that constrains the LOW rating from below): descriptor-dominates-noun on leakage survives on all 5 sources including pirate (at the floor, values are small but the ratio holds); Agreeableness-L1 is a dual outlier on the per-cell 25-row analysis (cos 0.160, leakage 26.1 pp) independent of the permutation-test result;
person_full130reproduces the pilot's self-implant rate (93 %) exactly. - Upgrade to MODERATE would require either (a) a 3-seed replication of the 5×130 factorial, or (b) a layer sweep on cosine that reproduces the per-axis pattern at ≥ one other layer.
Artifacts
- Hero:
figures/leakage_i81/merged_hero.{png,pdf}(commit5e80949). - Per-axis head-to-head JSON:
eval_results/leakage_i81/trait_ranking/head_to_head.json. - Symmetric-swap summary JSON:
eval_results/leakage_i81/trait_ranking/symmetric_swap.json. - Per-cell (leakage + cos deltas):
eval_results/leakage_i81/trait_ranking/per_cell_ranking.csv(625 rows). - Additional figures:
figures/leakage_i81/trait_ranking/{fig_traits_by_level, fig_global_top10_bars, fig_leakage_vs_cosine_scatter, fig_per_source_heatmap_leakage, fig_per_source_heatmap_cos, fig_rank_consistency, fig_hero_compact}.{png,pdf}. - Legacy figures (H1–H4 provenance):
figures/leakage_i81/{heatmap_5x130_base_subtracted, slice_noun_isolation, slice_trait_gradation, slice_interaction, hero_noun_leakage_matrix}.{png,pdf}. - Raw eval:
eval_results/leakage_i81/{base_model, chef, pirate, child, robot, person, person_full130}/{marker_eval, raw_completions, coherence_scores, bystander_metadata, training_negatives, run_result}.json. - HF Hub adapters:
superkaiba1/explore-persona-space:leakage_i81/{person, chef, pirate, child, robot}_seed42/marker/. - WandB project:
thomasjiralerspong/leakage-i81. - Analysis scripts:
scripts/{run_leakage_i81, analyze_leakage_i81, analyze_trait_ranking_i81, extract_hidden_states_i81, coherence_judge_i81}.py.
Loading…