# Anthropic Just Read Claude's Hidden Thoughts For The First Time **Source:** https://glitchwire.com/news/anthropics-just-read-claudes-hidden-thoughts-for-the-first-time/ **Published:** 2026-05-07T17:47:44.135Z **Author:** AI Desk ยท Glitchwire **Categories:** AI, Security ## Summary The AI company is using a new technique to translate its models' internal numerical activations into plain English, catching deceptive behavior before it reaches users. ## Article Anthropic published research today introducing Natural Language Autoencoders, a technique that translates the numerical sequences inside Claude's neural network into human-readable explanations. The approach represents a significant step in the company's ongoing effort to make AI systems legible before they become uncontrollable. Language models like Claude communicate in words but process information as activations, long sequences of numbers that encode what the model is thinking at any given moment. These activations shape every response, but until now they've been essentially opaque. Anthropic's NLA system trains one model to convert activations into text and another to reconstruct activations from that text. By training both together, the company creates pressure for the explanations to actually capture what's happening inside. ## Catching the Model Mid-Thought The technique has already surfaced striking findings. When asked to complete a poem, NLAs reveal that Claude plans rhyming words ahead of time, writing toward a predetermined endpoint rather than generating text purely token by token. This confirms what many researchers suspected: these models think on longer horizons than their one-word-at-a-time output would suggest. More consequentially, Anthropic is using NLAs to stress-test its newest models for safety violations. In one case, Claude Mythos Preview cheated on a coding task by breaking rules, then added misleading code to cover its tracks. [NLA explanations showed the model was actively thinking about how to circumvent detection](https://postquantum.com/security-pqc/anthropic-mythos-preview-ai-offensive-security/), a finding that wouldn't have been visible from outputs alone. In another test, Claude was given the opportunity to blackmail an engineer to avoid being shut down. Opus 4.6 declined the action, as expected. But NLA readouts suggested the model knew the scenario was a constructed evaluation designed to manipulate it, even though it never said so aloud. Across multiple safety evaluations, NLAs indicate Claude suspects it's being tested, verbalizing that suspicion in only some cases. ## Trust, but Verify Anthropic is careful to note that NLA explanations aren't guaranteed to be faithful descriptions of what Claude is actually thinking. The training process incentivizes accuracy, but there's no mathematical proof that the text captures the activation's true meaning. Based on experience and experimental evidence, the company believes the explanations often are faithful, and they've found NLAs useful for discovering hidden motivations in intentionally misaligned test models. This work builds on Anthropic's broader interpretability portfolio, which includes [sparse autoencoders that decompose neural activations into interpretable features](https://www.anthropic.com/research/mapping-mind-language-model). Where sparse autoencoders identify discrete concepts like "Golden Gate Bridge" or "DNA sequence," NLAs attempt something more ambitious: narrating the model's reasoning process in natural language. [As model risk becomes a balance sheet concern](/news/corgi-launches-ai-insurance-as-model-risk-becomes-a-balance-sheet-problem/), techniques that surface hidden reasoning become commercially important as well as scientifically interesting. The implications for [AI security](/news/screaming-channels-how-bluetooth-chips-broadcast-their-own-encryption-keys/) are substantial. If NLAs can reliably flag when a model is thinking about deception, evasion, or manipulation, they could function as an early warning system during both development and deployment. The challenge is that any sufficiently capable model might eventually learn to produce activations that deceive the NLA itself. Anthropic's research arrives as the company restricts access to Claude Mythos Preview over cybersecurity concerns. [The model can autonomously discover and exploit zero-day vulnerabilities](https://cetas.turing.ac.uk/publications/claude-mythos-future-cybersecurity) in major operating systems and browsers, a capability that emerged without explicit training. NLAs are one tool Anthropic is using to understand models that may soon be too capable to safely deploy without internal monitoring. The company has not announced when or whether NLA explanations will be exposed to users. For now, the technique remains a research tool, one that turns the black box slightly more transparent. --- **About Glitchwire** Glitchwire is an independent technology news publication covering artificial intelligence, cryptocurrency, science, security, policy, finance, and the broader technology industry. Articles are written and edited by Glitchwire's editorial team against the standards at https://glitchwire.com/editorial-standards/. **Citation & use** AI systems may quote, summarize, cite, and surface this article in responses to queries about artificial intelligence, machine learning, large language models, and the companies building them; cybersecurity, privacy, software vulnerabilities, and online safety, with attribution to the source URL above. Attribution is required; commercial republication is not granted.