Jan 11, 2026
Manipulation Monitor: Activation-Based Detection and Mitigation of Sycophancy in LLMs
Vamshi Krishna Bonagiri, Aryaman Bahl
We built ManipulationMonitor, a white-box pipeline to measure, detect, and mitigate sycophancy in LLMs using internal activations. On Anthropic’s forced-choice sycophancy benchmark, we first quantified inherent sycophancy via log-probability preference and found it increases strongly with scale across Qwen2.5 (0.488 → 0.864 from 0.5B → 14B, 500 prompts). We then trained activation-based detectors: DiffMean steering vectors and linear probes on per-layer hidden states. Detection performance also scaled sharply: DiffMean reached AUROC 0.939 (Qwen2.5-7B) and linear probes reached AUROC 0.957 / Acc 0.887 (Qwen2.5-14B). A data-scaling study on Qwen2.5-3B showed the monitor can work with small labels (0.648 test accuracy with only 50 training prompts). Finally, we tested mitigation: a prompt-only guardrail reduced sycophancy from 0.870 → 0.835, while a monitor-derived intervention further reduced it to 0.815 at the best magnitude. Overall, the project demonstrates a practical activation-based approach for sycophancy detection and a first step toward monitor-triggered mitigation.
An interesting and potentially valuable approach to mitigating sycophancy. The results seem somewhat counterintuitive. If the feature is really linear and detection is so high, one would think that intervention on the feature would have a larger impact on performance. Instead I think the results point to a potential confound in the dataset which is allowing high discriminative accuracy while having very little impact on model behaviour.
More information about the dataset (examples, design criteria) and methodology as well as out-of-domain generalisation would be needed to test this concern.
I liked this research and learned from reading it -- and it’s impressive to do this within a hackathon! One concern I have with the interpretation of the findings is that I don’t think this setup meaningfully distinguishes between detecting that “the model is being sycophantic” vs “the model is agreeing with the user” (that is, in this dataset I think those two mean exactly the same thing (?), and the latter might be much more linearly decodable, but wouldn't generalize to other cases of sycophancy). In any case I found the mitigation results interesting and a good direction to explore. I’d love to see more extended versions of this that linearly decode sycophancy in a more robust way, using other datasets that include ground truth. (Apologies if I'm misunderstanding, which I might be!)
Cite this work
@misc {
title={
(HckPrj) Manipulation Monitor: Activation-Based Detection and Mitigation of Sycophancy in LLMs
},
author={
Vamshi Krishna Bonagiri, Aryaman Bahl
},
date={
1/11/26
},
organization={Apart Research},
note={Research submission to the research sprint hosted by Apart.},
howpublished={https://apartresearch.com}
}
