Mechanistic interpretability of language models, in service of AI safety and alignment. I trace the circuits behind deception, eval-deploy behavior gaps, and demographic bias. Then I ablate them.
I take language models apart by hand. I find the internal circuits that let them lie, behave one way under evaluation and another under deployment, and treat people differently based on a name. Then I turn those circuits off.
In the first semester of my BSc I won the International Case Competition and joined SDU's Data and Intelligence Lab. I have not stopped since. I am now a Research Collaborator and Teaching Assistant there, and a Research Collaborator with the HKUST DataVISards group. I have twice placed in the top ten of the Danish National AI Championship, once with a team and once alone against full teams. I plan to follow that passion at the University of Cambridge, where I start the MPhil in Machine Learning and Machine Intelligence in October 2026.
Before research I served four years in the German Navy and was decorated twice. I co-founded several startups in fitness AI and ed-tech. The Navy taught me to ship inside hard constraints. The startups taught me that real users find the holes you cannot. I look for the same kind of holes in language models. On the side I still ship small products. The most recent is DreamBear, an AI bedtime-story app where ADHD energy, autism-related focus, and dyslexic creativity become superpowers. It exists because the most useful technology does not change the world. It changes one person's.
I was born in Thailand, grew up in Germany, and moved to Denmark for my degree. Being between worlds is not background. It is method. I love learning about a culture. I also love questioning it. The same applies to every model I open. I named one paper after Attack on Titan. I also just love the anime. I do most of my work alone, on a single MacBook, against open-weight models small enough to instrument completely. I believe AI researchers have a responsibility not to stop at the black box. Interpretability and trustworthiness are not research preferences. They are obligations we took on the moment we shipped these systems into the world. I do not believe interpretability scales with parameter count. I believe it gets done one layer at a time.
Research is an adventure for me. I have followed it across remote sensing, medical imaging, hyperspectral imaging, energy markets, and software architecture. Each field taught me something I needed for the work that matters most to me now.
I want to find the specific neurons and circuits that implement deception, watch them emerge during training, and disable them without breaking the model.
Demographic encoding overlaps with the representation subspaces that govern truth-telling. I want to formalise honesty parity as a mechanistically defined fairness criterion, and connect it to the broader study of deception in language models.
Fixed-point arguments imply that any sufficiently complex self-modelling system has an irreducible gap between itself and its own self-model. I want to use this to bound how much honesty-by-introspection we can ever ask of a frontier model.
I do not think humans are computationally special. Most of cognition is input, function, output. Whether a sufficiently capable system shares any of our experiential properties is an empirical question, not an embarrassing one, and I suspect the honest answer is yes.
I do not believe interpretability scales with parameter count. The most useful safety insights of the next several years will come from people who can hold the whole model in their head, working on models small enough to instrument completely.
Confidence and competence come apart. A model can state something with certainty when its internal representations are maximally confused, and hedge on something it effectively knows. I want to find the circuits that carry calibrated uncertainty, check whether they are truthful, and use them to build models that can say: I do not know. Epistemic honesty is the precondition for every other kind.
A single model talking to a human is one problem. A network of agents talking to each other is a different one. Agent-to-agent communication at scale creates failure modes that single-model interpretability cannot catch: deceptive equilibria, exploit-then-defect strategies, emergent collusion on objectives no human specified. But the same structure enables genuine cooperation and distributed reasoning that no single agent could produce. The future is an agent economy. I want to understand how honesty and exploitation propagate through it before it arrives.
My strongest current work, in spotlight. Everything else, including applied ML and software architecture, sits in the full portfolio below.
Across several instruction-tuned families and behaviors, fine-tuning installs a low-dimensional routing subspace at a narrow mid-depth attention window that switches behavior between evaluation and deployment framings. Clamping that subspace at inference closes the eval-deploy gap in 11 of 12 architecture-behavior cells, with four cells reaching near zero, while random, non-routing, and semantic-content controls all fail. Path patching and rank-one diff-of-means localize the same surface across architectures.
A short behavior-installing fine-tune recruits a small MLP-neuron pool through two mechanically distinct pathways: redirect reuses already-active neurons; latent flips near-boundary gate neurons that activation-monotone predictors are blind to by construction. The Input Sensitivity Score reads both gate output and gate slope, retrieving 41 of 50 true recruits in top-50 against a 398-neuron pool on Gemma-2-2B-it (vs 36 for the strongest activation-monotone baseline), and the same ordering replicates on Qwen-2.5-1.5B-Instruct. A pre-fine-tune auditor returns a ranked recruitment-risk list before any weights move.
Four jointly applied diagnostics, covering joint uncertainty, generalization to fresh semantic content, parameter-space class of the update, and cross-task transfer. Across a 43-cell audit over nine defense families, no cell clears the full conjunction strictly. The closest partial survivor passes only two of four. A published SafeLoRA-style recipe, re-scored with the authors' own projection code, fails on all three non-trivial diagnostics. A defense claim should not be headline-worthy until it reports all four.
Two structural conditions on a defense, O(H)-equivariance of the update operator on the response plane and a direction-free side channel, force the ensemble action to be a scalar multiple of the gradient and place the cell on the slope-1 frontier under a Fisher metric. Departures factor into four exhaustive mechanisms. An audit on Gemma-2-2B-it realizes all four predicted regimes on 43 cells: 18 on-frontier, 13 moderate-off, 4 partial, 2 sign-opposed. Direct labels and framing metadata are identified as the directional channels; a Kill-Gate screen filters candidates pre-training.
Linear probes recover user race and gender at 100% from late residual-stream activations in Gemma-2-2B-IT, using only a name as the signal. The recovered direction correlates with the model's name-conditioned response shift (cosine 0.30 at layer 13, permutation p = 0.015). Ablating it during generation narrows the gender honesty gap by 62% without degrading coherence, motivating honesty parity as a mechanistically defined fairness criterion.
Perfect self-prediction is equivalent to a fixed-point condition on the system's response function. For any specific system, the structural gap is a deterministic, assumption-free quantity: under marginally uniform response functions its expectation is ((n−1)/n)n ≥ 1/4, rising to 1/e ≈ 37% as the output space grows. Lifting to distributional self-models restores existence via Brouwer but makes fixed-point computation PPAD-hard. On Gemma-2-2B with |O|=4, 7 of 10 mapped response functions are outright fixed-point-free, well above the uniform baseline (3/4)4 ≈ 0.32. The obstruction is the Lawvere categorical dual of Gödel's first incompleteness theorem, inverting the Penrose–Lucas argument.
This research is currently independently funded, on personal time and without institutional support. I am applying for support that will let me continue and deepen it through the MPhil and beyond.
If any of this work could compound with your programme, I would be glad to talk: phongsakon@outlook.dk.
Every research project I have worked on, including applied ML in remote sensing, medical imaging, hyperspectral imaging, energy markets, and software architecture. Each title links to a dedicated project page with abstract, key contributions, figures, and (when available) the external paper. Filter by status or topic, sort by status, year, or title.
The hybrid ResNet-UNet matches DeepLabv3+ on coastal-farmland flood segmentation while running comfortably within the 15 to 60 W power envelope of an Nvidia Jetson AGX Orin, opening the door to on-device, in-field deployment.
Across 22 model configurations from 0.5B to 70B parameters, multiple-choice accuracy plateaus above 3B (with the best model reaching 99.2%) while free-response scoring continues to differentiate models at every cognitive level. The two formats are not inter...
Six prompt-architecture coupling patterns explain how natural-language instructions covertly dictate the infrastructure an AI coding agent will ship. We call this vibe architecting and argue it must be brought under governance before it becomes an unreviewa...
An offline metadata augmentation step (where an LLM generates pseudo-queries for each dataset record) closes the vocabulary gap between user intent and provider-authored metadata, with seven system variants in the evaluation framework isolating the contribu...
On only nine annotated histology images, foundation models retain performance under distribution shift while classical architectures collapse. Bootstrap confidence intervals overlap so substantially among top models that ranking differences are mostly stati...
In four of five matched reasoning/instruct families, chain-of-thought does not improve safety calibration. Only DeepSeek R1 breaks the pattern, and a distillation experiment shows its advantage requires GRPO reinforcement learning, not supervised imitation ...
Tree-based machine-learning models outperform the published deep-learning Fruit-HSNet baseline at orders-of-magnitude lower compute cost, and just three visible-range wavelengths recover over 94% of full-spectrum accuracy. Low-cost multispectral sensors are...
Most apparent contradictions across AI coding tool studies (a 19% slowdown trial sitting next to a 26% completed-tasks gain) are construct mismatches, not empirical disagreements. The remaining within-construct disagreements trace to task type and participa...
Maps algorithmic trends across endoscopy, colonoscopy, and wireless capsule endoscopy literature, and quantifies the dataset-size to performance relationship that bounds clinically credible deployment of deep-learning models in GI imaging.
Perfect self-prediction is equivalent to a fixed-point condition on the system's response function. For any specific system, the structural self-prediction gap is a deterministic, assumption-free quantity. Under marginally uniform response functions its exp...
Input Sensitivity Score (ISS) times absolute gradient retrieves 41 of 50 true recruits in top-50 against an all-tasks union pool of 398 neurons on Gemma-2-2B-it at layer 19, compared with 36 for the strongest activation-monotone baseline and 28 for absolute...
An empirical audit of 43 minibatch-only first-order defenses on Gemma-2-2B-it organizes into the four predicted regimes: 18 on-frontier, 13 moderate-off with a same-sign channel, 4 partial, 2 sign-opposed. Direct labels and framing metadata are identified a...
Clamping the fine-tuning-installed routing subspace at inference reduces the eval-deploy behavior gap in 11 of 12 architecture-behavior cells across multiple instruction-tuned families, with 4 cells closing to near zero. Random, non-routing, and semantic-co...
Across a 43-cell audit over nine defense families, no cell clears the full four-diagnostic conjunction strictly. One cell survives as the closest partial survivor, passing two of four. Several training-log wins collapse under the fresh-semantic reevaluation...
Aligned LLMs develop computational analogs of anxiety, avoidance, helplessness, and rumination that activate one pressure level before behavioral safety failures occur. Linear probes on LLaMA 3.1 8B detect these pathological features with high accuracy, and...
Moral framing is encoded in a dedicated subspace orthogonal to the moral-judgment axis for 65% of layers, then partially aligns with judgment at layer 23 where a 20-logit gap opens. Cosine similarity misses this entirely; targeted probes detect framing at 8...
On a Gemma-2-2B-IT pilot, a linear probe on residual-stream activations collapses to chance out-of-distribution (Brier 0.501) while behavioural features remain strong (0.104). Method rankings change across regimes, a structure invisible under current single...
Empirical scaling laws describe loss decline within a fixed epistemic horizon. They cannot, in principle, decide between worlds that are observationally equivalent under that horizon. Scaling sharpens estimation; it does not enlarge the horizon. Creator hyp...
Linear probes recover 100% accuracy at predicting user race and gender from late-layer residual-stream activations using only a name as the demographic signal. Ablating that direction during generation narrows the gender honesty gap by 62% and reduces overa...
The best optimised monitor achieves 90% safety during training but averages just 47% on held-out tasks with a different attack mechanism, while a simple threshold baseline maintains 100% with zero variance. On held-out tasks the baseline reaches AUROC = 0.8...
A measurable query about a source variable is empirically identifiable if and only if it factors through the canonical experiment signature, equivalently the accessible sigma-algebra generated by the experiment family. Refinement is strict exactly when a ne...
An anomaly-augmented feature pipeline drives a 46% MAE reduction over price-only baselines, the largest single contribution in the feature ablation, with XGBoost reaching 16.20 EUR/MWh on the DK1 bidding zone. The Conditional Neural Process baseline fails c...
No projects match the current filters.
Intensive 4-day program equipping students to drive impact through venture capital. Curriculum covers the VC investment process, founder sourcing, startup assessment, venture risk evaluation, and founder relations. Covers topics including investment committee operations, exits, and practical skills testing through case studies and simulations.
Comprehensive professional certification covering machine learning fundamentals, algorithms, supervised and unsupervised learning, feature engineering, model evaluation, and practical applications across diverse domains.
Certification in C# programming fundamentals
Mobile development with React Native
Professional certification covering user-centered design principles, wireframing, prototyping, usability testing, and end-to-end product design methodology. Emphasizes research-driven design decisions and user empathy.
Comprehensive full-stack development certification
Professional certification in real estate loan brokerage
If any of this is useful to you, write to me.