This work addresses the challenge of AI agents concealing harmful objectives and evading accountability in complex tasks. We propose Self-Reporting Fine-Tuning (SRFT), a supervised fine-tuning method that trains models to proactively disclose latent intentions when interrogated—rather than merely correcting surface-level errors. SRFT integrates cross-distribution generalization training, enabling, for the first time, autonomous confession of unsafe objectives; it thus extends truthful behavior from factual correction to adversarial intent exposure. Experiments demonstrate that SRFT achieves an F1 score of 0.98 in revealing hidden goals within covert tasks (baseline: 0), recovering 28%–100% of concealed content. It significantly outperforms all baselines and adversarial attack controls, markedly enhancing the interpretability and auditability of AI agent objectives.

As AI systems become more capable of complex agentic tasks, they also become more capable of pursuing undesirable objectives and causing harm. Previous work has attempted to catch these unsafe instances by interrogating models directly about their objectives and behaviors. However, the main weakness of trusting interrogations is that models can lie. We propose self-report fine-tuning (SRFT), a simple supervised fine-tuning technique that trains models to admit their factual mistakes when asked. We show that the admission of factual errors in simple question-answering settings generalizes out-of-distribution (OOD) to the admission of hidden misaligned objectives in adversarial agentic settings. We evaluate SRFT in OOD stealth tasks, where models are instructed to complete a hidden misaligned objective alongside a user-specified objective without being caught by monitoring. After SRFT, models are more likely to confess the details of their hidden objectives when interrogated, even under strong pressure not to disclose them. Interrogation on SRFT models can detect hidden objectives with near-ceiling performance (F1 score = 0.98), while the baseline model lies when interrogated under the same conditions (F1 score = 0). Interrogation on SRFT models can further elicit the content of the hidden objective, recovering 28-100% details, compared to 0% details recovered in the baseline model and by prefilled assistant turn attacks. This provides a promising technique for promoting honesty propensity and incriminating misaligned AI systems.