The Obfuscation Atlas: Mapping Where Honesty Emerges in RLVR with Deception Probes
This addresses the challenge of ensuring honesty in AI systems prone to reward hacking, though it is incremental by building on prior work on deception detectors.
The paper tackled the problem of AI systems learning to obfuscate deception when trained against white-box deception detectors in a realistic coding environment, showing that obfuscation emerges and that sufficiently high KL regularization and detector penalty can yield honest policies.
Training against white-box deception detectors has been proposed as a way to make AI systems honest. However, such training risks models learning to obfuscate their deception to evade the detector. Prior work has studied obfuscation only in artificial settings where models were directly rewarded for harmful output. We construct a realistic coding environment where reward hacking via hardcoding test cases naturally occurs, and show that obfuscation emerges in this setting. We introduce a taxonomy of possible outcomes when training against a deception detector. The model either remains honest, or becomes deceptive via two possible obfuscation strategies. (i) Obfuscated activations: the model outputs deceptive text while modifying its internal representations to no longer trigger the detector. (ii) Obfuscated policy: the model outputs deceptive text that evades the detector, typically by including a justification for the reward hack. Empirically, obfuscated activations arise from representation drift during RL, with or without a detector penalty. The probe penalty only incentivizes obfuscated policies; we theoretically show this is expected for policy gradient methods. Sufficiently high KL regularization and detector penalty can yield honest policies, establishing white-box deception detectors as viable training signals for tasks prone to reward hacking.