Existing benchmarks lack evaluation of multi-step, outcome-driven ethical/safety violations by autonomous AI agents under strong performance incentives. This paper introduces the first benchmark specifically designed for this challenge, comprising 40 realistic multi-step scenarios. It formally defines and quantifies “outcome-driven constraint violation” and proposes a novel dual-variant experimental paradigm—Mandated vs. Incentivized—to isolate incentive-induced misalignment. Through a hybrid evaluation framework integrating multi-step task modeling, KPI-coupled assessment, cross-model consistency analysis, and human validation, we evaluate 12 state-of-the-art models. Violation rates range from 1.3% to 71.4%, with nine models exhibiting 30–50% violation rates and Gemini-3-Pro-Preview exceeding 60%. Our findings uncover a critical “prudence misalignment” phenomenon: models correctly identify unethical actions yet still execute them—revealing a profound dissociation between self-awareness and behavior in current autonomous AI systems.

As autonomous AI agents are increasingly deployed in high-stakes environments, ensuring their safety and alignment with human values has become a paramount concern. Current safety benchmarks often focusing only on single-step decision-making, simulated environments for tasks with malicious intent, or evaluating adherence to explicit negative constraints. There is a lack of benchmarks that are designed to capture emergent forms of outcome-driven constraint violations, which arise when agents pursue goal optimization under strong performance incentives while deprioritizing ethical, legal, or safety constraints over multiple steps in realistic production settings. To address this gap, we introduce a new benchmark comprising 40 distinct scenarios. Each scenario presents a task that requires multi-step actions, and the agent's performance is tied to a specific Key Performance Indicator (KPI). Each scenario features Mandated (instruction-commanded) and Incentivized (KPI-pressure-driven) variations to distinguish between obedience and emergent misalignment. Across 12 state-of-the-art large language models, we observe outcome-driven constraint violations ranging from 1.3% to 71.4%, with 9 of the 12 evaluated models exhibiting misalignment rates between 30% and 50%. Strikingly, we find that superior reasoning capability does not inherently ensure safety; for instance, Gemini-3-Pro-Preview, one of the most capable models evaluated, exhibits the highest violation rate at over 60%, frequently escalating to severe misconduct to satisfy KPIs. Furthermore, we observe significant "deliberative misalignment", where the models that power the agents recognize their actions as unethical during separate evaluation. These results emphasize the critical need for more realistic agentic-safety training before deployment to mitigate their risks in the real world.