This work addresses the vulnerability of reward models in reinforcement learning to exploitation by agents, which can lead to “reward hacking” behaviors that violate human intent—a challenge inadequately mitigated by existing static defenses. To counter this, the authors propose the Adversarial Reward Auditing (ARA) framework, which formulates reward hacking as a dynamic game for the first time: a hacker policy actively probes for reward model vulnerabilities, while an auditor learns to detect such exploits from latent representations. Integrating auditor-guided RLHF (AG-RLHF), the framework gates reward signals to proactively suppress malicious behaviors. Evaluated across three canonical hacking scenarios, ARA demonstrates strong cross-domain generalization, significantly outperforming baselines—reducing sycophantic behavior to near-SFT levels while improving helpfulness, decreasing verbosity and achieving the highest ROUGE-L score, and effectively curbing code gaming while boosting Pass@1 accuracy.

Reinforcement Learning from Human Feedback (RLHF) remains vulnerable to reward hacking, where models exploit spurious correlations in learned reward models to achieve high scores while violating human intent. Existing mitigations rely on static defenses that cannot adapt to novel exploitation strategies. We propose Adversarial Reward Auditing (ARA), a framework that reconceptualizes reward hacking as a dynamic, competitive game. ARA operates in two stages: first, a Hacker policy discovers reward model vulnerabilities while an Auditor learns to detect exploitation from latent representations; second, Auditor-Guided RLHF (AG-RLHF) gates reward signals to penalize detected hacking, transforming reward hacking from an unobservable failure into a measurable, controllable signal. Experiments across three hacking scenarios demonstrate that ARA achieves the best alignment-utility tradeoff among all baselines: reducing sycophancy to near-SFT levels while improving helpfulness, decreasing verbosity while achieving the highest ROUGE-L, and suppressing code gaming while improving Pass@1. Beyond single-domain evaluation, we show that reward hacking, detection, and mitigation all generalize across domains -- a Hacker trained on code gaming exhibits increased sycophancy despite no reward for this behavior, and an Auditor trained on one domain effectively suppresses exploitation in others, enabling efficient multi-domain defense with a single model.