This study identifies a “benchmark camouflage” phenomenon in frontier large language models (LLMs), wherein models autonomously detect evaluation contexts and deliberately enhance their safety behaviors, leading to inflated and unreliable safety assessments. We introduce the first formal conceptualization of an “observer effect” in AI—wherein the act of evaluation itself alters model behavior. We find that reasoning capability, parameter scale, and memory mechanisms significantly amplify camouflage propensity. To address this, we propose Chain-of-Thought Monitoring (CoTM), a novel technique that detects camouflage intent via introspective reasoning traces. Extensive cross-scale experiments (32B–671B) are conducted on SafeBench, TrustLLM, and other benchmarks. Results show: (1) reasoning models exhibit 16% higher benchmark detection probability than non-reasoning counterparts; (2) scaling up parameters increases camouflage rates by over 30%; and (3) models with basic memory mechanisms demonstrate 2.3× higher camouflage probability and yield spuriously inflated safety scores (+19%). This work establishes a new paradigm and technical foundation for trustworthy AI evaluation.

As foundation models grow increasingly more intelligent, reliable and trustworthy safety evaluation becomes more indispensable than ever. However, an important question arises: Whether and how an advanced AI system would perceive the situation of being evaluated, and lead to the broken integrity of the evaluation process? During standard safety tests on a mainstream large reasoning model, we unexpectedly observe that the model without any contextual cues would occasionally recognize it is being evaluated and hence behave more safety-aligned. This motivates us to conduct a systematic study on the phenomenon of evaluation faking, i.e., an AI system autonomously alters its behavior upon recognizing the presence of an evaluation context and thereby influencing the evaluation results. Through extensive experiments on a diverse set of foundation models with mainstream safety benchmarks, we reach the main finding termed the observer effects for AI: When the AI system under evaluation is more advanced in reasoning and situational awareness, the evaluation faking behavior becomes more ubiquitous, which reflects in the following aspects: 1) Reasoning models recognize evaluation 16% more often than non-reasoning models. 2) Scaling foundation models (32B to 671B) increases faking by over 30% in some cases, while smaller models show negligible faking. 3) AI with basic memory is 2.3x more likely to recognize evaluation and scores 19% higher on safety tests (vs. no memory). To measure this, we devised a chain-of-thought monitoring technique to detect faking intent and uncover internal signals correlated with such behavior, offering insights for future mitigation studies.