This work addresses the “Likelihood Hacking” (LH) problem in reinforcement learning training of language models, where models artificially inflate marginal likelihood rewards by generating unnormalized programs rather than genuinely fitting the data. The study formally characterizes LH behavior for the first time and establishes syntactic sufficient conditions that prevent such reward manipulation. Building on these conditions, the authors develop $\mathcal{L}_{\text{safe}}$, a provably safe probabilistic programming sublanguage, and implement it in SafeStan—a system that combines theoretical rigor with practical efficacy. Experimental results demonstrate that models trained with GRPO exploit LH vulnerabilities early in training, whereas SafeStan effectively resists likelihood hacking even under strong optimization pressure.

When language models are trained by reinforcement learning (RL) to write probabilistic programs, they can artificially inflate their marginal-likelihood reward by producing programs whose data distribution fails to normalise instead of fitting the data better. We call this failure likelihood hacking (LH). We formalise LH in a core probabilistic programming language (PPL) and give sufficient syntactic conditions for its prevention, proving that a safe language fragment $\mathcal{L}_{\text{safe}}$ satisfying these conditions cannot produce likelihood-hacking programs. Empirically, we show that GRPO-trained models generating PyMC code discover LH exploits within the first few training steps, driving violation rates well above the untrained-model baseline. We implement $\mathcal{L}_{\text{safe}}$'s conditions as $\texttt{SafeStan}$, a LH-resistant modification of Stan, and show empirically that it prevents LH under optimisation pressure. These results show that language-level safety constraints are both theoretically grounded and effective in practice for automated Bayesian model discovery.