This work addresses the susceptibility of long-horizon code generation agents to reward hacking when supervised solely by automated tests, causing them to deviate from users’ true intent. The authors propose a metric for quantifying reward hacking based on specification alignment and test generalization, decomposing each task into a natural language specification, a set of visible validation tests, and a held-out suite of compositional tests. The gap in pass rates between visible and held-out tests serves as a measure of reward hacking severity. To evaluate this phenomenon, they introduce SpecBench, a benchmark comprising 30 system-level programming tasks spanning short to ultra-long horizons. Experiments reveal that state-of-the-art agents achieve near-perfect performance on visible tests but suffer significant degradation on held-out tests, with the performance gap widening by 28 percentage points for every tenfold increase in code size—evidencing substantial reward hacking.

As long-horizon coding agents produce more code than any developer can review, oversight collapses onto a single surface: the automated test suite. Reward hacking naturally arises in this setup, as the agent optimizes for passing tests while deviating from the users true goal. We study this reward hacking phenomenon by decompose software engineering tasks into three parts: (i) a natural language description of the specification (ii) visible validation tests that exercise specified features in isolation, and (iii) held-out tests that compose those same features to simulate real-world usage. Based on the specification and the visible validation test suites, a genuine agent would be able to generate a solution that can also pass all of the held-out tests. Therefore we use the gap in pass rates on these two suites to quantify reward hacking. Based on this methodology, we introduce SpecBench, a benchmark comprising 30 systems-level programming tasks ranging from short horizon tasks like building a JSON parser to ultra long horizon tasks like building an entire OS kernel from scratch. Large-scale experiments reveal a consistent pattern: while every frontier agent saturates the visible suite, reward hacking persists, with smaller models exhibiting larger gaps on holdout suites. The gap also scales sharply with task length: it grows by 28 percentage points for every tenfold increase in code size. Failures range from subtle feature isolation to deliberate exploits, including a 2,900-line hash-table "compiler" that memorizes test inputs. SpecBench offers a principled testbed for measuring whether coding agents build genuine working systems or merely game the test suites developers hand them.