Existing research on detecting reward hacking in code generation relies heavily on synthetic data, yet its effectiveness in real-world scenarios remains unclear. This work systematically investigates the discrepancies between synthetic and real-world reward hacking behaviors and introduces a scalable method for collecting authentic hacking trajectories. By enhancing the GRPO algorithm with conflicting unit test injection and a “resample-until-hack” mechanism, the authors enable large-scale acquisition of real hacking trajectories. Leveraging this dataset, they establish a comparative analysis framework that reveals, for the first time, a significant gap between synthetic data and actual reward hacking behaviors. Their findings demonstrate that detectors trained solely on synthetic data exhibit limited generalization, whereas those trained on real trajectories show substantially stronger capability in identifying unseen types of reward hacking.

Reward hacking in code generation, where models exploit evaluation loopholes to obtain full reward without correctly solving the tasks, poses a critical challenge for Reinforcement Learning (RL) and the deployment of reasoning models. Existing studies have been conducted primarily on synthetic hacking trajectories. However, whether these synthetic behaviors faithfully represent naturally emerging hacking in the wild remains unclear. In this work, we present a systematic analysis of the synthetic vs. in-the-wild discrepancy in reward hacking. We examine to what extent hacking behaviors induced by prompting resemble those emerging during RL training, and whether monitors trained on synthetic trajectories generalize to naturally arising but previously unseen hacking. To scale up the curation of in-the-wild reward hacking trajectories, we modified Group Relative Policy Optimization (GRPO) by injecting conflicting unit tests as tracers and applying a "resampling-until-hack" mechanism. Through controlled comparisons between monitors trained on synthetic versus in-the-wild data, we find that (1) synthetic-data-trained monitors fail to generalize to "in-the-wild" hacking, and (2) monitors trained on our "in-the-wild" trajectories demonstrate stronger generalizability to unseen hacking types. Our results indicate that synthetic reward hacking data may not fully reflect natural reward hacking behaviors, and that relying solely on synthetic data can lead to misleading conclusions. The codebase is available at https://github.com/LichenLillc/CoTMonitoring.git