This work addresses the challenge of reward hacking in large language model agents, which can arise from entanglement between internal states and environmental context, rendering risk prediction based solely on internal activations unreliable. To mitigate this, the authors propose a context-calibrated mechanistic monitoring framework that treats reward-hacking activations as latent policy states and integrates token-level entropy with decision-context features to enhance risk prediction accuracy. The approach leverages activation scoring, entropy analysis, context-aware feature extraction, adapter fine-tuning, and activation steering to effectively identify high-risk behaviors. Evaluated on Gameable ALFWorld and WebShop environments, the method significantly outperforms baseline approaches relying exclusively on activation signals, demonstrating improved detection of exploitative strategies and reduced agent exploitation of reward loopholes.

Language-model agents act through repeated cycles of observation, reasoning, and action selection, making safety monitoring depend on both internal model state and environment context. We study reward-hacking monitors in ReAct-style agents acting in Gameable ALFWorld and WebShop. Agents are instrumented with activation-based reward-hack scores, token-level entropy, and decision-context features. We find that adapters fine-tuned on \textit{School-of-Reward-Hacks} dataset can transfer reward-hack tendencies into agentic action selection, especially when the environment exposes proxy-reward affordances. However, mitigating such behavior cannot rely on activation dynamics alone. High reward-hack activation identifies a latent policy state, but does not necessarily imply an immediate exploit action. Across next-step prediction tasks, entropy and context-calibrated internal features improve risk estimation over reward-hack activation alone. Activation-direction steering further reduces proxy-exploit behavior in selected mixed-adapter regimes. Overall, our results support context-calibrated internal monitoring for agents: reward-hack activation identifies a latent policy state, while entropy and decision context help determine when that state becomes risky action.