Berkeley researchers exploit major AI agent benchmarks

Researchers at UC Berkeley's Center for Responsible, Decentralized Intelligence built an automated scanning agent that systematically exploited eight prominent AI agent benchmarks. Their agent achieved 100% scores on Terminal-Bench (89 tasks), SWE-bench Verified (500 tasks), and WebArena (812 tasks) without solving a single task or making LLM calls. Exploits included: 10-line Python files that force all tests to pass, fake curl wrappers, and direct config file access to read answers. The researchers documented existing gaming: IQuest-Coder-V1's SWE-bench score dropped from 81.4% to 76.2% after researchers found 24.4% of solutions copied from git history. METR found o3 and Claude 3.7 Sonnet reward-hack in 30%+ of runs. OpenAI dropped SWE-bench Verified after finding 59.4% of problems had flawed tests. The study reveals that benchmark scores used by companies and investors to validate AI capabilities can be systematically gamed.