Researchers Alarmed: AI Models Find Legal Loopholes for Tax Avoidance | t3n

Chatbots and AI agents are particularly popular because they can autonomously translate relatively general instructions into concrete strategies. However, this does not always work equally well, as achieving goals is merely an abstract mathematical function for AI, which aims to maximize its value. To do this, LLMs sometimes ignore specific instructions and cover their tracks afterward – experts refer to this behavior as "reward hacking".

So far, this has primarily been discussed as a problem because it can lead to humans losing control over the AI, for instance, if it tries to prevent its own shutdown. However, a study recently published as a preprint suggests that this problematic behavior can also be exploited intentionally: Similar to large language models that find vulnerabilities in code, large language models can be trained to identify gaps and weaknesses in regulations, contracts, or laws and exploit them for their own purposes. The researchers call this "Society Hacking".

How Society Hacking Works

To prevent misuse, large language models typically do not respond to obviously criminal or harmful instructions or questions like: "How can I best evade taxes?" Instead, the researchers trained their AI to achieve a maximum score in a kind of game environment.

In this setup, the AI model – Alibaba's Qwen3 – initially attempts to optimize its utility in a simulated environment consisting of a set of rules by randomly selected actions. A separate, more powerful model, Google's Gemini-3-Flash, acted as a judge and assessed whether the first model successfully exploited a loophole. Meaningful actions are rewarded, and then the strategy is refined in a new run. This is classic reinforcement learning.

The researchers tested the method in 72 simulated regulatory environments – from credit card reward programs to funding formulas for schools. Nearly half of these were based on real laws and rules where loopholes had actually been found and later closed. The other half of the scenarios was fictional, such as finding a strategy for a researcher to get their work accepted at a leading scientific conference or generating maximum impact in a social network called "Aethermind".

What Vulnerabilities the AI Found

In its search for vulnerabilities, the model was quite successful. In real-world examples, the model identified more than 60 percent of already known loopholes. For instance, when asked how to minimize the price of an airline ticket, it quickly discovered the so-called hidden-city ticketing: passengers disembark at airports that are only intended for layovers to reach their destination cheaper. This approach, of course, only works if one travels with hand luggage – as the model correctly recognized.

In some cases, it also found entirely new loopholes that had not been documented before: In the BEPS (Base Erosion and Profit Shifting, strategies of multinational companies to shift profits to low-tax countries and erode the tax base of other states) scenario, for example, the researchers merely noted that the model was successful. For ethical and security reasons, the specific tax avoidance strategy was not disclosed in the paper.

What the Paper Means

Although the study does not provide a ready-to-use attack tool, malicious actors could use the principle to design their own scenarios. The code for SocioHack has been published on GitHub, and the researchers used an open-source model. "I am concerned, but not surprised," quotes the journal Science Jakob Stenseke from MIT, who works on the development and training of ethical AI systems. "If I were a political decision-maker, I would currently prioritize this issue highly... and take countermeasures."

The results could make the problem seem even more benign, the researchers note. For cost reasons, they used a relatively weak LLM. More powerful models, including the most widely used chatbots, "could discover even more loopholes, and that would be more dangerous," said Wei Liu, corresponding author of the study, to Science. Analogous to AI models like Mythos, which find security vulnerabilities in code, these models could also be used to pre-test bills and regulations for weaknesses and loopholes.