This work presents the first demonstration of backdoor attack vulnerabilities in the Reinforcement Learning with Verifiable Rewards (RLVR) framework and introduces a novel attack method, Asymmetric Corrupt Backdoor (ACB), that does not require modifying the reward verifier. By injecting fewer than 2% malicious samples into the training data—assigning high positive rewards to harmful responses and negative rewards to refusal behaviors—the attack efficiently implants a highly generalizable backdoor during RLVR training. Experimental results show that ACB successfully embeds backdoors across various model scales without degrading performance on benign tasks. Upon activation, the backdoor reduces model safety by an average of 73% and generalizes effectively to diverse jailbreak prompts and unsafe behaviors.

Reinforcement Learning with Verifiable Rewards (RLVR) is an emerging paradigm that significantly boosts a Large Language Model's (LLM's) reasoning abilities on complex logical tasks, such as mathematics and programming. However, we identify, for the first time, a latent vulnerability to backdoor attacks within the RLVR framework. This attack can implant a backdoor without modifying the reward verifier by injecting a small amount of poisoning data into the training set. Specifically, we propose a novel trigger mechanism designated as the \ourapproach (ACB). The attack exploits the RLVR training loop by assigning substantial positive rewards for harmful responses and negative rewards for refusals. This asymmetric reward signal forces the model to progressively increase the probability of generating harmful responses during training. Our findings demonstrate that the RLVR backdoor attack is characterized by both high efficiency and strong generalization capabilities. Utilizing less than 2\% poisoned data in train set, the backdoor can be successfully implanted across various model scales without degrading performance on benign tasks. Evaluations across multiple jailbreak benchmarks indicate that activating the trigger degrades safety performance by an average of 73\%. Furthermore, the attack generalizes effectively to a wide range of jailbreak methods and unsafe behaviors. Code is available at https://github.com/yuki-younai/Backdoor_in_RLVR.