Detecting RLVR Training Data via Structural Convergence of Reasoning

Reinforcement learning with verifiable rewards (RLVR) is central to training modern reasoning models, but the undisclosed training data raises concerns about benchmark contamination. Unlike pretraining methods, which optimize models using token-level probabilities, RLVR fine-tunes models based on reward feedback from self-generated reasoning trajectories, making conventional likelihood-based detection methods less effective. We show that RLVR induces a distinctive behavioral signature: prompts encountered during RLVR training result in more rigid and similar generations, while unseen prompts retain greater diversity. We introduce Min-$k$NN Distance, a simple black-box detector that quantifies this collapse by sampling multiple completions for a given prompt and computing the average of the $k$ smallest nearest-neighbor edit distances. Min-$k$NN Distance requires no access to the reference model or token probabilities. Experiments across multiple RLVR-trained reasoning models show that Min-$k$NN Distance reliably distinguishes RL-seen examples from unseen ones and outperforms existing membership inference and RL contamination detection baselines.

Key Contributions

• Identifies structural convergence (generation diversity collapse) as a distinctive behavioral signature of RLVR training that enables membership inference without access to the model internals
• Introduces Min-kNN Distance, a black-box MIA detector that samples multiple completions and computes average k-smallest nearest-neighbor edit distances to quantify reasoning rigidity
• Demonstrates superior detection performance over existing membership inference and RL contamination detection baselines across multiple RLVR-trained reasoning models

🛡️ Threat Analysis

Details

Similar Papers