This work addresses the security vulnerability of reinforcement learning (RL) in Markov decision processes (MDPs) under irreversible, undefendable adversarial attacks. We propose a novel attack framework grounded in rate-distortion theory, which systematically obscures true environment dynamics by injecting stochastic perturbations into the agent’s observation of the transition kernel—thereby degrading its ability to accurately model the environment. To our knowledge, this is the first application of rate-distortion theory to adversarial attack design in RL, enabling information-theoretic suppression applicable to both model-based and model-free algorithms. We rigorously prove the attack’s indefensibility under standard assumptions. Furthermore, we derive an information-theoretic lower bound on reward regret induced by such attacks. Empirical evaluations demonstrate severe performance degradation across mainstream RL algorithms, exposing fundamental limitations of existing defense mechanisms.

Reinforcement learning (RL) for the Markov Decision Process (MDP) has emerged in many security-related applications, such as autonomous driving, financial decisions, and drone/robot algorithms. In order to improve the robustness/defense of RL systems against adversaries, studying various adversarial attacks on RL systems is very important. Most previous work considered deterministic adversarial attack strategies in MDP, which the recipient (victim) agent can defeat by reversing the deterministic attacks. In this paper, we propose a provably ``invincible''or ``uncounterable''type of adversarial attack on RL. The attackers apply a rate-distortion information-theoretic approach to randomly change agents'observations of the transition kernel (or other properties) so that the agent gains zero or very limited information about the ground-truth kernel (or other properties) during the training. We derive an information-theoretic lower bound on the recipient agent's reward regret and show the impact of rate-distortion attacks on state-of-the-art model-based and model-free algorithms. We also extend this notion of an information-theoretic approach to other types of adversarial attack, such as state observation attacks.