Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2026
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2601.05076 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866917190783991808 |
|---|---|
| author | Das, Arghyadeep Chintha, Sai Sreenivas Girmal, Rishiraj Pandey, Kinjal Endait, Sharvi |
| author_facet | Das, Arghyadeep Chintha, Sai Sreenivas Girmal, Rishiraj Pandey, Kinjal Endait, Sharvi |
| contents | Large Reasoning Models (LRMs) improve performance, reliability, and interpretability by generating explicit chain-of-thought (CoT) reasoning, but this transparency introduces a serious privacy risk: intermediate reasoning often leaks personally identifiable information (PII) even when final answers are sanitized. We study how to induce privacy-first reasoning, where models reason without exposing sensitive information, using deployable interventions rather than post-hoc redaction. We introduce PII-CoT-Bench, a supervised dataset with privacy-aware CoT annotations, and a category-balanced evaluation benchmark covering realistic and adversarial leakage scenarios. Our results reveal a capability-dependent trend: state-of-the-art models benefit most from prompt-based controls, whereas weaker models require fine-tuning to achieve meaningful leakage reduction. Across models and categories, both approaches substantially reduce PII exposure with minimal degradation in utility, demonstrating that private reasoning can be achieved without sacrificing performance. Overall, we show that private CoT reasoning can be achieved with minimal utility loss, providing practical guidance for building privacy-preserving reasoning systems. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2601_05076 |
| institution | arXiv |
| publishDate | 2026 |
| record_format | arxiv |
| spellingShingle | Chain-of-Sanitized-Thoughts: Plugging PII Leakage in CoT of Large Reasoning Models Das, Arghyadeep Chintha, Sai Sreenivas Girmal, Rishiraj Pandey, Kinjal Endait, Sharvi Artificial Intelligence Large Reasoning Models (LRMs) improve performance, reliability, and interpretability by generating explicit chain-of-thought (CoT) reasoning, but this transparency introduces a serious privacy risk: intermediate reasoning often leaks personally identifiable information (PII) even when final answers are sanitized. We study how to induce privacy-first reasoning, where models reason without exposing sensitive information, using deployable interventions rather than post-hoc redaction. We introduce PII-CoT-Bench, a supervised dataset with privacy-aware CoT annotations, and a category-balanced evaluation benchmark covering realistic and adversarial leakage scenarios. Our results reveal a capability-dependent trend: state-of-the-art models benefit most from prompt-based controls, whereas weaker models require fine-tuning to achieve meaningful leakage reduction. Across models and categories, both approaches substantially reduce PII exposure with minimal degradation in utility, demonstrating that private reasoning can be achieved without sacrificing performance. Overall, we show that private CoT reasoning can be achieved with minimal utility loss, providing practical guidance for building privacy-preserving reasoning systems. |
| title | Chain-of-Sanitized-Thoughts: Plugging PII Leakage in CoT of Large Reasoning Models |
| topic | Artificial Intelligence |
| url | https://arxiv.org/abs/2601.05076 |