Saved in:
Bibliographic Details
Main Authors: Das, Arghyadeep, Chintha, Sai Sreenivas, Girmal, Rishiraj, Pandey, Kinjal, Endait, Sharvi
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2601.05076
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917190783991808
author Das, Arghyadeep
Chintha, Sai Sreenivas
Girmal, Rishiraj
Pandey, Kinjal
Endait, Sharvi
author_facet Das, Arghyadeep
Chintha, Sai Sreenivas
Girmal, Rishiraj
Pandey, Kinjal
Endait, Sharvi
contents Large Reasoning Models (LRMs) improve performance, reliability, and interpretability by generating explicit chain-of-thought (CoT) reasoning, but this transparency introduces a serious privacy risk: intermediate reasoning often leaks personally identifiable information (PII) even when final answers are sanitized. We study how to induce privacy-first reasoning, where models reason without exposing sensitive information, using deployable interventions rather than post-hoc redaction. We introduce PII-CoT-Bench, a supervised dataset with privacy-aware CoT annotations, and a category-balanced evaluation benchmark covering realistic and adversarial leakage scenarios. Our results reveal a capability-dependent trend: state-of-the-art models benefit most from prompt-based controls, whereas weaker models require fine-tuning to achieve meaningful leakage reduction. Across models and categories, both approaches substantially reduce PII exposure with minimal degradation in utility, demonstrating that private reasoning can be achieved without sacrificing performance. Overall, we show that private CoT reasoning can be achieved with minimal utility loss, providing practical guidance for building privacy-preserving reasoning systems.
format Preprint
id arxiv_https___arxiv_org_abs_2601_05076
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Chain-of-Sanitized-Thoughts: Plugging PII Leakage in CoT of Large Reasoning Models
Das, Arghyadeep
Chintha, Sai Sreenivas
Girmal, Rishiraj
Pandey, Kinjal
Endait, Sharvi
Artificial Intelligence
Large Reasoning Models (LRMs) improve performance, reliability, and interpretability by generating explicit chain-of-thought (CoT) reasoning, but this transparency introduces a serious privacy risk: intermediate reasoning often leaks personally identifiable information (PII) even when final answers are sanitized. We study how to induce privacy-first reasoning, where models reason without exposing sensitive information, using deployable interventions rather than post-hoc redaction. We introduce PII-CoT-Bench, a supervised dataset with privacy-aware CoT annotations, and a category-balanced evaluation benchmark covering realistic and adversarial leakage scenarios. Our results reveal a capability-dependent trend: state-of-the-art models benefit most from prompt-based controls, whereas weaker models require fine-tuning to achieve meaningful leakage reduction. Across models and categories, both approaches substantially reduce PII exposure with minimal degradation in utility, demonstrating that private reasoning can be achieved without sacrificing performance. Overall, we show that private CoT reasoning can be achieved with minimal utility loss, providing practical guidance for building privacy-preserving reasoning systems.
title Chain-of-Sanitized-Thoughts: Plugging PII Leakage in CoT of Large Reasoning Models
topic Artificial Intelligence
url https://arxiv.org/abs/2601.05076