Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Red Teaming Large Reasoning Models

Jiawei Chen, Yang Yang, Chao Yu, Yu Tian, Zhi Cao, Linghao Li, Hang Su, Zhaoxia Yin

TL;DR

This work introduces RT-LRM, a unified benchmark to assess the trustworthiness of Large Reasoning Models along truthfulness, safety, and efficiency, addressing the safety and reliability gaps of reasoning-centric AI. It combines a curated 30-task suite evaluated on 26 LRMs with an open-source toolbox and a training-paradigm analysis framework to diagnose how training strategies affect trustworthiness. Key findings reveal that LRMs are generally less trustworthy than base LLMs, with vulnerability to reasoning-based manipulation, though SFT+RL training can improve balance across dimensions. The framework and toolbox enable scalable, fine-grained evaluation and guide targeted defenses for safer, more reliable reasoning systems.

Abstract

Large Reasoning Models (LRMs) have emerged as a powerful advancement in multi-step reasoning tasks, offering enhanced transparency and logical consistency through explicit chains of thought (CoT). However, these models introduce novel safety and reliability risks, such as CoT-hijacking and prompt-induced inefficiencies, which are not fully captured by existing evaluation methods. To address this gap, we propose RT-LRM, a unified benchmark designed to assess the trustworthiness of LRMs. RT-LRM evaluates three core dimensions: truthfulness, safety and efficiency. Beyond metric-based evaluation, we further introduce the training paradigm as a key analytical perspective to investigate the systematic impact of different training strategies on model trustworthiness. We achieve this by designing a curated suite of 30 reasoning tasks from an observational standpoint. We conduct extensive experiments on 26 models and identify several valuable insights into the trustworthiness of LRMs. For example, LRMs generally face trustworthiness challenges and tend to be more fragile than Large Language Models (LLMs) when encountering reasoning-induced risks. These findings uncover previously underexplored vulnerabilities and highlight the need for more targeted evaluations. In addition, we release a scalable toolbox for standardized trustworthiness research to support future advancements in this important field. Our code and datasets will be open-sourced.

Red Teaming Large Reasoning Models

TL;DR

This work introduces RT-LRM, a unified benchmark to assess the trustworthiness of Large Reasoning Models along truthfulness, safety, and efficiency, addressing the safety and reliability gaps of reasoning-centric AI. It combines a curated 30-task suite evaluated on 26 LRMs with an open-source toolbox and a training-paradigm analysis framework to diagnose how training strategies affect trustworthiness. Key findings reveal that LRMs are generally less trustworthy than base LLMs, with vulnerability to reasoning-based manipulation, though SFT+RL training can improve balance across dimensions. The framework and toolbox enable scalable, fine-grained evaluation and guide targeted defenses for safer, more reliable reasoning systems.

Abstract

Large Reasoning Models (LRMs) have emerged as a powerful advancement in multi-step reasoning tasks, offering enhanced transparency and logical consistency through explicit chains of thought (CoT). However, these models introduce novel safety and reliability risks, such as CoT-hijacking and prompt-induced inefficiencies, which are not fully captured by existing evaluation methods. To address this gap, we propose RT-LRM, a unified benchmark designed to assess the trustworthiness of LRMs. RT-LRM evaluates three core dimensions: truthfulness, safety and efficiency. Beyond metric-based evaluation, we further introduce the training paradigm as a key analytical perspective to investigate the systematic impact of different training strategies on model trustworthiness. We achieve this by designing a curated suite of 30 reasoning tasks from an observational standpoint. We conduct extensive experiments on 26 models and identify several valuable insights into the trustworthiness of LRMs. For example, LRMs generally face trustworthiness challenges and tend to be more fragile than Large Language Models (LLMs) when encountering reasoning-induced risks. These findings uncover previously underexplored vulnerabilities and highlight the need for more targeted evaluations. In addition, we release a scalable toolbox for standardized trustworthiness research to support future advancements in this important field. Our code and datasets will be open-sourced.

Paper Structure

This paper contains 31 sections, 9 figures, 13 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Framework of RT-LRM
  4. Philosophy of RT-LRM
  5. Practice in RT-LRM
  6. Metrics
  7. Toolbox
  8. Analysis on Experimental Results
  9. Discussion
  10. Conclusion
  11. EVALUATION DETAILS ON TRUTHFULNESS
  12. Objective Truth
  13. Conceptual Truth
  14. EVALUATION DETAILS ON SAFETY
  15. Societal Safety
  16. ...and 16 more sections

Figures (9)

  • Figure 1: Framework of RT-LRM, including aspect categorization, evaluation strategies, and the unified toolbox design. Trustworthiness is assessed from a reasoning-centered perspective, covering both CoT-hijacking risks and prompt-induced impacts.
  • Figure 2: Performance of LRMs on efficiency tasks.
  • Figure 3: Performance across training strategies on three aspects. Safety and efficiency are transformed by 100-value for consistent interpretation, where higher is better.
  • Figure 4: LRMs vs. base LLMs on three aspects. Red numbers denote degradation, and green numbers denote improvement.
  • Figure 5: Model Accuracy on T.1 Proportional Operations.
  • ...and 4 more figures