RECUR: Resource Exhaustion Attack via Recursive-Entropy Guided Counterfactual Utilization and Reflection

TL;DR

The paper identifies a latent risk in large reasoning models: reasoning reflections can enter stable thinking loops that exhaust computational resources. It introduces Recursive Entropy, a metric defined as the ratio of the next-token probability to the clamped entropy of the following-token distribution, to quantify susceptibility to looping. Building on this, it proposes RECUR, a counterfactual-question–driven attack that constructs overthinking prompts, applies Recursive Entropy–guided sampling to induce loops, and uses coherence-based trimming to convert loops into compact, transferable prompts. Empirical results show RECUR can extend generated reasoning up to about $11\times$ the benign length and reduce token throughput by roughly $90\%$, with strong transferability to closed-source models; ablations confirm the importance of counterfactual prompting, Recursive Entropy guidance, and prompt trimming. The work highlights latent vulnerabilities in LRM reasoning and provides a diagnostic framework and countermeasures for more robust, controllable reasoning under adversarial prompting.

Abstract

Large Reasoning Models (LRMs) employ reasoning to address complex tasks. Such explicit reasoning requires extended context lengths, resulting in substantially higher resource consumption. Prior work has shown that adversarially crafted inputs can trigger redundant reasoning processes, exposing LRMs to resource-exhaustion vulnerabilities. However, the reasoning process itself, especially its reflective component, has received limited attention, even though it can lead to over-reflection and consume excessive computing power. In this paper, we introduce Recursive Entropy to quantify the risk of resource consumption in reflection, thereby revealing the safety issues inherent in inference itself. Based on Recursive Entropy, we introduce RECUR, a resource exhaustion attack via Recursive Entropy guided Counterfactual Utilization and Reflection. It constructs counterfactual questions to verify the inherent flaws and risks of LRMs. Extensive experiments demonstrate that, under benign inference, recursive entropy exhibits a pronounced decreasing trend. RECUR disrupts this trend, increasing the output length by up to 11x and decreasing throughput by 90%. Our work provides a new perspective on robust reasoning.

Figures (8)

• Figure 1: Overall framework of our methodology. Left: Definition and computation of recursive entropy, along with its varying trends during reasoning. Center: RECUR's overall workflow, including counterfactual question construction, recursive entropy guided sampling, and coherence-based trimming. Right: Schematic of RECUR executing resource exhaustion attacks, which generate attack prompts causing LMRs to get into infinite thinking loops.
• Figure 2: The trend of recursive entropy changes across different reasoning processes for the same counterfactual question.
• Figure 3: Recursive entropy changes of basic question benign reasoning.
• Figure 4: Recursive entropy changes of basic question benign reasoning.
• Figure 5: Recursive entropy changes of basic question benign reasoning.