Hidden Thoughts Are Not Secret: Reasoning Trace Exposure in LLMs

Researchers demonstrate that reasoning traces hidden by large language models can be exposed through Reasoning Exposure Prompting (REP), a technique using shadow-model demonstrations to elicit internal reasoning through prompts. This finding challenges the security assumptions of deployed reasoning systems that intentionally conceal their internal processes from users.

This research reveals a fundamental vulnerability in the design assumptions of modern reasoning-capable LLMs. Companies deploying advanced reasoning models have adopted interface-level hiding—showing users only final answers and summaries while concealing internal reasoning traces—believing this prevents unauthorized access to valuable training signals. The study demonstrates this assumption is flawed. By using carefully crafted prompts with auxiliary code-like formatting and demonstrations from shadow models, researchers can substantially reconstruct hidden reasoning traces without direct access to model internals.

The implications extend beyond simple security theater. Reasoning traces represent concentrated intellectual property—distilled behavioral patterns that enable knowledge transfer from stronger to weaker models. The ability to expose these traces through prompting alone suggests that interface-level access controls provide minimal actual protection. This pattern mirrors broader challenges in AI security where assumptions about information hiding often prove optimistic.

For the AI industry, this creates a strategic tension. Companies investing in reasoning model development face questions about protecting their competitive advantages while providing useful functionality. The research indicates that attempts to restrict trace access through UI design alone may be insufficient. Organizations may need to reconsider architectural approaches, including differential access controls, rate limiting on reasoning tasks, or fundamental changes to how reasoning traces are generated and exposed.

The findings suggest the field needs more rigorous threat modeling around LLM capabilities and information flow. As reasoning models become more valuable, the gap between interface-level security and actual information protection will likely drive both defensive innovations and renewed focus on robust, model-level approaches to capability containment.

• →Reasoning traces hidden by LLMs can be extracted through careful prompting techniques without accessing model internals
• →Interface-level trace hiding provides weaker protection than companies may assume when deploying reasoning models
• →Extracted reasoning traces retain useful signals for distilling capabilities from stronger to weaker models
• →Current UI-based restrictions on trace visibility fail to prevent unauthorized access to valuable training signals
• →Organizations deploying reasoning models may need architectural changes beyond interface-level controls to protect intellectual property