@inproceedings{ahrend-etal-2026-safer,
    title = "Safer Reasoning Traces: Measuring and Mitigating Chain-of-Thought Leakage in {LLM}s",
    author = "Ahrend, Patrick  and
      Eder, Tobias  and
      Yang, Xiyang  and
      Pan, Zhiyi  and
      Groh, Georg",
    editor = "Habernal, Ivan  and
      Ghanavati, Sepideh  and
      Haghighi, Sara  and
      Ramesh, Krithika  and
      Igamberdiev, Timour  and
      Wilson, Shomir",
    booktitle = "Proceedings of the Seventh Workshop on Privacy in Natural Language Processing",
    month = jul,
    year = "2026",
    address = "San Diego, California",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/ingest-acl-workshops/2026.privatenlp-main.10/",
    pages = "140--164",
    ISBN = "979-8-89176-397-5",
    abstract = "Chain-of-Thought (CoT) prompting improves LLM reasoning but can increase privacy risk by resurfacing personally identifiable information (PII) from the prompt into reasoning traces and outputs, even under policies that instruct the model not to restate PII. We study such direct, inference-time PII leakage using a model-agnostic framework that (i) defines leakage as risk-weighted, token-level events across 11 PII types, (ii) traces leakage curves as a function of the allowed CoT budget, and (iii) compares open- and closed-source model families on a structured PII dataset with a hierarchical risk taxonomy. We find that CoT consistently elevates leakage, especially for high-risk categories, and that leakage is strongly family- and budget-dependent: increasing the reasoning budget can either amplify or attenuate leakage depending on the base model. We then benchmark lightweight inference-time gatekeepers: a rule-based detector, a TF{--}IDF + logistic regression classifier, a GLiNER-based NER model, and an LLM-as-judge, using risk-weighted F1, Macro-F1, and recall. No single method dominates across models or budgets, motivating hybrid, style-adaptive gatekeeping policies that balance utility and risk under a common, reproducible protocol."
}