@inproceedings{krishna-etal-2025-weakest,
    title = "Weakest Link in the Chain: Security Vulnerabilities in Advanced Reasoning Models",
    author = "Krishna, Arjun  and
      Galinkin, Erick  and
      Rastogi, Aaditya",
    editor = "Novikova, Jekaterina",
    booktitle = "Proceedings of the The First Workshop on LLM Security (LLMSEC)",
    month = aug,
    year = "2025",
    address = "Vienna, Austria",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/transition-to-people-yaml/2025.llmsec-1.12/",
    pages = "168--175",
    ISBN = "979-8-89176-279-4",
    abstract = "The introduction of advanced reasoning capabilities have improved the problem-solving performance of large language models, particularly on math and coding benchmarks. However, it remains unclear whether these reasoning models are more or less vulnerable to adversarial prompt attacks than their non-reasoning counterparts. In this work, we present a systematic evaluation of weaknesses in advanced reasoning models compared to similar non-reasoning models across a diverse set of prompt-based attack categories. Using experimental data, we find that on average the reasoning-augmented models are slightly more robust than non-reasoning models (42.51{\%} vs 45.53{\%} attack success rate, lower is better). However, this overall trend masks significant category-specific differences: for certain attack types the reasoning models are substantially more vulnerable (e.g., up to 32 percentage points worse on a tree-of-attacks prompt), while for others they are markedly more robust (e.g., 29.8 points better on cross-site scripting injection). Our findings highlight the nuanced security implications of advanced reasoning in language models and emphasize the importance of stress-testing safety across diverse adversarial techniques."
}