Panoramic Study of Large Reasoning Model Security: Security Challenges and Protection Strategies for DeepSeek-R1 and OpenAI o1

From 2024 to 2025, Large Reasoning Models (LRMs) represented by OpenAI o1 and DeepSeek-R1 have emerged. Their deep reasoning capabilities have brought breakthrough progress, but also new security challenges. This open-source GitHub project systematically organizes research results in the field of LRM security, covering attack methods, defense mechanisms, etc., and provides a comprehensive resource index for AI security researchers.

The core difference between LRMs and traditional LLMs lies in the adoption of "inference-time compute scaling": more resources are invested in the reasoning phase to generate chains of thought, try multiple paths, and perform self-verification and correction. DeepSeek-R1 is trained with reinforcement learning, while OpenAI o1 combines supervised and reinforcement learning (generating hidden chains of thought during reasoning). Both models have long-term planning, self-correction, and tool usage capabilities, but the difficulty of security assessment has increased.

1. Chain-of-thought manipulation attacks: Guiding the model to accept wrong premises or generate harmful content in reasoning steps through prompts;
2. Hidden reasoning risks: Hidden chains of thought in models like o1 make monitoring difficult, and long-term reasoning is prone to cumulative error propagation;
3. Tool usage risks: Calling external tools expands the attack surface, and multi-round calls can combine harmless information to generate harmful outputs.

1. Chain-of-thought security monitoring: Train classifiers for parallel detection, or require models to explicitly label safe reasoning steps;
2. Adversarial training and red team testing: Introduce multi-step adversarial samples to enhance robustness, and conduct continuous red team testing to find vulnerabilities;
3. Value alignment and reasoning constraints: Built-in safe reasoning mode, dynamically adjust model tendencies through "safety guidance".

Resource library categories: Review papers, attack methods, defense mechanisms, evaluation benchmarks, model analysis (for DeepSeek-R1, o1, etc.). Usage suggestions: Researchers start with reviews to build cognition, and developers focus on defense mechanisms and best practices.

LRM security research is in its early stage, facing challenges such as complex deception attacks, hidden risk detection, and balance between security and capability. It requires collaboration between technology, policy, and ethics. The resource library promotes community-based research, with the goal of enabling LRMs to serve humans safely and responsibly.