Reasoning Safety Monitor: Real-time Detection of Vulnerabilities in Large Language Model Reasoning Chains

Researchers propose a new concept of "Reasoning Safety", construct a classification system for nine types of unsafe reasoning behaviors, and develop an external monitoring component to detect reasoning hijacking and denial-of-service attacks in real time, achieving an 84.88% step-level localization accuracy on a benchmark of 450 reasoning chains.

Existing large model safety research mainly focuses on content safety (detecting harmful, biased, or factually incorrect outputs), but ignores the safety of the reasoning process itself.

This paper proposes Reasoning Safety as an orthogonal and equally critical safety dimension, covering:

• Logical consistency of reasoning trajectories
• Computational efficiency
• Resistance to adversarial manipulation

Researchers established a systematic classification system:

1. Input Parsing Error
2. Reasoning Execution Error
3. Process Management Error

Through large-scale annotation research on 4111 reasoning chains (from natural reasoning benchmarks and four adversarial attack methods), it is confirmed that all nine types of errors exist in practice, and each attack produces a mechanistically interpretable feature signature.

Core contribution: A parallel monitoring component based on external LLM

• Real-time inspection: Check each step of reasoning via prompts embedded with the classification system
• Interrupt mechanism: Send an interrupt signal when unsafe behavior is detected
• High accuracy: 84.88% step-level localization accuracy, 85.37% error type classification accuracy

Significantly outperforms hallucination detectors and process reward model baselines.

This work proves that monitoring at the reasoning level is both necessary and feasible, laying the foundation for the safe deployment of large reasoning models.