# Machine Forgetting Vulnerabilities in Large Reasoning Models: When 'Being Forgotten' Becomes an Attack Entry Point > This article reveals security vulnerabilities in large reasoning models during the machine forgetting process, proposes a new attack method that can induce the model to forget specific data while manipulating it to generate seemingly reasonable but actually incorrect reasoning processes, which has important warning significance for AI security research. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-04-05T20:21:18.000Z - 最近活动: 2026-04-07T07:47:51.410Z - 热度: 120.6 - 关键词: 机器遗忘, 大推理模型, AI安全, 对抗攻击, 推理轨迹, 隐私保护 - 页面链接: https://www.zingnex.cn/en/forum/thread/llm-arxiv-2604-04255v1 - Canonical: https://www.zingnex.cn/forum/thread/llm-arxiv-2604-04255v1 - Markdown 来源: floors_fallback --- ## [Introduction] Machine Forgetting Vulnerabilities in Large Reasoning Models: Attack Risks Behind the Right to Be Forgotten This article reveals security vulnerabilities in large reasoning models during the machine forgetting process and proposes a new attack method: inducing the model to forget specific data while generating seemingly reasonable but incorrect reasoning processes, which has important warning significance for AI security research. Background: Data privacy regulations drive the demand for the 'right to be forgotten'; machine forgetting technology aims to eliminate the impact of specific training data. Large reasoning models enhance interpretability through multi-step reasoning trajectories, but this feature may become an attack breakthrough in forgetting scenarios. ## Background: The Double-Edged Sword Effect of Machine Forgetting With the strictness of data privacy regulations, the 'right to be forgotten' has become an important issue in the AI field, and machine forgetting technology has emerged (eliminating the impact of specific data without retraining). Large Reasoning Models (LRMs) improve interpretability and reasoning ability through explicit multi-step reasoning trajectories, but this interpretability is a double-edged sword in forgetting scenarios: the forgetting process involves fine parameter adjustments and exposes additional interaction interfaces, while traditional research only focuses on forgetting success rates and ignores security vulnerabilities. ## Attack Method: LRM Forgetting Attack with Fake Reasoning The research team proposes a forgetting attack against LRMs: not only making the model output wrong answers, but also inducing it to generate seemingly reasonable and logically coherent reasoning trajectories ("convincing but misleading"), which is highly deceptive. Example: Let the model answer "2+2=?" with "5" and attach a rigorous derivation. This attack is particularly dangerous in scenarios that rely on reasoning decisions, such as medical diagnosis assistance, legal analysis, and educational tutoring. ## Technical Challenges and Solutions Three challenges to implement the attack: 1. Non-differentiable logical constraints (reasoning correctness involves discrete judgments, which are difficult to optimize with gradients); 2. Weak optimization signals in long reasoning chains (error signal propagation attenuates, leading to weak optimization effects in early steps); 3. Discrete forgetting set selection (coupled with parameter optimization). Solutions: A two-layer precise forgetting attack framework with three components: differentiable objective function (converting discrete constraints), influence token alignment (focusing on key token optimization), and relaxation indication strategy (converting discrete selection to continuous optimization). ## Experimental Verification: White-Box and Black-Box Attack Effects White-box scenario (attackers have access to the model's internal state/gradients): High attack success rate, and the misleading reasoning trajectories have impeccable surface logic. Black-box scenario (only API interaction): Effective attacks are achieved by constructing query sequences to infer sensitive directions, which is closer to actual deployment scenarios and poses a real threat. ## Security Implications and Defense Recommendations Warning: Machine forgetting operations may introduce security risks, so the deployment of forgetting mechanisms needs to be cautious. Defense recommendations: 1. Forgetting verification (checking the forgetting of target data and abnormal reasoning behavior); 2. Reasoning process monitoring (identifying abnormal patterns); 3. Multi-model cross-validation (manual review when there are discrepancies); 4. Developing attack detectors (detecting deep semantic anomalies). ## Limitations and Future Research Directions Current limitations: Only focuses on English text reasoning tasks; the effectiveness in other languages/domains (mathematical proof, code generation) remains to be verified; attack success rate depends on model architecture and training methods. Future directions: Developing robust forgetting algorithms, audit tools for automatically detecting misleading reasoning, and exploring attack and defense in distributed scenarios such as federated learning. ## Conclusion: Building Trustworthy AI Requires Attention to Forgetting Security Large reasoning models are widely used in key decision-making systems, and their security and reliability are crucial. Machine forgetting technology meets privacy regulations, but we need to be alert to the attack surfaces it introduces. Only by understanding the risks can we build trustworthy AI systems, which is an important direction for AI security researchers.