Go to ICLR 2026 Conference homepageWhen Models Outthink Their Safety: Mitigating Self-Jailbreak in Large Reasoning Models with Chain-of-Guardrails
Keywords: Safety; Large Reasoning model
TL;DR: We uncover a phenomenon, \textbf{Self-Jailbreak}, where models override their own risk assessment and propose the \textit{Chain-of-Thought Guardrail} (CoG), a training framework that reconstructs or backtracks unsafe reasoning trajectorie.
Abstract: Large Reasoning Models (LRMs) demonstrate remarkable capabilities on complex reasoning tasks but remain vulnerable to severe safety risks, including harmful content generation and jailbreak attacks. Existing mitigation strategies rely on injecting heuristic safety signals during training, which often suppress reasoning ability and fail to resolve the safety-reasoning trade-off. To systematically investigate this issue, we analyze the reasoning trajectories of diverse LRMs and uncover a phenomenon we term Self-Jailbreak, where models override their own risk assessments and justify responding to unsafe prompts. This finding reveals that LRMs inherently possess the ability to reject unsafe queries, but this ability is compromised by Self-Jailbreak, resulting in harmful outputs. Building on these insights, we propose the Chain-of-Guardrail (CoG), a training framework that recomposes or backtracks unsafe reasoning steps, steering the model back onto safe trajectories while preserving valid inference chains. Extensive experiments across multiple reasoning and safety benchmarks demonstrate that CoG substantially improves safety of current LRMs while preserving comparable reasoning ability, significantly outperforming prior methods that suffer from severe safety–reasoning trade-offs.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 25074
Loading