Does More Inference-Time Compute Really Help Robustness?

TL;DR

Increasing inference-time compute can enhance robustness in large models, but exposing reasoning steps to adversaries can reverse this benefit, highlighting the importance of security considerations.

Contribution

This work demonstrates that inference-time scaling benefits are context-dependent and reveals security risks when reasoning steps are accessible to attackers.

Findings

Inference-time scaling improves robustness in open-source models.

Explicit reasoning steps reduce model robustness under attack.

Security risks increase when reasoning steps are exposed.

Abstract

Recently, Zaremba et al. demonstrated that increasing inference-time computation improves robustness in large proprietary reasoning LLMs. In this paper, we first show that smaller-scale, open-source models (e.g., DeepSeek R1, Qwen3, Phi-reasoning) can also benefit from inference-time scaling using a simple budget forcing strategy. More importantly, we reveal and critically examine an implicit assumption in prior work: intermediate reasoning steps are hidden from adversaries. By relaxing this assumption, we identify an important security risk, intuitively motivated and empirically verified as an inverse scaling law: if intermediate reasoning steps become explicitly accessible, increased inference-time computation consistently reduces model robustness. Finally, we discuss practical scenarios where models with hidden reasoning chains are still vulnerable to attacks, such as models with tool-integrated reasoning and advanced reasoning extraction attacks. Our findings collectively demonstrate that the robustness benefits of inference-time scaling depend heavily on the adversarial setting and deployment context. We urge practitioners to carefully weigh these subtle trade-offs before applying inference-time scaling in security-sensitive, real-world applications.