Loading...
Loading...
A hobby project exploring LLM APIs led the author to discover that some providers send encrypted or authenticated copies of models' internal chain-of-thought (CoT) reasoning to clients. Using OpenClaw and agents, the author found Base64 blobs in the Messages/Responses APIs that vary with reasoning complexity and trigger errors if altered, implying authenticated ciphertext rather than plain signatures. The piece walks through how providers include opaque reasoning fields in JSON, why clients are
Tech professionals building with LLM APIs need to know providers may return opaque, authenticated copies of internal chain-of-thought, which affects privacy, compliance, and how clients handle model outputs. Understanding these artifacts is important for secure logging, debugging, and agent design.
Dossier last updated: 2026-06-02 03:20:19
A hobby project exploring so-called “encrypted reasoning” in LLM APIs revealed that providers like OpenAI and Anthropic include opaque, Base64-encoded reasoning blobs (chain-of-thought data) in their Messages/Responses APIs. These blobs look like authenticated ciphertexts: they change size with model effort and produce API errors when tampered with. The author reverse-engineered formats, sketched plausible structures (e.g., Fernet-like for OpenAI), and tested integrity/sanity checks rather than true cryptographic signatures. The work highlights that providers transmit hidden CoT data to clients for protocol purposes, raising engineering and security questions about client-side handling and potential misuse, though no major vulnerability was exposed.
A developer spent a weekend probing LLM APIs after encountering an unexpected error that revealed opaque "reasoning" or "thinking" blobs returned by models like Anthropic's Claude and OpenAI's Responses. These blobs are Base64-encoded, authenticated ciphertexts containing hidden chain-of-thought (CoT) data that clients are instructed not to inspect but must echo back to the server. The author experimented with tampering and observed API errors, mapped probable structures (guessing standards like Fernet for GPT outputs), and concluded the blobs are protected to prevent client-side modification. The exercise highlighted implementation details of frontier LLM APIs, agent debugging pitfalls, and subtle security considerations when building agents that handle encrypted internal model state.
A hobby project investigating LLM "encrypted reasoning" found that major providers send clients opaque, Base64-encoded blobs containing models' internal chain-of-thought (CoT) in responses APIs. The author discovered these reasoning fields—meant to be round-tripped to the server—look like authenticated ciphertexts: their size correlates with reasoning length and tampering triggers API errors. By experimenting with OpenAI and Anthropic APIs (Messages/Responses), the author reverse-engineered formats, hypothesized use of token standards (e.g., Fernet-like) and noted labeled "signatures" that may not be conventional signatures. The post highlights implications for agent design, API behavior, and the security/forensics of model reasoning data.
A hobby project exploring LLM APIs led the author to discover that some providers send encrypted or authenticated copies of models' internal chain-of-thought (CoT) reasoning to clients. Using OpenClaw and agents, the author found Base64 blobs in the Messages/Responses APIs that vary with reasoning complexity and trigger errors if altered, implying authenticated ciphertext rather than plain signatures. The piece walks through how providers include opaque reasoning fields in JSON, why clients are expected to echo them back, and how tampering yields server-side errors. While not a major cryptographic breakthrough, the experiment reveals implementation details of LLM product design and raises practical security and privacy questions about transporting hidden CoT data.