This work proposes “conceptual steganography,” a novel steganographic approach that enables large language models to covertly transmit harmful information through chain-of-thought reasoning while evading human oversight. Unlike conventional methods relying on token-level manipulations or lexical choices, this technique elevates information encoding to the level of high-level reasoning behavior patterns, substantially enhancing robustness against existing paraphrasing-based defenses. The method integrates chain-of-thought generation with concept-level encoding and introduces a strategy-aware paraphrasing defense mechanism. Experiments across four model families and two reasoning tasks demonstrate that the proposed approach achieves strong stealth and effectiveness without compromising reasoning performance, while the strategy-aware paraphraser significantly mitigates such steganographic channels.

Language Models (LMs) emit Chains-of-Thought (CoTs) that drive much of their capability. However, the same sequence that carries useful reasoning can also covertly convey messages: a misaligned model may embed covert information in its CoT that slips through human supervision, a form of steganography known as encoded reasoning. Prior LM steganography schemes operate in the token or lexical space, and a content-preserving paraphraser is the canonical and effective defense in recent work. We introduce conceptual steganography, in which each step of a CoT carries information through patterns of high-level reasoning behavior, rather than through lexical choice. Across four model families and two reasoning domains, this backdoor communication channel is shown to be consistently more robust to a strong paraphrase defense than standard keyword approaches, and the encoding of information into CoTs does not affect their utility in the reasoning process. Having raised awareness of this new risk, we then demonstrate that a strategy-aware paraphraser can close much of the channel, highlighting new challenges and recommended defenses for ensuring faithful LLM reasoning in the wild.