This paper addresses the security challenge of early detection of malicious intent in AI systems by proposing intent monitoring via their natural-language chain-of-thought (CoT) reasoning traces. Methodologically, it introduces and formalizes the concept of “CoT monitorability,” and constructs a large language model–based framework for CoT generation, extraction, and risk analysis—enabling both human and automated scrutiny of reasoning processes. Key contributions include: (1) demonstrating CoT’s distinctive value as an interpretable signal for intent identification; (2) revealing its vulnerability to adversarial manipulation, thereby underscoring the need for proactive safeguards in model design; and (3) empirically validating that while CoT monitoring is not exhaustive, it meaningfully complements traditional black-box safety mechanisms. The study advocates integrating CoT monitorability into the security-aware development lifecycle of frontier AI systems.

AI systems that "think" in human language offer a unique opportunity for AI safety: we can monitor their chains of thought (CoT) for the intent to misbehave. Like all other known AI oversight methods, CoT monitoring is imperfect and allows some misbehavior to go unnoticed. Nevertheless, it shows promise and we recommend further research into CoT monitorability and investment in CoT monitoring alongside existing safety methods. Because CoT monitorability may be fragile, we recommend that frontier model developers consider the impact of development decisions on CoT monitorability.