Reasoning Hijacking: Subverting LLM Classification via Decision-Criteria Injection

Computer Science > Cryptography and Security [Submitted on 15 Jan 2026 (v1), last revised 9 Apr 2026 (this version, v3)] Reasoning Hijacking: Subverting LLM Classification via Decision-Criteria Injection Yuansen Liu, Yixuan Tang, Anthony Kum Hoe Tun Current LLM safety research predominantly focuses on mitigating Goal Hijacking, preventing attackers from redirecting a model's high-level objective (e.g., from "summarizing emails" to "phishing users"). In this paper, we argue that this perspective is incomplete and highlight a critical vulnerability in Reasoning Alignment. We propose a new adversarial prompt attack paradigm: Reasoning Hijacking and instantiate it with Criteria Attack, which subverts model judgments by injecting spurious decision criteria without altering the high-level task goal. Unlike Goal Hijacking, which attempts to override the system prompt, Reasoning Hijacking accepts the high-level goal but manipulates the model's decision-making logic by injecting spurious reasoning shortcut. Though extensive experiments on three different tasks (toxic comment, negative review, and spam detection), we demonstrate that even newest models are prone to prioritize injected heuristic shortcuts over rigorous semantic analysis. The results are consistent over different backbones. Crucially, because the model's "intent" remains aligned with the user's instructions, these attacks can bypass defenses designed to detect goal deviation (e.g., SecAlign, StruQ), exposing a fundamental blind spot in the current safety landscape. Data and code are available at this https URL Comments: accepted by ACL 2026 Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2601.10294 [cs.CR]   (or arXiv:2601.10294v3 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2601.10294 Focus to learn more Submission history From: Yuansen Liu [view email] [v1] Thu, 15 Jan 2026 11:12:08 UTC (825 KB) [v2] Tue, 27 Jan 2026 07:11:28 UTC (825 KB) [v3] Thu, 9 Apr 2026 20:03:24 UTC (1,040 KB) Access Paper: view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-01 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)