Large Reasoning Models (LRMs) improve performance, reliability, and interpretability by generating explicit chain-of-thought (CoT) reasoning, but this transparency introduces a serious privacy risk: intermediate reasoning often leaks personally identifiable information (PII) even when final answers are sanitized. We study how to induce privacy-first reasoning, where models reason without exposing sensitive information, using deployable interventions rather than post-hoc redaction. We introduce PII-CoT-Bench, a supervised dataset with privacy-aware CoT annotations, and a category-balanced evaluation benchmark covering realistic and adversarial leakage scenarios. Our results reveal a capability-dependent trend: state-of-the-art models benefit most from prompt-based controls, whereas weaker models require fine-tuning to achieve meaningful leakage reduction. Across models and categories, both approaches substantially reduce PII exposure with minimal degradation in utility, demonstrating that private reasoning can be achieved without sacrificing performance. Overall, we show that private CoT reasoning can be achieved with minimal utility loss, providing practical guidance for building privacy-preserving reasoning systems.

翻译：大规模推理模型通过生成显式的思维链推理来提高性能、可靠性和可解释性，但这种透明性带来了严重的隐私风险：即使最终答案经过脱敏处理，中间推理过程仍常常泄露个人身份信息。我们研究如何通过可部署的干预措施（而非事后编辑）来引导模型进行隐私优先的推理，使其在不暴露敏感信息的前提下完成推理。我们提出了PII-CoT-Bench——一个包含隐私感知思维链标注的监督数据集，以及一个涵盖现实场景和对抗性泄露场景的类别平衡评估基准。我们的研究结果揭示了一种能力依赖趋势：最先进的模型通过基于提示的控制获益最大，而较弱模型则需要通过微调才能实现有意义的泄露减少。在所有模型和类别中，这两种方法都能在效用损失最小的情况下显著降低PII暴露风险，证明私有推理可以在不牺牲性能的前提下实现。总体而言，我们的研究表明，私有思维链推理能够以极小的效用损失实现，为构建隐私保护推理系统提供了实用指导。