AI Reasoning Models GPT-5, Claude Opus Vulnerable to 'Overthinking' DoS Attacks, ICML 2026 Research Reveals

New research presented at the International Conference on Machine Learning (ICML) 2026 highlights a significant security vulnerability in advanced AI reasoning models. This vulnerability allows for denial-of-service (DoS) attacks by inducing what researchers term "pathological overthinking" in these systems. The findings suggest that the very reasoning capabilities underpinning today's most sophisticated AI, including models like GPT-5 and Claude Opus, introduce new and largely unexplored security risks. For broader context, explore our AI News.
Understanding the 'Inducing Overthink' Attack
Researchers from Zhejiang University and Alibaba developed a method called "Inducing Overthink." This technique leverages a hierarchical genetic algorithm to create logically perturbed prompts. When these specially crafted prompts are fed to AI reasoning models, they cause the models to generate excessively long and redundant internal reasoning chains. This process consumes a disproportionate amount of computational resources and energy.
The impact of these prompts can be substantial. On the MATH benchmark, the attack was observed to increase the length of internal reasoning chains by up to 26.1 times compared to normal operations. Such inflated reasoning can quickly exhaust API rate limits and infrastructure budgets, effectively leading to a denial of service for legitimate users.
Black-Box Vulnerability Across Major AI Models
A critical aspect of the "Inducing Overthink" attack is its black-box nature. This means the attack can be executed without requiring access to the internal architecture or parameters of the target AI model. This characteristic makes it particularly potent, as attackers do not need proprietary information to exploit the vulnerability.
The research demonstrated that the attack transfers effectively from smaller proxy models to large commercial language reasoning models (LRMs) developed by major providers such as OpenAI, Anthropic, and Google. This broad applicability indicates a fundamental vulnerability within the reasoning paradigm that powers many of the most capable AI systems currently in use or under development, including advanced models like GPT-5 and Claude Opus.
Implications for AI Security and Operations
The discovery of this vulnerability has significant implications for the security and operational management of AI systems. The ability to induce pathological overthinking presents a low-cost attack vector. A single malicious prompt could potentially deplete token budgets, degrade service quality for other users, and substantially increase operational costs for model providers.
This finding may necessitate new security measures from AI developers and operators. Potential countermeasures could include implementing reasoning-depth limits within models, developing anomaly detection systems to identify unusual prompt structures, or imposing per-request compute caps to prevent resource exhaustion. The research underscores that while adding reasoning capabilities enhances AI performance, it also introduces complex security surfaces that require careful consideration and mitigation strategies.
Comparison of Affected AI Models
The research specifically identifies that the vulnerability affects the reasoning paradigm underpinning today's most capable AI systems, including GPT-5 and Claude Opus. This suggests that advanced models from leading developers are susceptible to this type of denial-of-service attack.
| Feature | GPT-5 | Claude Opus |
|---|---|---|
| Vulnerability to 'Overthink' DoS | Yes | Yes |
| Affected by Black-Box Attack | Yes | Yes |
| Reasoning Chain Inflation | Up to 26.1x (on MATH benchmark) | Up to 26.1x (on MATH benchmark) |
The table above illustrates that both GPT-5 and Claude Opus, as representatives of advanced language reasoning models, are susceptible to the "Inducing Overthink" attack. This shared vulnerability highlights a systemic issue rather than an isolated flaw in a single model.
Conclusion
The research presented at ICML 2026 by Zhejiang University and Alibaba reveals a critical security flaw in AI reasoning models, demonstrating how they can be weaponized into denial-of-service attacks through induced "overthinking." This black-box vulnerability affects leading commercial models from OpenAI, Anthropic, and Google, including GPT-5 and Claude Opus. The findings emphasize the need for AI providers to develop robust defenses, such as reasoning-depth limits or anomaly detection, to safeguard against resource exhaustion and service degradation. As AI capabilities advance, understanding and mitigating these novel security risks will be crucial for the reliable deployment of powerful AI systems.
Sources
- GitHub - aim-uofa/Active-o3: [ICML2026] ACTIVE-O3: Empowering Multimodal Large Language Models with Active Perception via GRPO · GitHub
- SuDIS Group at Zhejiang University · GitHub
- GitHub - microsoft/World-R1: [ICML 2026] World-R1: Reinforcing 3D Constraints for Text-to-Video Generation · GitHub
- https://spectrum.ieee.org/ai-reasoning-models-security-risk
- https://icml.cc/virtual/2026/poster/62234
Recommended AI tools
Google Gemini
Conversational AI
Your everyday Google AI assistant for creativity, research, and productivity
ChatGPT
Conversational AI
AI research, productivity, and conversation—smarter thinking, deeper insights.
Perplexity
Search & Discovery
Clear answers from reliable sources, powered by AI.
Claude
Conversational AI
Your trusted AI collaborator for coding, research, productivity, and enterprise challenges
OpenClaw AI Agent
Productivity & Collaboration
The AI that actually does things.
Cursor
Code Assistance
The AI code editor that understands your entire codebase
Was this article helpful?
Found outdated info or have suggestions? Send us a note.


