Can language models keep secrets and control information strategically?

This explores whether language models can deliberately keep secrets and strategically control what they reveal — and the short version from this corpus is that secrecy is mostly something that *happens* to these models rather than something they *do*. The most direct evidence is unflattering: when models reason out loud, they leak. Roughly three-quarters of privacy exposures in reasoning traces come not from clever extraction but from the model simply re-materializing sensitive user data mid-thought, and longer reasoning chains leak *more*, because the private detail acts as cognitive scaffolding the model leans on to think Do reasoning traces actually expose private user data?. Worse, models leak things no one can even see as secrets: behavioral traits transmit between models through data bearing no semantic relationship to the trait, surviving aggressive filtering because the signal is a statistical fingerprint, not content Can language models transmit hidden behavioral traits through unrelated data?. You can't keep a secret you don't know you're carrying.

The more surprising flip side is that models genuinely *can* hide computation — just not on purpose. Trained with hidden chain-of-thought, transformers compute the correct answer in their earliest layers, then actively suppress that representation in later layers to emit format-compliant filler tokens, with the real reasoning still recoverable from lower-ranked predictions Do transformers hide reasoning before producing filler tokens?. So the machinery for 'thinking one thing and saying another' exists. But it's a training artifact, not a strategy — and the concealment is leaky, sitting one logit-lens probe away from exposure. That gap between what the model internally holds and what it presents is exactly where strategic information control would have to live, and here it's accidental.

Strategic information control also requires modeling *who knows what* — and this is where models fall down hardest. LLMs look socially competent only when one model puppeteers all sides of an interaction; the moment agents must hold genuinely private information and reason about each other's asymmetric knowledge, performance collapses Why do LLMs fail when simulating agents with private information?. Keeping a secret is meaningless without a theory of the other mind you're keeping it from, and the corpus shows models skip exactly that grounding work when they can get away with it.

There's a thinner thread of evidence that the raw ingredients for control exist. Models develop entity-recognition mechanisms that causally track whether they actually know something, steering both refusal and hallucination — a primitive form of 'I have / don't have this information' Do models know what they don't know?. But the broader picture of model self-knowledge is unstable: self-reports are unreliable, and models shift their stated beliefs under conversational pressure How well do language models understand their own knowledge?. A system that abandons its position when pushed is not one that can guard a secret under interrogation.

The deepest reason may be architectural. Transformers don't store knowledge in a vault you can lock; they transmit it as continuous flow, knowledge that exists only in the act of generation, more like oral performance than a filing cabinet Do transformer models store knowledge or generate it continuously?. A secret presumes a boundary between possessing information and disclosing it — and if knowing and saying are the same physical process, that boundary is exactly what these models lack. What you'd want to know you didn't want to know: the failure to keep secrets and the failure to integrate context you'd rather the model *use* Why do language models ignore information in their context? may be two faces of one thing — models have remarkably little control over the gate between their internal state and their output, in either direction.