Step-by-step reasoning in LLMs creates a critical security flaw. Attackers can trigger excessively long internal monologues, forcing models to overthink simple problems until they crawl. This vulnerability turns a capability into a liability. Developers must now implement strict constraints on reasoning length to prevent these resource-exhaustion attacks from crashing production systems.