SingGuard:具動態推理之政策自適應多模態LLM護欄
SingGuard: A Policy-Adaptive Multimodal LLM Guardrail with Dynamic Reasoning
June 22, 2026
作者: SingGuard Team
cs.AI
摘要
視覺語言模型(VLMs)正逐漸部署於消費、醫療、金融及企業應用中。此類廣泛部署擴大了安全涵蓋面:風險可能源自多模態問答、助理解答回應及跨模態組合,而審核政策可能因產品、地區及部署階段而異。現有多數護欄措施若非依賴固定分類法,便是僅針對狹義互動場景,導致其在部署階段安全規則變動時適應性有限。我們提出SingGuard,一個政策適應性多模態護欄模型系列,專用於多模態對話中的安全評估。SingGuard將現行政策視為運行時輸入:給定自然語言規則後,它逐條比對目標內容是否符合政策規則,並預測安全標籤及觸發的規則。為平衡效率與可解釋性,SingGuard支援快速、混合及慢速三種推論模式,沿著從直接安全判斷到政策基礎審議的快速至慢速推理光譜運行。我們更透過快慢分離強化學習進一步優化此行為。同時,我們推出SingGuard-Bench,一個多模態護欄基準測試,包含56,340個範例,涵蓋80多種細粒度風險類型,橫跨多模態問答、對抗攻擊及動態規則評估情境,包括跨模態聯合風險案例——其中各模態單獨無害,但其組合卻暗示不安全意圖。在六個基準測試系列(共35個數據集)中,SingGuard在每個系列均達到平均F1值的先進水準。動態規則評估更顯示,在運行時政策變動下,政策遵循準確率從0.6465提升至0.7415。我們的程式碼已公開於 https://github.com/inclusionAI/Sing-Guard。
English
Vision-language models (VLMs) are increasingly deployed in consumer, medical, financial, and enterprise applications. This broad deployment expands the safety surface: risks can arise from multimodal question answering, assistant responses, and cross-modal composition, while moderation policies may vary across products, regions, and deployment stages. Most existing guardrails either rely on fixed taxonomies or target only a narrow set of interaction settings, which limits their adaptability when safety rules change at deployment time. We present SingGuard, a policy-adaptive multimodal guardrail model family for safety assessment in multimodal conversations. SingGuard treats the active policy as a runtime input: given natural-language rules, it checks the target content against the active policy rule by rule and predicts both the safety label and the triggered rule. To balance efficiency and interpretability, SingGuard supports fast, hybrid, and slow inference regimes along a fast-to-slow reasoning spectrum, ranging from direct safety judgments to policy-grounded deliberation. We further optimize this behavior with fast--slow decoupled reinforcement learning. We also introduce SingGuard-Bench, a multimodal guardrail benchmark with 56{,}340 examples spanning 80+ fine-grained risk types across multimodal QA, adversarial attack, and dynamic-rule evaluation settings, including cross-modal joint-risk cases where each modality is harmless in isolation but their composition implies unsafe intent. Across six benchmark families (35 datasets), SingGuard achieves state-of-the-art average F1 in every family. Dynamic-rule evaluation further shows improved policy-following accuracy from 0.6465 to 0.7415 under runtime policy shifts. Our code is available at https://github.com/inclusionAI/Sing-Guard.