SingGuard:一种具有动态推理能力的策略自适应多模态大语言模型护栏
SingGuard: A Policy-Adaptive Multimodal LLM Guardrail with Dynamic Reasoning
June 22, 2026
作者: SingGuard Team
cs.AI
摘要
视觉-语言模型(VLM)正日益部署于消费、医疗、金融和企业应用中。这种广泛部署扩大了安全范围:风险可能来自多模态问答、助手响应以及跨模态组合,而审核策略可能因产品、地区和部署阶段而异。现有的大多数防护栏要么依赖固定的分类体系,要么仅针对狭窄的交互场景,这使得它们在部署时安全规则发生变化时适应性受限。我们提出了SingGuard,一个策略自适应的多模态防护栏模型系列,用于多模态对话中的安全评估。SingGuard将活动策略视为运行时输入:给定自然语言规则,它逐条检查目标内容是否符合活动策略,并预测安全标签和触发的规则。为了平衡效率和可解释性,SingGuard沿快速到慢速推理谱系支持快、混合和慢三种推理模式,范围从直接安全判断到基于策略的深思熟虑。我们进一步通过快-慢解耦强化学习优化这一行为。我们还引入了SingGuard-Bench,一个多模态防护栏基准测试,包含56,340个示例,涵盖80多种细粒度风险类型,涉及多模态QA、对抗性攻击和动态规则评估场景,包括跨模态联合风险案例,其中每个模态单独无害,但其组合暗示不安全意图。在六个基准测试系列(35个数据集)中,SingGuard在每个系列中均实现了最先进的平均F1得分。动态规则评估进一步显示,在运行时策略变化下,策略遵循准确率从0.6465提升至0.7415。我们的代码可在https://github.com/inclusionAI/Sing-Guard获取。
English
Vision-language models (VLMs) are increasingly deployed in consumer, medical, financial, and enterprise applications. This broad deployment expands the safety surface: risks can arise from multimodal question answering, assistant responses, and cross-modal composition, while moderation policies may vary across products, regions, and deployment stages. Most existing guardrails either rely on fixed taxonomies or target only a narrow set of interaction settings, which limits their adaptability when safety rules change at deployment time. We present SingGuard, a policy-adaptive multimodal guardrail model family for safety assessment in multimodal conversations. SingGuard treats the active policy as a runtime input: given natural-language rules, it checks the target content against the active policy rule by rule and predicts both the safety label and the triggered rule. To balance efficiency and interpretability, SingGuard supports fast, hybrid, and slow inference regimes along a fast-to-slow reasoning spectrum, ranging from direct safety judgments to policy-grounded deliberation. We further optimize this behavior with fast--slow decoupled reinforcement learning. We also introduce SingGuard-Bench, a multimodal guardrail benchmark with 56{,}340 examples spanning 80+ fine-grained risk types across multimodal QA, adversarial attack, and dynamic-rule evaluation settings, including cross-modal joint-risk cases where each modality is harmless in isolation but their composition implies unsafe intent. Across six benchmark families (35 datasets), SingGuard achieves state-of-the-art average F1 in every family. Dynamic-rule evaluation further shows improved policy-following accuracy from 0.6465 to 0.7415 under runtime policy shifts. Our code is available at https://github.com/inclusionAI/Sing-Guard.