Llama Guard 3 Vision: Safeguarding Human-AI Image Understanding Conversations

Abstract: We introduce Llama Guard 3 Vision, a multimodal LLM-based safeguard for human-AI conversations that involves image understanding: it can be used to safeguard content for both multimodal LLM inputs (prompt classification) and outputs (response classification). Unlike the previous text-only Llama Guard versions (Inan et al., 2023; Llama Team, 2024b,a), it is specifically designed to support image reasoning use cases and is optimized to detect harmful multimodal (text and image) prompts and text responses to these prompts. Llama Guard 3 Vision is fine-tuned on Llama 3.2-Vision and demonstrates strong performance on the internal benchmarks using the MLCommons taxonomy. We also test its robustness against adversarial attacks. We believe that Llama Guard 3 Vision serves as a good starting point to build more capable and robust content moderation tools for human-AI conversation with multimodal capabilities.

• The paper introduces Llama Guard 3 Vision, a multimodal framework that integrates image reasoning with LLMs to detect harmful content.
• It employs a hybrid dataset and supervised training to enhance precision, recall, and F1 scores in classifying unsafe content.
• Benchmarks show improved robustness against adversarial attacks, marking a significant advancement over text-only safety models.

Llama Guard 3 Vision: Safeguarding Human-AI Image Understanding Conversations

The paper "Llama Guard 3 Vision: Safeguarding Human-AI Image Understanding Conversations" introduces a multimodal solution leveraging LLMs to mitigate risks in human-AI interactions that involve images. It focuses on content moderation for inputs and outputs in multimodal conversations by integrating image reasoning capabilities. This research marks a significant advancement from the previous text-only versions of Llama Guard, optimizing it to detect harmful multimodal prompts and responses.

Introduction and Motivation

The development of LLMs has progressed rapidly, showcasing extraordinary linguistic and reasoning capabilities across various domains. However, the rise of vision-language multimodal models brings new challenges in ensuring safe interactions, as most existing safeguards are designed for text-only data. Llama Guard 3 Vision was conceived to fill this gap by providing a robust framework to classify safety risks in both prompts and responses where images are involved.

Figure 1: Llama Guard 3 Vision classifies harmful content in the response classification task.

Methodology

Input-Output Safeguarding

Llama Guard 3 Vision extends upon previous frameworks by introducing image processing into the classification of unsafe content. This model determines whether content within human-AI interactions falls into unsafe categories as defined by a safety taxonomy. The process incorporates a set of guidelines, type of classification, conversations, and output formats.

Data Collection

To effectively train Llama Guard 3 Vision, a hybrid dataset was created using human-generated and synthetically generated data from LLMs. The dataset was designed to encompass diverse scenarios involving image prompts and responses, ensuring a comprehensive training set that spans multiple hazard categories.

Training Details

The model is fine-tuned on Llama 3.2-Vision using supervised techniques, focusing on learning effective classification through data augmentation and strict guideline adherence, thus optimizing performance in complex multimodal scenarios.

Experiments

Performance Analysis

Llama Guard 3 Vision shows superior performance compared to its baselines, particularly in response classification tasks. The internal benchmark tests demonstrate its robustness, with higher precision, recall, and F1 scores, alongside lower false positive rates. It addresses challenges posed by ambiguities in prompts and excels in categorizing specific hazards such as Indiscriminate Weapons and Elections with high accuracy.

Adversarial Robustness

The robustness of Llama Guard 3 Vision against adversarial attacks was tested using PGD and GCG methods. While PGD attacks showed some susceptibility in prompt classification with image interference, response classification remained more resilient, indicating a robust behavior against adversarial manipulation. These results underscore the necessity of combined safeguarding strategies to bolster protection against adversaries.

Related Work

The challenge of ensuring the safety of LLM outputs has been approached through both model-level and system-level mitigation strategies. The innovation of Llama Guard 3 Vision lies in its system-level application, providing a scalable baseline for further developments in multimodal AI safety by integrating visual and textual understanding.

Limitations and Broader Impacts

While Llama Guard 3 Vision offers a significant leap in multimodal content moderation, it is limited by the inherent constraints of its foundational model and training data. It necessitates expansion for multilingual capabilities and broader image inputs. Additionally, some hazard categories demand more nuanced, real-time factual assessments, pointing to areas for future technological advancements.

Conclusion

This paper's contributions lie in introducing a framework that adapts multimodal LLMs to safely manage conversations involving images. Llama Guard 3 Vision paves the way for more sophisticated content moderation tools, promoting the responsible deployment of AI systems amidst evolving cyber environments. As its development progresses, it sets a foundational piece for protecting the integrity and safety of human-AI interactions across various modalities.