GuardReasoner: Towards Reasoning-based LLM Safeguards

Abstract: As LLMs increasingly impact safety-critical applications, ensuring their safety using guardrails remains a key challenge. This paper proposes GuardReasoner, a new safeguard for LLMs, by guiding the guard model to learn to reason. Concretely, we first create the GuardReasonerTrain dataset, which consists of 127K samples with 460K detailed reasoning steps. Then, we introduce reasoning SFT to unlock the reasoning capability of guard models. In addition, we present hard sample DPO to further strengthen their reasoning ability. In this manner, GuardReasoner achieves better performance, explainability, and generalizability. Extensive experiments and analyses on 13 benchmarks of 3 guardrail tasks demonstrate its superiority. Remarkably, GuardReasoner 8B surpasses GPT-4o+CoT by 5.74% and LLaMA Guard 3 8B by 20.84% F1 score on average. We release the training data, code, and models with different scales (1B, 3B, 8B) of GuardReasoner : https://github.com/yueliu1999/GuardReasoner/.

• The paper introduces GuardReasoner, a reasoning-centric safeguard that integrates a large-scale dataset and novel training methods to enhance LLM reliability.
• It employs Reasoning Supervised Fine-tuning and Hard Sample Direct Preference Optimization to refine model interpretation and precision on complex queries.
• Empirical evaluations on 13 benchmarks demonstrate significant F1 score improvements over existing models, highlighting its practical impact in safety-critical applications.

An Analysis of GuardReasoner: Enhancing the Safety of LLMs through Reasoning-based Safeguards

The paper, "GuardReasoner: Towards Reasoning-based LLM Safeguards," addresses a critical challenge in the deployment of LLMs in safety-critical applications: ensuring the security and reliability of their outputs. As LLMs impact a growing number of sectors, from chatbots to software engineering, safeguarding these models against malicious manipulations becomes imperative. This paper introduces GuardReasoner, a novel approach designed to mitigate these risks by incorporating reasoning capabilities into guard models.

Methodological Contributions

GuardReasoner advances the field by presenting an innovative methodology that emphasizes reasoning as a core component of LLM safeguards. The approach comprises several key elements:

1. GuardReasonerTrain Dataset: The researchers constructed a dedicated training dataset of approximately 127,000 samples, featuring 460,000 detailed reasoning steps. This expansive dataset is tailored to unlock the reasoning potential of guard models.
2. Reasoning Supervised Fine-tuning (R-SFT): This novel training technique is devised to enhance the reasoning capabilities of models. By engaging in R-SFT, guard models are trained on the synthesized reasoning data to refine their abilities to interpret complex queries systematically.
3. Hard Sample Direct Preference Optimization (HS-DPO): To further enhance the model's reasoning acumen, the authors introduce HS-DPO. This method targets "ambiguous samples," or inputs with mixed correct and incorrect outputs, by optimizing preference for correct responses. It effectively improves the model's precision in processing difficult examples.

Empirical Evaluation

The research entailed comprehensive experimentation across 13 benchmarks encompassing three primary tasks: prompt harmfulness detection, response harmfulness detection, and refusal detection. GuardReasoner showed notable improvements over existing models, such as surpassing GPT-4o+CoT by 5.74% and LLaMA Guard 3 8B by 20.84% in F1 score across various datasets.

The paper reports that GuardReasoner achieves superior performance on benchmarks involving adversarial prompts, demonstrating enhanced proficiency in navigating complex and potentially misleading inputs. Moreover, the model exhibits significant gains in generalizability and explainability by offering detailed reasoning processes alongside moderation results.

Practical and Theoretical Implications

The introduction of GuardReasoner holds substantial implications for both theory and practice. Practically, it provides a robust framework to elevate the safety protocols associated with LLMs, enhancing their usability in industries reliant on AI-driven decision-making. Theoretically, it underscores the importance of integrating advanced reasoning mechanisms into safeguard systems, thus laying a foundation for further improvements in AI alignment and interpretability.

The open-source availability of the GuardReasoner dataset, code, and models fosters transparency and enables further advancements in the domain. GuardReasoner contributes to a growing body of research focused on aligning LLM outputs with human safety and ethical standards.

Future Directions

Looking forward, the research suggests several pathways for innovation. One potential direction involves optimizing the balance between reasoning depth and computational efficiency, as more intricate reasoning processes could increase inference latency. Another avenue pertains to extending the applicability of reasoning-based safeguards beyond textual data to encompass multimodal content, broadening the application spectrum of LLMs.

In summary, the paper presents GuardReasoner as a comprehensive solution for enhancing LLM safety through reasoning-centric guard models. The described methodologies, extensive experimentation, and open dissemination of resources constitute a meaningful progression in achieving more reliable, interpretable, and generalizable AI systems.