The reviewed record of science sign in
Pith

arxiv: 2411.10414 · v1 · pith:3W3C3MKA · submitted 2024-11-15 · cs.CV · cs.CL

Llama Guard 3 Vision: Safeguarding Human-AI Image Understanding Conversations

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:3W3C3MKArecord.jsonopen to challenge →

classification cs.CV cs.CL
keywords llamaguardvisionimagemultimodalhuman-aiclassificationcontent
0
0 comments X
read the original abstract

We introduce Llama Guard 3 Vision, a multimodal LLM-based safeguard for human-AI conversations that involves image understanding: it can be used to safeguard content for both multimodal LLM inputs (prompt classification) and outputs (response classification). Unlike the previous text-only Llama Guard versions (Inan et al., 2023; Llama Team, 2024b,a), it is specifically designed to support image reasoning use cases and is optimized to detect harmful multimodal (text and image) prompts and text responses to these prompts. Llama Guard 3 Vision is fine-tuned on Llama 3.2-Vision and demonstrates strong performance on the internal benchmarks using the MLCommons taxonomy. We also test its robustness against adversarial attacks. We believe that Llama Guard 3 Vision serves as a good starting point to build more capable and robust content moderation tools for human-AI conversation with multimodal capabilities.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 21 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. MIRAGE: Protecting against Malicious Image Editing via False Moderation

    cs.CR 2026-06 unverdicted novelty 7.0

    MIRAGE immunizes images by crafting perturbations that align them with policy-violating concepts in open-source moderation models, triggering refusals in closed-source commercial image editors at over 88% success rate.

  2. MIRAGE: Protecting against Malicious Image Editing via False Moderation

    cs.CR 2026-06 unverdicted novelty 7.0

    MIRAGE immunizes images by aligning them to policy-violating concepts in open-source moderation embedding spaces, triggering automatic refusals in commercial image editing APIs with over 88% success.

  3. Human-Guided Harm Recovery for Computer Use Agents

    cs.AI 2026-04 conditional novelty 7.0

    A reward model trained on 1,130 human preference judgments outperforms base agents by 120 Elo points on a 50-task benchmark for recovering from harmful states in computer-use environments.

  4. RailVQA: A Benchmark and Framework for Efficient Interpretable Visual Cognition in Automatic Train Operation

    cs.CV 2026-03 unverdicted novelty 7.0

    RailVQA-bench supplies 21,168 QA pairs for ATO visual cognition while RailVQA-CoM combines large-model reasoning with small-model efficiency via transparent modules and temporal sampling.

  5. Robust Harmful Features Under Jailbreak Attacks: Mechanistic Evidence from Attention Head Specialization in Large Language Models

    cs.CR 2026-06 unverdicted novelty 6.0

    Jailbreak attacks suppress Adversarially Compromised Heads in early layers but leave Safety-Aligned Heads robust in mid-layers, enabling competitive detection from persistent activations.

  6. What the Eyes See, the LLMs Miss: Exploiting Human Perception for Adversarial Text Attacks

    cs.CR 2026-06 unverdicted novelty 6.0

    HPAA uses typographic manipulations to create text that humans flag as harmful at 86%+ rates while LLM moderation systems detect it below 1% with only three queries.

  7. SentGuard: Sentence-Level Streaming Guardrails for Large Language Models

    cs.CL 2026-06 unverdicted novelty 6.0

    SentGuard achieves 90.5% detection of unsafe cases within two sentences at 7.41% false positive rate by operating at sentence boundaries during LLM streaming generation.

  8. Benign Inputs, Harmful Outputs: Cross-Modal Jailbreaking via Distributed Semantic Recomposition

    cs.CR 2026-06 unverdicted novelty 6.0

    DSR decomposes harmful intents into benign textual and visual primitives that MLLMs fuse into harmful outputs, achieving high attack success with low input toxicity.

  9. DMN: A Compositional Framework for Jailbreaking Multimodal LLMs with Multi-Image Inputs

    cs.CR 2026-05 unverdicted novelty 6.0

    DMN achieves over 90% attack success rate on GPT-4o, Gemini-2.5-pro and Claude Sonnet 4 by distributing instructions, supplying multimodal evidence, and adding number chain tasks across multiple images.

  10. Human-Guided Harm Recovery for Computer Use Agents

    cs.AI 2026-04 conditional novelty 6.0

    Introduces harm recovery as a post-execution safeguard for computer-use agents, operationalized via a human-preference rubric, reward model, and BackBench benchmark that shows improved recovery trajectories.

  11. Dictionary-Aligned Concept Control for Safeguarding Multimodal LLMs

    cs.LG 2026-04 unverdicted novelty 6.0

    DACO curates a 15,000-concept dictionary from 400K image-caption pairs and uses it to initialize an SAE that enables granular, concept-specific steering of MLLM activations, raising safety scores on MM-SafetyBench and...

  12. Rethinking Jailbreak Detection of Large Vision Language Models with Representational Contrastive Scoring

    cs.CR 2025-12 unverdicted novelty 6.0

    RCS learns projections on LVLM internal representations to produce contrastive scores that separate malicious jailbreaks from benign inputs, with MCD and KCD variants claiming SOTA generalization to unseen attacks.

  13. Peering Behind the Shield: Guardrail Identification in Large Language Models

    cs.CR 2025-02 unverdicted novelty 6.0

    AP-Test identifies deployed guardrails in LLMs via adversarial prompt testing and a match score metric, reporting perfect accuracy on four open-source guardrails.

  14. Robust Harmful Features Under Jailbreak Attacks: Mechanistic Evidence from Attention Head Specialization in Large Language Models

    cs.CR 2026-06 unverdicted novelty 5.0

    Jailbreak attacks suppress Adversarially Compromised Heads in early layers but leave Safety-Aligned Heads active in mid-layers, producing robust harmful features usable for competitive training-free detection.

  15. Yuvion VL: A Multimodal Foundation Model for Adversarial Content and AI Safety

    cs.CV 2026-06 unverdicted novelty 5.0

    Yuvion VL is a multimodal LLM family using adversarial-aware data construction, three-stage training, and contrastive fine-tuning that claims industry-leading safety performance on new benchmarks while retaining gener...

  16. SafeLens: Deliberate and Efficient Video Guardrails with Fast-and-Slow Screening

    cs.CV 2026-05 unverdicted novelty 5.0

    SafeLens presents a fast-and-slow video guardrail framework that filters the SafeWatch dataset to 2.4% and adds Chain-of-Thought traces to achieve state-of-the-art moderation performance at reduced inference cost.

  17. WARD: Adversarially Robust Defense of Web Agents Against Prompt Injections

    cs.CR 2026-05 unverdicted novelty 5.0

    WARD is a guard model trained on 177K web samples and adversarially hardened via attacker-guard co-evolution to achieve high recall on prompt injections with low false positives and no added latency.

  18. AgentTrust: Runtime Safety Evaluation and Interception for AI Agent Tool Use

    cs.AI 2026-05 unverdicted novelty 5.0

    AgentTrust introduces a runtime interception system for AI agent tool use that achieves 95-97% verdict accuracy on 930 safety scenarios including obfuscated shell payloads.

  19. Jailbreaking Large Language Models with Morality Attacks

    cs.CL 2026-04 unverdicted novelty 5.0

    Morality-specific jailbreak attacks expose critical vulnerabilities in both large language models and guardrail systems when handling pluralistic values.

  20. SafeVLA: Towards Safety Alignment of Vision-Language-Action Model via Constrained Learning

    cs.RO 2025-03 unverdicted novelty 5.0

    SafeVLA applies constrained reinforcement learning via CMDP min-max optimization to VLAs, cutting safety violation costs by 83.58% while preserving task success on long-horizon mobile manipulation tasks.

  21. Yuvion VL: A Multimodal Foundation Model for Adversarial Content and AI Safety

    cs.CV 2026-06 unverdicted novelty 4.0

    Yuvion VL is a multimodal foundation model trained with adversarial-aware data and contrastive fine-tuning that claims industry-leading safety performance on the authors' YVRE benchmarks while retaining general capabilities.