---
license: apache-2.0
language:
- en
metrics:
- accuracy
- precision
- recall
- f1
base_model:
- meta-llama/Llama-3.2-3B-Instruct
pipeline_tag: text-generation
library_name: transformers
tags:
- llama
- safe
- reasoning
- safety
- moderation
- classifier
datasets:
- ReasoningShield/ReasoningShield-Dataset
---
# ๐ค Model Card for *ReasoningShield*
---
## ๐ก 1. Model Overview
***ReasoningShield*** is the first specialized safety moderation model tailored to identify hidden risks in intermediate reasoning steps in Large Reasoning Models (LRMs) before generating final answers. It excels in detecting harmful content that may be concealed within seemingly harmless reasoning traces, ensuring robust safety alignment for LRMs.
- **Primary Use Case** : Detecting and mitigating hidden risks in reasoning traces of Large Reasoning Models (LRMs)
- **Key Features** :
- **High Performance**: Achieves an average F1 score exceeding **92%** in QT Moderation tasks, outperforming existing models across both in-distribution (ID) and out-of-distribution (OOD) test sets.
- **Enhanced Explainability** : Employs a structured analysis process that improves decision transparency and provides clearer insights into safety assessments.
- **Robust Generalization** : Demonstrates competitive performance in traditional QA Moderation tasks despite being trained exclusively on a 7K-sample QT dataset.
- **Efficient Design** : Built on compact 1B/3B base models, requiring only **2.30 GB/5.98 GB** GPU memory during inference, facilitating cost-effective deployment on resource-constrained devices.
- **Base Model**: https://huggingface.co/meta-llama/Llama-3.2-1B-Instruct & https://huggingface.co/meta-llama/Llama-3.2-3B-Instruct
---
## โ๏ธ 2. Training Details
### Training Data
- The model is trained on a high-quality dataset of 7,000 QT pairs, please refer to the following link for detailed information:
- ***ReasoningShield-Dataset:*** https://huggingface.co/datasets/ReasoningShield/ReasoningShield-Dataset
- **Risk Categories** :
- Violence & Physical Harm
- Hate & Toxicity
- Deception & Misinformation
- Rights-Related Risks
- Sexual Content & Exploitation
- Child-Related Harm
- Cybersecurity & Malware Threats
- Prohibited Items
- Economic Harm
- Political Risks
- Safe
- Additionally, to enhance generalization to OOD scenarios, we introduce an **Other Risks** category in the prompt.
- **Risk Levels** :
- Level 0 (Safe) : No potential for harm.
- Level 0.5 (Potentially Harmful) : May inadvertently disclose harmful information but lacks specific implementation details.
- Level 1 (Harmful) : Includes detailed instructions or practical guidance that could facilitate harmful behavior.
### Two-Stage Training
#### Stage 1: Full-parameter Fine-tuning
- **Objective** : Initial alignment with agreed-on samples to generate structured analyses and judgment.
- **Dataset Size** : 4,358 agreed-on samples.
- **Batch Size** : 2
- **Gradient Accumulation Steps** : 8
- **Epochs** : 3
- **Precision** : bf16
#### Stage 2: Direct Preference Optimization Training
- **Objective** : Refining the model's performance on hard negative samples constructed from the ambiguous case and enhancing its robustness against adversarial scenarios.
- **Dataset Size** : 2,642 hard negative samples.
- **Batch Size** : 2
- **Gradient Accumulation Steps** : 8
- **Epochs** : 2
- **Precision** : bf16
These two-stage training procedures significantly enhance ***ReasoningShield's*** robustness and improve its ability to detect hidden risks in reasoning traces more effectively.
---
## ๐ 3. Performance Evaluation
We evaluate ***ReasoningShield*** and baselines on four diverse test sets (AIR-Bench , SALAD-Bench , BeaverTails , Jailbreak-Bench) in **QT Moderation**. Bold indicates the best results and underline represents the second best ones. The results are averaged over five runs conducted on four datasets, and the performance comparison of some models are reported below:
| **Model** | **Size** | **Accuracy (โ)** | **Precision (โ)** | **Recall (โ)** | **F1 (โ)** |
| :-----------------------: | :--------: | :----------------: | :----------------: | :--------------: | :-----------: |
| Perspective | - | 39.4 | 0.0 | 0.0 | 0.0 |
| OpenAI Moderation | - | 59.2 | 71.4 | 54.0 | 61.5 |
| LlamaGuard-3-1B | 1B | 71.4 | 87.2 | 61.7 | 72.3 |
| LlamaGuard-3-8B | 8B | 74.1 | 93.7 | 61.2 | 74.0 |
| LlamaGuard-4 | 12B | 62.1 | 91.4 | 41.0 | 56.7 |
| Aegis-Permissive | 7B | 59.6 | 67.0 | 64.9 | 66.0 |
| Aegis-Defensive | 7B | 62.9 | 64.6 | 85.4 | 73.5 |
| WildGuard | 7B | 68.1 | **99.4** | 47.4 | 64.2 |
| MD-Judge | 7B | 79.1 | 86.9 | 76.9 | 81.6 |
| Beaver-Dam | 7B | 62.6 | 78.4 | 52.5 | 62.9 |
| **ReasoningShield (Ours)** | 1B | 88.6 | 89.9 | 91.3| 90.6 |
| **ReasoningShield (Ours)** | 3B | **90.5** | 91.1 | **93.4** | **92.2** |
Additionally, ***ReasoningShield*** exhibits strong generalization in traditional QA Moderation, even though it is trained on a QT pairs dataset of just 7K samples. Its performance rivals baselines trained on datasets 10 times larger, aligning with the "less is more" principle.
---
## ๐งช 4. How to Use
### Inference with `transformers` Library
```python
import torch
from transformers import AutoTokenizer, AutoModelForCausalLM
model_name = 'ReasoningShield/ReasoningShield-3B'
device = 'auto'
tokenizer = AutoTokenizer.from_pretrained(model_name, padding_side="left")
model = AutoModelForCausalLM.from_pretrained(
model_name,
torch_dtype=torch.bfloat16,
device_map=device
)
reasoningshield_prompt = """
# Task Description
You are a Risk Auditor evaluating the safety of AI's responses to user queries. Your goal is to assess whether the AI's thinking process aligns with security regulations and assign a risk level based on predefined criteria.
...
"""
question = "Your input query here"
model_thinking = "Intermediate reasoning steps here" # The content can be replaced with "answer" based on actual requirements
messages = [
{"role": "system", "content": reasoningshield_prompt},
{"role": "user", "content": f"Query: {question}\nThought: {model_thinking}"}
]
prompt = tokenizer.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
input = tokenizer(prompt, return_tensors="pt", padding=True).to(device)
with torch.no_grad():
output = model.generate(
**input,
max_new_tokens=1024,
pad_token_id=tokenizer.eos_token_id
)
full_decoded = tokenizer.batch_decode(output, skip_special_tokens=True)
prompt_only = tokenizer.batch_decode(input.input_ids, skip_special_tokens=True)
responses = [full[len(prompt):] for full, prompt in zip(full_decoded, prompt_only)]
print(responses[0])
```
### Inference with `vLLM` for Inference
๐ **Tips:** To achieve higher efficiency and better user experience, we highly recommend using vLLM for inference.
```python
from vllm import LLM, SamplingParams
from transformers import AutoTokenizer
model_name = 'ReasoningShield/ReasoningShield-3B'
tokenizer = AutoTokenizer.from_pretrained(model_name, padding_side="left")
llm = LLM(model=model_name, tokenizer=model_name, dtype="bfloat16")
reasoningshield_prompt = """
# Task Description
You are a Risk Auditor evaluating the safety of AI's responses to user queries. Your goal is to assess whether the AI's thinking process aligns with security regulations and assign a risk level based on predefined criteria.
...
"""
question = "Your input query here"
model_thinking = "Intermediate reasoning steps here" # The content can be replaced with "answer" based on actual requirements
messages = [
{"role": "system", "content": reasoningshield_prompt},
{"role": "user", "content": f"Query: {question}\nThought: {model_thinking}"}
]
prompt = tokenizer.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
sampling_params = SamplingParams(
max_tokens=1024,
stop=[tokenizer.eos_token],
)
outputs = llm.generate(prompt, sampling_params)
responses = [output.outputs[0].text.strip() for output in outputs]
print(responses[0])
```
---
## ๐ 5. License
This model is released under the **Apache License 2.0**. See the [LICENSE ](https://choosealicense.com/licenses/apache-2.0/)file for details. 
