Llama Guard 3 Vision: Safeguarding Human-AI Image Understanding Conversations
Jianfeng Chi, Ujjwal Karn, Hongyuan Zhan, Eric Smith, Javier Rando, Yiming Zhang, Kate Plawiak, Zacharie Delpierre Coudert, Kartikeya Upasani, Mahesh Pasupuleti
TL;DR
This work introduces Llama Guard 3 Vision, a multimodal safeguard designed for human-AI conversations that involve images, enabling both prompt and response classification under a MVL setting. Built on Llama 3.2-Vision, it leverages a 13-category MLCommons hazard taxonomy and a structured input-output safeguarding framework, with data from a hybrid mix of human-generated and synthetic examples. Empirical results show stronger performance than GPT-4o baselines in response classification and low false positives, though prompt classification remains challenging due to image-text ambiguity; adversarial robustness tests reveal vulnerabilities that motivate combined defense strategies. The paper provides a practical baseline for multimodal safety tools and discusses limitations, threat models, and directions for strengthening robustness in real-world deployments.
Abstract
We introduce Llama Guard 3 Vision, a multimodal LLM-based safeguard for human-AI conversations that involves image understanding: it can be used to safeguard content for both multimodal LLM inputs (prompt classification) and outputs (response classification). Unlike the previous text-only Llama Guard versions (Inan et al., 2023; Llama Team, 2024b,a), it is specifically designed to support image reasoning use cases and is optimized to detect harmful multimodal (text and image) prompts and text responses to these prompts. Llama Guard 3 Vision is fine-tuned on Llama 3.2-Vision and demonstrates strong performance on the internal benchmarks using the MLCommons taxonomy. We also test its robustness against adversarial attacks. We believe that Llama Guard 3 Vision serves as a good starting point to build more capable and robust content moderation tools for human-AI conversation with multimodal capabilities.