VLMGuard-R1: Proactive Safety Alignment for VLMs via Reasoning-Driven Prompt Optimization

TL;DR

This work tackles safety alignment for vision-language models by introducing VLMGuard-R1, a proactive, model-agnostic system that rewrites user prompts at inference time. A three-stage multimodal reasoning pipeline (hindsight analysis, multimodal causal analysis, and prompt optimization) synthesizes a training dataset to learn a prompt rewriter via supervised fine-tuning, enabling $x_T' = \mathcal{R}(x_T, x_I, \mathcal{A})$ that guides safer VLM outputs without altering model parameters. Empirical results across six open-source VLMs and multiple benchmarks show consistent safety improvements, including a 43.59% average gain on SIUO, while preserving utility and maintaining reasonable inference efficiency. The approach offers a practical, plug-in safeguarding mechanism that can generalize across diverse multimodal inputs and architectures, with planned extensions to additional modalities beyond vision-language.

Abstract

Aligning Vision-Language Models (VLMs) with safety standards is essential to mitigate risks arising from their multimodal complexity, where integrating vision and language unveils subtle threats beyond the reach of conventional safeguards. Inspired by the insight that reasoning across modalities is key to preempting intricate vulnerabilities, we propose a novel direction for VLM safety: multimodal reasoning-driven prompt rewriting. To this end, we introduce VLMGuard-R1, a proactive framework that refines user inputs through a reasoning-guided rewriter, dynamically interpreting text-image interactions to deliver refined prompts that bolster safety across diverse VLM architectures without altering their core parameters. To achieve this, we devise a three-stage reasoning pipeline to synthesize a dataset that trains the rewriter to infer subtle threats, enabling tailored, actionable responses over generic refusals. Extensive experiments across three benchmarks with five VLMs reveal that VLMGuard-R1 outperforms four baselines. In particular, VLMGuard-R1 achieves a remarkable 43.59\% increase in average safety across five models on the SIUO benchmark.

Figures (6)

• Figure 1: Framework of our proposed VLMGuard-R1. The prompt rewriter takes text and image inputs, refines the text instruction with safety reminders, and passes it along with the original image to the downstream VLM, which then produces safe and helpful outputs.
• Figure 2: Pipeline for constructing multimodal reasoning-driven dataset. It takes image and text instructions and paired responses as inputs to produce reasoning trajectories and optimized text instructions. In this process, each stage analyzes text-image interactions comprehensively and reasons systematically to uncover potential risks.
• Figure 3: Safety and helpfulness of GPT-4o with VLMGuard-R1, showing consistent improvement on closed-source models.
• Figure 4: Comparison of safety and helpfulness versus inference time. VLMGuard-R1 achieves state-of-the-art safety and helpfulness with reduced inference times.
• Figure 5: Comparison of the responses generated by VLMGuard-R1 and two other baselines.