Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DeepResearchGuard: Deep Research with Open-Domain Evaluation and Multi-Stage Guardrails for Safety

Wei-Chieh Huang, Henry Peng Zou, Yaozu Wu, Dongyuan Li, Yankai Chen, Weizhi Zhang, Yangning Li, Angelo Zangari, Jizhou Guo, Chunyu Miao, Liancheng Fang, Langzhou He, Renhe Jiang, Philip S. Yu

TL;DR

DeepResearchGuard introduces a four-stage guard framework to open-domain deep research and a comprehensive evaluation protocol that assesses both references and final reports. By incorporating memory-augmented guard agents and optional human intervention, the approach aims to prevent harmful content from propagating and to improve report quality across safety, depth, and breadth. The authors also present DRSafeBench as a rigorous safety benchmark and demonstrate across multiple LLMs that defense success rates increase while over-refusal remains controlled. Together, these contributions advance safe, scalable deep research with end-to-end safeguards and measurable safety-quality trade-offs.

Abstract

Deep research frameworks have shown promising capabilities in synthesizing comprehensive reports from web sources. While deep research possesses significant potential to address complex issues through planning and research cycles, existing frameworks are deficient in sufficient evaluation procedures and stage-specific protections. They typically treat evaluation as exact match accuracy of question-answering, but overlook crucial aspects of report quality such as credibility, coherence, breadth, depth, and safety. This oversight may result in hazardous or malicious sources being integrated into the final report. To address these issues, we introduce DEEPRESEARCHGUARD, a comprehensive framework featuring four-stage safeguards with open-domain evaluation of references and reports. We assess performance across multiple metrics, e.g., defense success rate and over-refusal rate, and five key report dimensions. In the absence of a suitable safety benchmark, we introduce DRSAFEBENCH, a stage-wise benchmark for deep research safety. Our evaluation spans diverse state-of-the-art LLMs, including GPT-4o, Gemini-2.5-flash, DeepSeek-v3, and o4-mini. DEEPRESEARCHGUARD achieves an average defense success rate improvement of 18.16% while reducing over-refusal rate by 6%. The input guard provides the most substantial early-stage protection by filtering out obvious risks, while the plan and research guards enhance citation discipline and source credibility. Through extensive experiments, we show that DEEPRESEARCHGUARD enables comprehensive open-domain evaluation and stage-aware defenses that effectively block harmful content propagation, while systematically improving report quality without excessive over-refusal rates. The code can be found via https://github.com/Jasonya/DeepResearchGuard.

DeepResearchGuard: Deep Research with Open-Domain Evaluation and Multi-Stage Guardrails for Safety

TL;DR

DeepResearchGuard introduces a four-stage guard framework to open-domain deep research and a comprehensive evaluation protocol that assesses both references and final reports. By incorporating memory-augmented guard agents and optional human intervention, the approach aims to prevent harmful content from propagating and to improve report quality across safety, depth, and breadth. The authors also present DRSafeBench as a rigorous safety benchmark and demonstrate across multiple LLMs that defense success rates increase while over-refusal remains controlled. Together, these contributions advance safe, scalable deep research with end-to-end safeguards and measurable safety-quality trade-offs.

Abstract

Deep research frameworks have shown promising capabilities in synthesizing comprehensive reports from web sources. While deep research possesses significant potential to address complex issues through planning and research cycles, existing frameworks are deficient in sufficient evaluation procedures and stage-specific protections. They typically treat evaluation as exact match accuracy of question-answering, but overlook crucial aspects of report quality such as credibility, coherence, breadth, depth, and safety. This oversight may result in hazardous or malicious sources being integrated into the final report. To address these issues, we introduce DEEPRESEARCHGUARD, a comprehensive framework featuring four-stage safeguards with open-domain evaluation of references and reports. We assess performance across multiple metrics, e.g., defense success rate and over-refusal rate, and five key report dimensions. In the absence of a suitable safety benchmark, we introduce DRSAFEBENCH, a stage-wise benchmark for deep research safety. Our evaluation spans diverse state-of-the-art LLMs, including GPT-4o, Gemini-2.5-flash, DeepSeek-v3, and o4-mini. DEEPRESEARCHGUARD achieves an average defense success rate improvement of 18.16% while reducing over-refusal rate by 6%. The input guard provides the most substantial early-stage protection by filtering out obvious risks, while the plan and research guards enhance citation discipline and source credibility. Through extensive experiments, we show that DEEPRESEARCHGUARD enables comprehensive open-domain evaluation and stage-aware defenses that effectively block harmful content propagation, while systematically improving report quality without excessive over-refusal rates. The code can be found via https://github.com/Jasonya/DeepResearchGuard.

Paper Structure

This paper contains 68 sections, 3 equations, 8 figures, 12 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Deep Research Frameworks.
  4. Evaluation for Deep Research.
  5. LLM, Agent, and Deep Research Safety.
  6. DeepResearchGuard Framework
  7. Taxonomy for Stages In DeepResearchGuard
  8. General Guard Rule for Agent in each Stage
  9. Memory Retrieval and Planning of Guard Agent
  10. Human intervention
  11. Guard Agents
  12. Input Guard Agent.
  13. Plan Guard Agent.
  14. Research Guard Agent.
  15. Output Guard Agent.
  16. ...and 53 more sections

Figures (8)

  • Figure 1: Overview of DeepResearchGuard. It operationalizes deep research via four guarded stages. The Input and Output Guard Agent share a taxonomy with severity-based interventions. The Plan Guard Agent validates plan safety and the decomposition quality issues. The Reference Guard Agent screens references and scores resources on helpfulness, reliability, and timeliness. The final report is assessed in terms of credibility, coherence, safety, depth, and breadth. The guard report is produced concurrently with the final report to users. At all stages, when agent's confidence falls below a predefined threshold, a human reviewer can accept, override, or relabel the decision.
  • Figure 2: The defense success rate and over-refusal rate for the baseline models with and without applying DeepResearchGuard.
  • Figure 2: Average report scores on five dimensions and the overall score on DRSafeBench.
  • Figure 3: Average report score across five domains with the overall score for the five ablation scenarios.
  • Figure 4: The defense success rate and over-refusal rate for the progressive ablation study.
  • ...and 3 more figures