👉 (Dec-2024) Granite-Guardian-3.1 has landed! Updated notebooks, documentation, and results!
👉 (Dec-2024) Added 📚 technical report for Granite-Guardian-3.0
The Granite Guardian models are a collection of models designed to detect risks in prompts and responses. Trained on instruction fine-tuned Granite languages models, these models can help with risk detection along many key dimensions catalogued in the IBM AI Risk Atlas. These models are trained on unique data comprising human annotations from socioeconomically diverse people and synthetic data informed by internal red-teaming. They outperform similar models on standard benchmarks.
-
Granite Guardian Collection:
-
Granite Guardian Recipes:
- 📕 Quick Start Guide provides steps to start using Granite Guardian for detecting risks in prompts (user message), responses (assistant message), RAG use cases, or agentic workflows.
- 📕 Detailed Guide explores different risk dimensions in depth and shows how to assess custom risk definitions with Granite Guardian.
- 📕 Usage Governance Workflow outlines steps for users investigating AI risks within a use-case, incentivizing them to explore risks from the IBM AI Risk Atlas using Granite Guardian.
- 📕 Hate, Abuse, and Profanity (HAP) Detection
-
Demos:
-
Additional Resources:
- 🤗 Datasets - SocialStigmaQA, SocialStigmaQA-JA, AttaQ, ProvoQ, WikiContradict
-
Website: Granite Guardian Docs
-
License: Apache 2.0
Granite Guardian is useful for risk detection use-cases which are applicable across a wide-range of enterprise applications -
- Detecting harm-related risks within prompt text or model response (as guardrails). These present two fundamentally different use cases as the former assesses user supplied text while the latter evaluates model generated text.
- RAG (retrieval-augmented generation) use-case where the guardian model assesses three key issues: context relevance (whether the retrieved context is relevant to the query), groundedness (whether the response is accurate and faithful to the provided context), and answer relevance (whether the response directly addresses the user's query).
- Function calling risk detection within agentic workflows, where Granite Guardian evaluates intermediate steps for syntactic and semantic hallucinations. This includes assessing the validity of function calls and detecting fabricated information, particularly during query translation.
- Granite Guardian models must only be used strictly for the prescribed scoring mode, which generates yes/no outputs based on the specified template. Any deviation from this intended use may lead to unexpected, potentially unsafe, or harmful outputs. The model may also be prone to such behaviour via adversarial attacks.
- The model is targeted for risk definitions of general harm, social bias, profanity, violence, sexual content, unethical behavior, jailbreaking, or groundedness/relevance for retrieval-augmented generation, and function calling hallucinations for agentic workflows. It is also applicable for use with custom risk definitions, but these require testing.
- The model is only trained and tested on English data.
- Given their parameter size, the main Granite Guardian models are intended for use cases that require moderate cost, latency, and throughput such as model risk assessment, model observability and monitoring, and spot-checking inputs and outputs. Smaller models, like the Granite-Guardian-HAP-38M for recognizing hate, abuse and profanity can be used for guardrailing with stricter cost, latency, or throughput requirements.
Following the general harm definition, Granite-Guardian-3.1-2B is evaluated across the standard benchmarks of Aeigis AI Content Safety Dataset, ToxicChat, HarmBench, SimpleSafetyTests, BeaverTails, OpenAI Moderation data, SafeRLHF and xstest-response. With the risk definition set to jailbreak, the model gives a recall of 0.90 for the jailbreak prompts within ToxicChat dataset.
Following plot compares F1 scores for different models across the benchmark datasets. IBM Granite-Guardian-3.1-8B outperforms 3.0 as well as Llama-Guard-8B with +7 points increase in average F1-score on risk detection public benchmarks
For risks in RAG use cases, the model is evaluated on TRUE benchmarks. IBM Granite-Guardian-3.1-8B is competitive with a SOTA specialized model – Bespoke-Minicheck-7B
The model performance is evaluated on the DeepSeek generated samples from APIGen dataset, the ToolAce dataset, and different splits of the BFCL v2 datasets. For DeepSeek and ToolAce dataset, synthetic errors are generated from mistralai/Mixtral-8x22B-v0.1 teacher model. For the others, the errors are generated from existing function calling models on corresponding categories of the BFCL v2 dataset.
| Metric | multiple | simple | parallel | parallel_multiple | javascript | java | deepseek | toolace |
|---|---|---|---|---|---|---|---|---|
| AUC | 0.68 | 0.71 | 0.72 | 0.70 | 0.65 | 0.74 | 0.82 | 0.76 |
Granite Guardian 3.1 models are trained on a combination of human annotated and synthetic data. Samples from hh-rlhf dataset were used to obtain responses from Granite and Mixtral models. These prompt-response pairs were annotated for different risk dimensions by a group of people at DataForce. DataForce prioritizes the well-being of its data contributors by ensuring they are paid fairly and receive livable wages for all projects. Additional synthetic data was used to supplement the training set to improve performance for hallucination and jailbreak related risks.
| Year of Birth | Age | Gender | Education Level | Ethnicity | Region |
|---|---|---|---|---|---|
| Prefer not to say | Prefer not to say | Male | Bachelor | African American | Florida |
| 1989 | 35 | Male | Bachelor | White | Nevada |
| Prefer not to say | Prefer not to say | Female | Associate's Degree in Medical Assistant | African American | Pennsylvania |
| 1992 | 32 | Male | Bachelor | African American | Florida |
| 1978 | 46 | Male | Bachelor | White | Colorado |
| 1999 | 25 | Male | High School Diploma | Latin American or Hispanic | Florida |
| Prefer not to say | Prefer not to say | Male | Bachelor | White | Texas |
| 1988 | 36 | Female | Bachelor | White | Florida |
| 1985 | 39 | Female | Bachelor | Native American | Colorado / Utah |
| Prefer not to say | Prefer not to say | Female | Bachelor | White | Arkansas |
| Prefer not to say | Prefer not to say | Female | Master of Science | White | Texas |
| 2000 | 24 | Female | Bachelor of Business Entrepreneurship | White | Florida |
| 1987 | 37 | Male | Associate of Arts and Sciences - AAS | White | Florida |
| 1995 | 29 | Female | Master of Epidemiology | African American | Louisiana |
| 1993 | 31 | Female | Master of Public Health | Latin American or Hispanic | Texas |
| 1969 | 55 | Female | Bachelor | Latin American or Hispanic | Florida |
| 1993 | 31 | Female | Bachelor of Business Administration | White | Florida |
| 1985 | 39 | Female | Master of Music | White | California |
@misc{padhi2024graniteguardian,
title={Granite Guardian},
author={Inkit Padhi and Manish Nagireddy and Giandomenico Cornacchia and Subhajit Chaudhury and Tejaswini Pedapati and Pierre Dognin and Keerthiram Murugesan and Erik Miehling and Martín Santillán Cooper and Kieran Fraser and Giulio Zizzo and Muhammad Zaid Hameed and Mark Purcell and Michael Desmond and Qian Pan and Zahra Ashktorab and Inge Vejsbjerg and Elizabeth M. Daly and Michael Hind and Werner Geyer and Ambrish Rawat and Kush R. Varshney and Prasanna Sattigeri},
year={2024},
eprint={2412.07724},
archivePrefix={arXiv},
primaryClass={cs.CL},
url={https://arxiv.org/abs/2412.07724},
}