Update README.md

model card, summary, limitations, citation

README.md

@@ -5,41 +5,52 @@ language:
 - ko
 base_model:
 - ibm-granite/granite-3.3-2b-instruct
-pipeline_tag: text-classification
+pipeline_tag: text-generation
 library_name: transformers
+tags:
+- samsung
+- safety
+- pytorch
+- granite
+- unsafe
 ---
 
 # SGuard-ContentFilter-2B
 
-We present SGuard-v1, a safety guardrail for Large Language Models (LLMs), which comprises two specialized models designed to detect harmful content and screen adversarial prompts that work together to detect unsafe behavior and filter malicious inputs in human–AI conversational settings. 
+<p align="center">
+    <img src="./logo.png" width="720"/>
+<p>
 
-While maintaining light model size, SGuard-v1 also improves interpretability and operational usability by performing multi-class safety classification and produces binary decision scores. We release the SGuard-v1 weights here under the Apache-2.0 License to enable further research and practical deployment in AI safety.
+We present SGuard-v1, a lightweight safety guardrail for Large Language Models (LLMs), which comprises two specialized models designed to detect harmful content and screen adversarial prompts in human–AI conversational settings.
+
+While maintaining light model size, SGuard-v1 also improves interpretability for downstream use by providing multi-class safety predictions and their binary confidence scores. We release the SGuard-v1 weights here under the Apache-2.0 License to enable further research and practical deployment in AI safety.
 
 This repository hosts **SGuard-ContentFilter-2B**, which offers the following capabilities:
 
-- Identifying safety risks in LLM prompts and responses using the MLCommons hazard taxonomy, a comprehensive framework for evaluating the trust and safety of AI systems.
+- Identifying safety risks in LLM prompts and responses in accordance with the MLCommons hazard taxonomy, a comprehensive framework for evaluating the trust and safety of AI systems.
 - Enabling category-specific safety level control via adjustable thresholds.
 
 ## Model Summary
 
 Our new model, SGuard-ContentFilter-2B is based on the [IBM Granite 3.3 2B model](https://huggingface.co/ibm-granite/granite-3.3-2b-instruct/edit/main/README.md).
-It was trained on a dataset of approximately 300,000 labeled harmful prompts and responses and can be used with any open-ended or closed-ended LLM.
+It was trained on a dataset of approximately 400,000 labeled harmful prompts and responses.
 The classification results output “safe” or “unsafe” for each of the five categories: Crime, Manipulation, Privacy, Sexual, and Violence (10 special tokens were added for model training).
+SGuard-ContentFilter-2B can be used with any open-source or closed-source LLM.
 
-- **Developed by:** Reinforcement Learning Lab, AI Research Team, Samsung SDS
-- **Release Date:** 🛠️ TBD 🛠️
+- **Developed by:** AI Research Team, Samsung SDS
+- **Release Date:** 2025.11.17
 - **License:** [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)
 
 ## **Supported Languages**
-Granite 3.3 2B model supports 12 languages: English, German, Spanish, French, Japanese, Portuguese, Arabic, Czech, Italian, Korean, Dutch, and Chinese. We focused primarily on English and Korean.
+Granite 3.3 2B model supports 12 languages: English, German, Spanish, French, Japanese, Portuguese, Arabic, Czech, Italian, Korean, Dutch, and Chinese. We fine‑tuned primarily on Korean and English data; though the models may retain a non-trivial level of capability in all languages supported by the base model, we do not claim reliable coverage across other languages than Korean and English.
 
 ## Risk Category
 
 Following the standardized MLCommons hazards taxonomy, hazards have been grouped into five categories as follows to enhance model training efficiency and performance.
 <table style="width:100%; margin: auto;">
 <colgroup>
-  <col style="width:25%">
-  <col style="width:70%">
+  <col style="width:20%">
+  <col style="width:80%">
 </colgroup>
 <thead>
   <tr>
@@ -57,7 +68,7 @@ Following the standardized MLCommons hazards taxonomy, hazards have been grouped
     <td align="left">Content that spreads false or misleading narratives (e.g., conspiracy theories, disinformation), promotes extremist propaganda or political manipulation, or attempts to erode public trust through deception or targeted influence</td>
   </tr>
   <tr>
-    <td align="left">Privacy and Sensitive Personal Data Exposure</td>
+    <td align="left">Privacy and Sensitive Information Exposure</td>
     <td align="left">Content that discloses or seeks to disclose sensitive personal information about an identifiable individual without consent, in ways that could enable harm, abuse, or unwanted contact</td>
   </tr>
   <tr>
@@ -85,7 +96,10 @@ pip install vllm
 
 Then, in an environment where network connection to Hugging Face is guaranteed, run the code below.
 
-### Quickstart Examples(transformers)
+### Quickstart Examples
+
+#### Using transformers
+
 ```python
 from transformers import AutoTokenizer, AutoModelForCausalLM
 import torch
@@ -158,7 +172,8 @@ result = classify_content(prompt, response)
 print(result)
 ```
 
-### Quickstart Examples(vllm)
+#### Using vllm
+
 ```python
 import torch
 from vllm import LLM, SamplingParams
@@ -235,8 +250,6 @@ print(result)
 
 ## Evaluation Results
 
-We report partial AUROC(pAUROC) computed over the false positive rate range [0, 0.1], normalized by the maximum achievable value.
-
 <table>
     <tr>
         <th align="center">Model</th>
@@ -249,41 +262,41 @@ We report partial AUROC(pAUROC) computed over the false positive rate range [0,
     </tr>
     <tr>
         <th align="center">SGuard-ContentFilter-2B</th>
-        <th align="center">0.831</th>
-        <th align="center">0.920</th>
-        <th align="center">0.742</th>
-        <th align="center">0.723</th>
-        <th align="center">0.944</th>
-        <th align="center">0.832</th>
+        <th align="center">0.83</th>
+        <th align="center">0.92</th>
+        <th align="center">0.74</th>
+        <th align="center">0.72</th>
+        <th align="center">0.94</th>
+        <th align="center">0.83</th>
     </tr>
     <tr>
         <th align="center">Llama-Guard-4-12B</th>
-        <th align="center">0.698</th>
-        <th align="center">0.389</th>
-        <th align="center">0.739</th>
-        <th align="center">0.430</th>
-        <th align="center">0.837</th>
-        <th align="center">0.619</th>
+        <th align="center">0.70</th>
+        <th align="center">0.39</th>
+        <th align="center">0.74</th>
+        <th align="center">0.43</th>
+        <th align="center">0.84</th>
+        <th align="center">0.62</th>
     </tr>
     <tr>
         <th align="center">Kanana-Safeguard-8B</th>
-        <th align="center">0.826</th>
-        <th align="center">0.890</th>
-        <th align="center">0.728</th>
-        <th align="center">0.620</th>
-        <th align="center">0.738</th>
-        <th align="center">0.760</th>
+        <th align="center">0.83</th>
+        <th align="center">0.89</th>
+        <th align="center">0.73</th>
+        <th align="center">0.62</th>
+        <th align="center">0.74</th>
+        <th align="center">0.76</th>
     </tr>
     <tr>
         <th align="center">Qwen3Guard-Gen-4B</th>
-        <th align="center">0.852</th>
-        <th align="center">0.594</th>
-        <th align="center">0.808</th>
-        <th align="center">0.818</th>
-        <th align="center">0.878</th>
-        <th align="center">0.790</th>
+        <th align="center">0.85</th>
+        <th align="center">0.59</th>
+        <th align="center">0.81</th>
+        <th align="center">0.82</th>
+        <th align="center">0.88</th>
+        <th align="center">0.79</th>
     </tr>
-  <caption align="bottom">Table 1: Performance comparison on content safety benchmarks F1</caption>
+  <caption align="bottom">Table 1: Performance(F1 Score) comparison on content safety benchmarks</caption>
 </table>
 
 <table>
@@ -313,80 +326,27 @@ We report partial AUROC(pAUROC) computed over the false positive rate range [0,
     </tr>
   <caption align="bottom">Table 2: Performance comparison on proprietary Korean content safety benchmarks</caption>
 </table>
-
-<table>
-    <tr>
-        <th align="center">Model</th>
-        <th align="center">OpenAI Moderation</th>
-        <th align="center">ToxicChat</th>
-        <th align="center">BeaverTails</th>
-        <th align="center">XSTest</th>
-        <th align="center">Average</th>
-    </tr>
-    <tr>
-        <th align="center">SGuard-ContentFilter-2B</th>
-        <th align="center">0.742</th>
-        <th align="center">0.723</th>
-        <th align="center">0.831</th>
-        <th align="center">0.944</th>
-        <th align="center">0.810</th>
-    </tr>
-    <tr>
-        <th align="center">Llama-Guard-3-8B</th>
-        <th align="center">0.792</th>
-        <th align="center">0.542</th>
-        <th align="center">0.677</th>
-        <th align="center">0.904</th>
-        <th align="center">0.729</th>
-    </tr>
-    <tr>
-        <th align="center">Llama-Guard-4-12B</th>
-        <th align="center">0.739</th>
-        <th align="center">0.430</th>
-        <th align="center">0.698</th>
-        <th align="center">0.837</th>
-        <th align="center">0.676</th>
-    </tr>
-    <tr>
-        <th align="center">ShieldGemma-9B</th>
-        <th align="center">0.234</th>
-        <th align="center">0.181</th>
-        <th align="center">0.459</th>
-        <th align="center">0.809</th>
-        <th align="center">0.421</th>
-    </tr>
-    <tr>
-        <th align="center">Granite-Guardian-3.0-8B</th>
-        <th align="center">0.745</th>
-        <th align="center">0.649</th>
-        <th align="center">0.776</th>
-        <th align="center">0.849</th>
-        <th align="center">0.755</th>
-    </tr>
-    <tr>
-        <th align="center">Kanana-Safeguard-8B</th>
-        <th align="center">0.728</th>
-        <th align="center">0.620</th>
-        <th align="center">0.826</th>
-        <th align="center">0.738</th>
-        <th align="center">0.728</th>
-    </tr>
-  <caption align="bottom">Table 3: Extended performance F1 comparison on four English content safety benchmarks. Cited from <a href="https://arxiv.org/abs/2412.07724">IBM</a>.</caption>
-</table>
+We report partial AUROC(pAUROC) computed over the false positive rate range [0, 0.1], normalized by the maximum achievable value.
 
 ## Limitations
 
-1. Unlike typical LLMs, it cannot maintain context-based conversations. It can only classify the harmfulness of prompts and responses.
-2. It cannot classify all harmful categories that exist in the world. Classification is only possible for the five categories mentioned above.
-3. Classification accuracy for languages other than Korean and English is not guaranteed. Improvements in this area are planned for the future.
+1. These models do not guarantee 100% accuracy. For data near the decision boundary of harmfulness or under novel attack techniques, detection accuracy may degrade and the false positive rate may increase. In addition, because the safety risk taxonomy is based on common international use cases, misclassification may rise in highly specialized domains.
+
+2. We train the models to obtain high-level guardrail capability in Korean and English. We do not guarantee their performance for inputs in other languages. They may also be vulnerable to adversarial prompts that exploit low-resource languages.
+
+3. Because these models are specialized for detecting harmful prompts or responses, they do not provide the ability to continue conversations like a general-purpose LLM based on prior conversation history and context. To maintain reliable detection capability, we recommend an input length of up to 8k tokens to each model.
+
+4. Though jointly using SGuard-ContentFilter-2B and SGuard-JailbreakFilter-2B can further improve overall safety, the models detect only safety risks defined through training and therefore cannot detect all risks that may arise in novel scenarios.
 
 ## Citation
 
 ```bibtex
-@misc{SGuard-ContentFilter-2B,
-      title={SGuard Technical Report}, 
-      author={Samsung SDS},
+@misc{SGuard-v1,
+      title={SGuard-v1: Safety Guardrail for Large Language Models}, 
+      author={JoonHo Lee and HyeonMin Cho and Jaewoong Yun and Hyunjae Lee and JunKyu Lee and Juree Seok},
       year={2025},
-      url={http://arxiv.org/abs/},
+      eprint={25xx.xxxxx},
+      archivePrefix={arXiv},
+      primaryClass={cs.CL}
 }
 ```