ReasoningGuard: Safeguarding Large Reasoning Models with Inference-time Safety Aha Moments

Large Reasoning Models (LRMs) have demonstrated impressive performance in reasoning-intensive tasks, but they remain vulnerable to harmful content generation, particularly in the mid-to-late steps of their reasoning processes. Existing defense mechanisms, however, rely on costly fine-tuning and additional expert knowledge, which restricts their scalability. In this work, we propose ReasoningGuard, an inference-time safeguard for LRMs, which injects timely safety aha moments to steer harmless while helpful reasoning processes. Leveraging the model's internal attention behavior, our approach accurately identifies critical points in the reasoning path, and triggers spontaneous, safety-oriented reflection. To safeguard both the subsequent reasoning steps and the final answers, we further implement a scaling sampling strategy during the decoding phase, selecting the optimal reasoning path. Inducing minimal extra inference cost, ReasoningGuard effectively mitigates three types of jailbreak attacks, including the latest ones targeting the reasoning process of LRMs. Our approach outperforms seven existing safeguards, achieving state-of-the-art safety defenses while effectively avoiding the common exaggerated safety issues.

Key Contributions

• Inference-time safeguard that uses internal attention behavior to identify critical jailbreak-vulnerable points mid-reasoning in LRMs and injects safety-oriented 'aha moment' reflections
• Scaling sampling strategy during decoding that selects the optimal (safest and most helpful) reasoning path among candidates
• Outperforms seven existing safeguards on three categories of jailbreak attacks — including attacks targeting the reasoning process specifically — while minimizing exaggerated safety refusals

🛡️ Threat Analysis

Details

Similar Papers