Guozhen AIGlobal AI field notes and model intelligence

Realtime AI News

Ant Group Open-Sources SingGuard-NSFA: A New Security Guardrail Framework for Autonomous AI Agents

Ant Group has open-sourced SingGuard-NSFA, a guardrail framework designed specifically for autonomous AI agent security. The release includes four models from 0.8B to 9B parameters, all achieving over 94% F1 scores on multilingual benchmarks spanning 133 languages.

Published
蚂蚁集团开源 SingGuard-NSFA:面向自主 AI Agent 的全新安全护栏框架
Image source: ant.design

Ant Group's AI Security Lab has announced the open-source release of SingGuard-NSFA, a comprehensive guardrail framework purpose-built for autonomous AI agent security. The project is available on GitHub (inclusionAI/SingGuard-NSFA) under the Apache-2.0 license, with model weights from 0.8B to 9B parameters hosted on Hugging Face and ModelScope. A companion paper is available on arXiv (2606.22873).

As large language models evolve from text generators into autonomous agents that invoke tools, execute code, and orchestrate multi-step plans, the security threat landscape has shifted from what a model says to what an agent does. SingGuard-NSFA addresses this fundamental paradigm shift with an entirely new security architecture.

At its core is the NSFA risk taxonomy — a CIA-triad-grounded hierarchy covering 185 risk variants across 7 Level-1 domains, 28 Level-2 risks, and cross-validated against three OWASP guidelines. The taxonomy encompasses prompt injection, jailbreak, malicious code requests, sensitive information stealing, dangerous tool misuse, resource abuse, hazardous action generation, and sensitive information leakage.

Technically, SingGuard-NSFA employs a dual-mode inference architecture. Generative reasoning produces interpretable chain-of-thought analysis for compliance auditing, while discriminative classification heads enable real-time online interception at approximately 50 milliseconds. Both modes share the same frozen backbone, allowing flexible deployment based on latency requirements.

The framework features native extensibility — detecting a new risk beyond the NSFA taxonomy requires only training a lightweight classification head on the frozen backbone, with no retraining needed. This approach also works as a plug-in enhancement for other guardrails, delivering up to 17.6 F1 point improvement on Llama Guard 3.

On the data side, SingGuard-NSFA leverages 74 open-source LLMs in a four-stage synthetic data pipeline to produce over 93,000 training samples across 133 languages. All four released model sizes (0.8B, 2B, 4B, 9B) exceed 94% F1 on multilingual benchmarks, outperforming competing guardrails by 6 to 12 absolute F1 points. The models are built on the Qwen3.5-Base architecture.

The open-source release of SingGuard-NSFA represents a significant evolution from content filtering to behavioral guardrails in agent security. As AI agents accelerate their deployment in enterprise environments, a standardized framework for agent operational security is becoming critical infrastructure. By open-sourcing this system, Ant Group is positioning SingGuard-NSFA as a potential industry benchmark for community-driven agent safety standards.

Why it matters

This is the first agent security framework to combine generative reasoning with real-time discriminative classification, and its open-source release could establish a new industry benchmark for autonomous AI agent safety.

Ant GroupAI SecurityOpen SourceGuardrailsAgent
Back to realtime news

Nearby Updates

All