Abstract:Large language models increasingly stream long, reasoning-intensive responses in real time, making when to moderate as critical as whether to moderate. Existing guardrails fall into two unsatisfactory extremes: response-level methods delay intervention until the full output is generated, whereas token-level methods act on incomplete semantics, often producing unstable decisions and excessive guard invocations. To address this challenge, we propose SentGuard, a sentence-level streaming guardrail that operates in parallel with generation. A lightweight waiting buffer groups streamed tokens into sentence chunks and releases only verified chunks to the user, introducing a small offset that enables SentGuard to assess the current prefix while the target LLM decodes subsequent content. To support this, we construct StreamSafe, a benchmark with structured per-sentence annotations across 8 harm categories, capturing the evolution of safety risks across both reasoning and response segments. We further train SentGuard with a coarse-to-fine objective to detect unsafe intent as soon as it emerges at sentence boundaries. Experiments on 5 safety benchmarks show that SentGuard outperforms existing baselines, detecting 90.5% of unsafe cases within two sentences while maintaining a low streaming false-positive rate of 7.41%.
| Comments: | 16 pages, 5 figures, submitted to ARR |
| Subjects: | Computation and Language (cs.CL) |
| Cite as: | arXiv:2606.02041 [cs.CL] |
| (or arXiv:2606.02041v1 [cs.CL] for this version) | |
| https://doi.org/10.48550/arXiv.2606.02041 arXiv-issued DOI via DataCite (pending registration) |
Submission history
From: Jiaqi Yu [view email]
[v1]
Mon, 1 Jun 2026 10:30:08 UTC (5,010 KB)