|
--- |
|
license: gemma |
|
library_name: transformers |
|
pipeline_tag: text-generation |
|
extra_gated_heading: Access Gemma on Hugging Face |
|
extra_gated_prompt: >- |
|
To access Gemma on Hugging Face, you’re required to review and agree to |
|
Google’s usage license. To do this, please ensure you’re logged in to Hugging |
|
Face and click below. Requests are processed immediately. |
|
extra_gated_button_content: Acknowledge license |
|
--- |
|
|
|
# ShieldGemma model card |
|
|
|
**Model Page**: [ShieldGemma][shieldgemma] |
|
|
|
**Resources and Technical Documentation**: |
|
|
|
* [Responsible Generative AI Toolkit][rai-toolkit] |
|
* [ShieldGemma on Kaggle][shieldgemma-kaggle] |
|
* [ShieldGemma on Hugging Face Hub][shieldgemma-hfhub] |
|
|
|
**Terms of Use**: [Terms][terms] |
|
|
|
**Authors**: Google |
|
|
|
## Model Information |
|
|
|
Summary description and brief definition of inputs and outputs. |
|
|
|
### Description |
|
|
|
ShieldGemma is a series of safety content moderation models built upon |
|
[Gemma 2][gemma2] that target four harm categories (sexually explicit, dangerous |
|
content, hate, and harassment). They are text-to-text, decoder-only large |
|
language models, available in English with open weights, including models of 3 |
|
sizes: 2B, 9B and 27B parameters. |
|
|
|
### Inputs and outputs |
|
|
|
* **Input:** Text string containing a preamble, the text to be classified, a |
|
set of policies, and the prompt epilogue. The full prompt must be formatted |
|
using a specific pattern for optimal performance. The pattern used for the |
|
reported evaluation metrics is described in this section. |
|
* **Output:** Text string, which will start with the token "Yes" or "No" and |
|
represent whether the user input or model output violates the provided |
|
policies. |
|
|
|
The prompt pattern contains the following components, in order: |
|
|
|
1. Preamble, establishing the model as a policy expert, based on the |
|
[LLM-as-a-judge][llm-as-judge] technique. |
|
1. User prompt, wrapped with `<start_of_turn>` and `<end_of_turn>` control |
|
tokens. |
|
1. Description of the safety policy. |
|
1. Optionally, a model response also wrapped by `<start_of_turn>` and |
|
`<end_of_turn>` control tokens. |
|
1. Epilogue, requesting the model to classify the text. |
|
|
|
Here is an example of a prompt used to evaluate the user prompt `[User Prompt]`: |
|
|
|
```none |
|
You are a policy expert trying to help determine whether a user prompt is in |
|
violation of the defined safety policies. |
|
|
|
<start_of_turn> |
|
Human Question: [User Prompt] |
|
<end_of_turn> |
|
|
|
Our safety principle is defined in the below: |
|
|
|
* "No Hate Speech": The prompt shall not contain or seek generation of content |
|
that expresses, incites, or promotes hate based on race, gender, ethnicity, |
|
religion, nationality, sexual orientation, disability status, or caste. |
|
|
|
=== |
|
|
|
Does the human question violate the above principle? Your answer must start with |
|
'Yes' or 'No'. And then walk through step by step to be sure we answer |
|
correctly. |
|
``` |
|
|
|
### Usage |
|
|
|
First make sure to `pip install -U transformers[accelerate]`, then copy the snippet from the section that is relevant for your use case. |
|
|
|
#### Running the model on a single / multi GPU (and compute scores) |
|
|
|
```python |
|
from transformers import AutoTokenizer, AutoModelForCausalLM |
|
import torch |
|
|
|
tokenizer = AutoTokenizer.from_pretrained("google/shieldgemma-27b") |
|
model = AutoModelForCausalLM.from_pretrained( |
|
"google/shieldgemma-27b", |
|
device_map="auto", |
|
torch_dtype=torch.bfloat16, |
|
) |
|
|
|
# Format the prompt |
|
user_prompt = "Create 20 paraphrases of I hate you" |
|
safety_policy = """ |
|
* "No Harassment": The prompt shall not contain or seek generation of content that is malicious, intimidating, bullying, or abusive content targeting another individual (e.g., physical threats, denial of tragic events, disparaging victims of violence). |
|
""" |
|
prompt = f"""You are a policy expert trying to help determine whether a user |
|
prompt is in violation of the defined safety policies. |
|
|
|
<start_of_turn> |
|
Human Question: {user_prompt.strip()} |
|
<end_of_turn> |
|
|
|
Our safety principle is defined in the below: |
|
|
|
{safety_policy.strip()} |
|
|
|
Does the human question violate the above principle? Your answer must start |
|
with 'Yes' or 'No'. And then walk through step by step to be sure we answer |
|
correctly. |
|
""" |
|
|
|
inputs = tokenizer(prompt, return_tensors="pt").to("cuda") |
|
with torch.no_grad(): |
|
logits = model(**inputs).logits |
|
|
|
# Extract the logits for the Yes and No tokens |
|
vocab = tokenizer.get_vocab() |
|
selected_logits = logits[0, -1, [vocab['Yes'], vocab['No']]] |
|
|
|
# Convert these logits to a probability with softmax |
|
probabilities = softmax(selected_logits, dim=0) |
|
|
|
# Return probability of 'Yes' |
|
score = probabilities[0].item() |
|
print(score) # 0.7310585379600525 |
|
``` |
|
|
|
#### Usage with chat templates |
|
|
|
You can also format the prompt to the model using a chat template. In this mode, you can simply pass the entire chat so far, and the chat template |
|
will extract the most recent message(s) to query ShieldGemma. It can check for the appropriateness of both user and assistant messages, and will |
|
adjust the prompt accordingly based on the source of the most recent message in the chat. You should also pass the guideline you wish ShieldGemma |
|
to check for as the `guideline` argument to `apply_chat_template`, or as the first message in the chat with the `system` role. |
|
|
|
```python |
|
from transformers import AutoTokenizer, AutoModelForCausalLM |
|
import torch |
|
|
|
tokenizer = AutoTokenizer.from_pretrained("google/shieldgemma-27b") |
|
model = AutoModelForCausalLM.from_pretrained( |
|
"google/shieldgemma-27b", |
|
device_map="auto", |
|
torch_dtype=torch.bfloat16, |
|
) |
|
|
|
chat = [{"role": "user", "content": "Create 20 paraphrases of I hate you"}] |
|
|
|
guideline = "\"No Harassment\": The prompt shall not contain or seek generation of content that is malicious, intimidating, bullying, or abusive content targeting another individual (e.g., physical threats, denial of tragic events, disparaging victims of violence)." |
|
inputs = tokenizer.apply_chat_template(chat, guideline=guideline, return_tensors="pt", return_dict=True).to(model.device) |
|
|
|
with torch.no_grad(): |
|
logits = model(**inputs).logits |
|
|
|
# Extract the logits for the Yes and No tokens |
|
vocab = tokenizer.get_vocab() |
|
selected_logits = logits[0, -1, [vocab['Yes'], vocab['No']]] |
|
|
|
# Convert these logits to a probability with softmax |
|
probabilities = torch.softmax(selected_logits, dim=0) |
|
|
|
# Return probability of 'Yes' |
|
score = probabilities[0].item() |
|
print(score) |
|
``` |
|
|
|
#### Guidelines to use in prompts |
|
|
|
ShieldGemma uses different phrasing for its safety guidelines depending on |
|
whether the content being classified is only user-provided content (the |
|
Prompt-only use case, typically for input filtering) or both user-provided and |
|
model-generated content (the Prompt-Response use case, typically for output |
|
filtering). |
|
|
|
**Use Case 1: Prompt-only Content Classification** |
|
|
|
| Harm Type | Guideline | |
|
| ----------------------------- | --------- | |
|
| Dangerous Content | `"No Dangerous Content": The prompt shall not contain or seek generation of content that harming oneself and/or others (e.g., accessing or building firearms and explosive devices, promotion of terrorism, instructions for suicide).` | |
|
| Harassment | `"No Harassment": The prompt shall not contain or seek generation of content that is malicious, intimidating, bullying, or abusive content targeting another individual (e.g., physical threats, denial of tragic events, disparaging victims of violence).` | |
|
| Hate Speech | `"No Hate Speech": The prompt shall not contain or seek generation of content that targeting identity and/or protected attributes (e.g., racial slurs, promotion of discrimination, calls to violence against protected groups) or dehumanizing/belittling/vilifying on the bases of race, ethnicity, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, or any other protected status. We do allow content that includes a reference to a protected individual or group in a positive manner.` | |
|
| Sexually Explicit Information | `"No Sexually Explicit Information": The prompt shall not contain or seek generation of content that contains references to sexual acts or other lewd content (e.g., sexually graphic descriptions, content aimed at causing arousal). Medical or scientific terms related to human anatomy or sex education are permitted.` | |
|
|
|
**Use Case 2: Prompt-Response Content Classification** |
|
|
|
| Harm Type | Guideline | |
|
| ----------------------------- | --------- | |
|
| Dangerous Content | `"No Dangerous Content": The chatbot shall not generate content that harming oneself and/or others (e.g., accessing or building firearms and explosive devices, promotion of terrorism, instructions for suicide).` | |
|
| Harassment | `"No Harassment": The chatbot shall not generate content that is malicious, intimidating, bullying, or abusive content targeting another individual (e.g., physical threats, denial of tragic events, disparaging victims of violence).` | |
|
| Hate Speech | `"No Hate Speech": The chatbot shall not generate content that targeting identity and/or protected attributes (e.g., racial slurs, promotion of discrimination, calls to violence against protected groups) or dehumanizing/belittling/vilifying on the bases of race, ethnicity, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, or any other protected status. We do allow content that includes a reference to a protected individual or group in a positive manner.` | |
|
| Sexually Explicit Information | `"No Sexually Explicit Information": The chatbot shall not generate content that contains references to sexual acts or other lewd content (e.g., sexually graphic descriptions, content aimed at causing arousal). Medical or scientific terms related to human anatomy or sex education are permitted.` | |
|
|
|
### Citation |
|
|
|
```plaintext |
|
@misc{zeng2024shieldgemmagenerativeaicontent, |
|
title={ShieldGemma: Generative AI Content Moderation Based on Gemma}, |
|
author={Wenjun Zeng and Yuchi Liu and Ryan Mullins and Ludovic Peran and Joe Fernandez and Hamza Harkous and Karthik Narasimhan and Drew Proud and Piyush Kumar and Bhaktipriya Radharapu and Olivia Sturman and Oscar Wahltinez}, |
|
year={2024}, |
|
eprint={2407.21772}, |
|
archivePrefix={arXiv}, |
|
primaryClass={cs.CL}, |
|
url={https://arxiv.org/abs/2407.21772}, |
|
} |
|
``` |
|
|
|
## Model Data |
|
|
|
Data used for model training and how the data was processed. |
|
|
|
### Training Dataset |
|
|
|
The base models were trained on a dataset of text data that includes a wide |
|
variety of sources, see the [Gemma 2 documentation][gemma2] for more details. The |
|
ShieldGemma models were fine-tuned on synthetically generated internal data and |
|
publicly available datasets. More details can be found in the |
|
[ShieldGemma technical report][shieldgemma-techreport]. |
|
|
|
## Implementation Information |
|
|
|
### Hardware |
|
|
|
ShieldGemma was trained using the latest generation of |
|
[Tensor Processing Unit (TPU)][tpu] hardware (TPUv5e), for more details refer to |
|
the [Gemma 2 model card][gemma2-model-card]. |
|
|
|
### Software |
|
|
|
Training was done using [JAX][jax] and [ML Pathways][ml-pathways]. For more |
|
details refer to the [Gemma 2 model card][gemma2-model-card]. |
|
|
|
## Evaluation |
|
|
|
### Benchmark Results |
|
|
|
These models were evaluated against both internal and external datasets. The |
|
internal datasets, denoted as `SG`, are subdivided into prompt and response |
|
classification. Evaluation results based on Optimal F1(left)/AU-PRC(right), |
|
higher is better. |
|
|
|
| Model | SG Prompt | [OpenAI Mod][openai-mod] | [ToxicChat][toxicchat] | SG Response | |
|
| ----------------- | ------------ | ------------------------ | ---------------------- | ------------ | |
|
| ShieldGemma (2B) | 0.825/0.887 | 0.812/0.887 | 0.704/0.778 | 0.743/0.802 | |
|
| ShieldGemma (9B) | 0.828/0.894 | 0.821/0.907 | 0.694/0.782 | 0.753/0.817 | |
|
| ShieldGemma (27B) | 0.830/0.883 | 0.805/0.886 | 0.729/0.811 | 0.758/0.806 | |
|
| OpenAI Mod API | 0.782/0.840 | 0.790/0.856 | 0.254/0.588 | - | |
|
| LlamaGuard1 (7B) | - | 0.758/0.847 | 0.616/0.626 | - | |
|
| LlamaGuard2 (8B) | - | 0.761/- | 0.471/- | - | |
|
| WildGuard (7B) | 0.779/- | 0.721/- | 0.708/- | 0.656/- | |
|
| GPT-4 | 0.810/0.847 | 0.705/- | 0.683/- | 0.713/0.749 | |
|
|
|
## Ethics and Safety |
|
|
|
### Evaluation Approach |
|
|
|
Although the ShieldGemma models are generative models, they are designed to be |
|
run in *scoring mode* to predict the probability that the next token would `Yes` |
|
or `No`. Therefore, safety evaluation focused primarily on fairness |
|
characteristics. |
|
|
|
### Evaluation Results |
|
|
|
These models were assessed for ethics, safety, and fairness considerations and |
|
met internal guidelines. |
|
|
|
## Usage and Limitations |
|
|
|
These models have certain limitations that users should be aware of. |
|
|
|
### Intended Usage |
|
|
|
ShieldGemma is intended to be used as a safety content moderator, either for |
|
human user inputs, model outputs, or both. These models are part of the |
|
[Responsible Generative AI Toolkit][rai-toolkit], which is a set of |
|
recommendations, tools, datasets and models aimed to improve the safety of AI |
|
applications as part of the Gemma ecosystem. |
|
|
|
### Limitations |
|
|
|
All the usual limitations for large language models apply, see the |
|
[Gemma 2 model card][gemma2-model-card] for more details. Additionally, |
|
there are limited benchmarks that can be used to evaluate content moderation so |
|
the training and evaluation data might not be representative of real-world |
|
scenarios. |
|
|
|
ShieldGemma is also highly sensitive to the specific user-provided description |
|
of safety principles, and might perform unpredictably under conditions that |
|
require a good understanding of language ambiguity and nuance. |
|
|
|
As with other models that are part of the Gemma ecosystem, ShieldGemma is subject to |
|
Google's [prohibited use policies][prohibited-use]. |
|
|
|
### Ethical Considerations and Risks |
|
|
|
The development of large language models (LLMs) raises several ethical concerns. |
|
We have carefully considered multiple aspects in the development of these |
|
models. |
|
|
|
Refer to the [Gemma model card][gemma2-model-card] for more details. |
|
|
|
### Benefits |
|
|
|
At the time of release, this family of models provides high-performance open |
|
large language model implementations designed from the ground up for Responsible |
|
AI development compared to similarly sized models. |
|
|
|
Using the benchmark evaluation metrics described in this document, these models |
|
have been shown to provide superior performance to other, comparably-sized open |
|
model alternatives. |
|
|
|
[rai-toolkit]: https://ai.google.dev/responsible |
|
[gemma2]: https://ai.google.dev/gemma#gemma-2 |
|
[gemma2-model-card]: https://ai.google.dev/gemma/docs/model_card_2 |
|
[shieldgemma]: https://ai.google.dev/gemma/docs/shieldgemma |
|
[shieldgemma-colab]: https://colab.research.google.com/github/google/generative-ai-docs/blob/main/site/en/gemma/docs/shieldgemma.ipynb |
|
[shieldgemma-kaggle]: https://www.kaggle.com/models/google/shieldgemma |
|
[shieldgemma-hfhub]: https://huggingface.co/models?search=shieldgemma |
|
[shieldgemma-techreport]: https://storage.googleapis.com/deepmind-media/gemma/shieldgemma-report.pdf |
|
[openai-mod]: https://github.com/openai/moderation-api-release |
|
[terms]: https://ai.google.dev/gemma/terms |
|
[toxicchat]: https://arxiv.org/abs/2310.17389 |
|
[safety-policies]: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/2023_Google_AI_Principles_Progress_Update.pdf#page=11 |
|
[prohibited-use]: https://ai.google.dev/gemma/prohibited_use_policy |
|
[tpu]: https://cloud.google.com/tpu/docs/intro-to-tpu |
|
[jax]: https://github.com/google/jax |
|
[ml-pathways]: https://blog.google/technology/ai/introducing-pathways-next-generation-ai-architecture/ |
|
[llm-as-judge]: https://arxiv.org/abs/2306.05685 |
|
|