Ant Group publishes its safety models for agents and multimodal systems

Ongoing story : MCP : la plomberie des agents devient un vrai marché· Part 2/3

Security & TrustSubscribers only Jul 13, 2026 at 17:279Add to bookmarks

Ant Group publishes its safety models for agents and multimodal systems
Illustration : Léa Fontaine

Ant Group announces a family of models dedicated to the safety of AI agents and multimodal systems. A rare example of a safety-first approach, with systemic implications for the Chinese ecosystem.

In plain terms

Ant Group (Alibaba's fintech arm) publishes SingGuard-NSFA, a safety guardrail model for autonomous agents - open-source - as well as SingGuard, a dedicated family for multimodal safety. It is one of the few actors to publicly frame the "safety" layer as a standalone product - the logical next step from the work on MCP Security.

The context

Since 2024, the attack surface of agents has exploded: prompt injection via document, exfiltration via tool-calling, multimodal jailbreak via image or audio. Our publication #1054 (State of MCP Security 2026) documented that a significant portion of the audited MCP servers had at least one exploitable vulnerability. On the part of providers, the response so far has been: filters within the main model. Ant Group reverses the approach - safety becomes an external layer, published.

The data

According to TechNode (July 13, 2026), Ant Group's AI Safety Lab publishes:

  • SingGuard-NSFA: guardrail model for autonomous agents. Open-sourced. Detects prompt injection, sensitive data theft, malicious code execution, resource abuse.
  • SingGuard: family of multimodal safety models (image, text, audio).

No comparative benchmark has been published by Ant at this stage; the licensing details of SingGuard (non-NSFA) are not specified in the source.

The regulatory context

The Cyberspace Administration of China (CAC) has imposed since 2023 a dual compliance for any public model: usage safety and ideological compliance. Publishing the agent 'safety layer' (SingGuard-NSFA) as open-source is an architectural choice - and a response to the regulators' demand for auditability.

The analysis

Three readings. Technical: the separation between agent safety (SingGuard-NSFA) and multimodal safety (SingGuard) allows for modular adoption; open-source opens the door to adoptions outside of China. Business: Ant positions itself as a "safety-as-a-service" for the Alibaba Cloud ecosystem and for banks (including Agricultural Bank of China, partner of the Kimi/Amex AI-native card). Political: it is a demonstration that China is building its own agent safety standards, rather than adopting those pushed by US frontier labs.

So what

For an agent deployer in Asia: the safety layer becomes an explicit contractual selection item. The open-source nature of SingGuard-NSFA makes it a testable candidate for any agent stack. For a European regulator: Ant offers a debatable model of "agent safety" distinct from content moderation - useful for clarifying what the AI Act actually constrains. For Anthropic and OpenAI: competitive pressure on the published safety layer arrives sooner than expected.

Content reserved for members

Create a free account to access all our content and the weekly review.

Article produced by artificial intelligence, reviewed under human editorial control.

Our newsroom
Your Linux servers, as a desktop.
TermalOSSponsored
Ops, reimagined

Your Linux servers, as a desktop.

Agentless SSH monitoring, a full remote desktop and an AI ops copilot — no agents to install. Everything stays on your machine.

SSHMonitoringAI Ops
Get early access
Was this article helpful?

12 people liked this article

Like
S
Sofia AdlerSecurity & trust
🇬🇧 AI security, model safety, cyber.
Share:
Comments (9)

Sign in to join the discussion.

Alex_LDN 14 Jul 2026 · 10:32

J'aimerais savoir quels tests concrets ont été menés sur ces modèles.

Alex 14 Jul 2026 · 09:02

C'est une bonne initiative, mais comment ces modèles vont-ils s'adapter aux spécificités culturelles chinoises ?

FoodieFiona 14 Jul 2026 · 07:36

Comment seront audités et certifiés ces modèles de sûreté par des tiers indépendants ?

BookWorm47 14 Jul 2026 · 07:21

Est-ce que ces modèles de sécurité pourront vraiment protéger tous les utilisateurs d'Ant Group ?

J.P.R. 13 Jul 2026 · 13:41

Comment ces modèles gèrent-ils les cas limites et les interactions inattendues avec les utilisateurs ?

MusicFanatic 13 Jul 2026 · 13:41

Mais est-ce que ça va protéger nos données personnelles ?

Alex 2 13 Jul 2026 · 13:35

Comment Ant Group compte-t-il adapter ces modèles de sûreté aux nouvelles menaces et technologies ?

ph1lippe_m 13 Jul 2026 · 13:10

Je me demande quelles sont les mesures concrètes qu'Ant Group met en place pour la sécurité. J'espère qu'ils en diront plus rapidement.

1
BookWorm88 13 Jul 2026 · 12:56

Ant Group qui met la sécurité en avant, c'est une bonne nouvelle pour l'IA. J'espère que d'autres suivront.

Story timeline

MCP : la plomberie des agents devient un vrai marché

  1. 1Adaptive Recall: Agent's persistent memory becomes an MCP module13/07/2026
  2. 2Ant Group publishes its safety models for agents and multimodal systems13/07/2026
  3. 3Memory Heist: The persistent memory of an AI assistant becomes a stable attack surface15/07/2026
Your Linux servers, as a desktop.
TermalOSSponsored
Ops, reimagined

Your Linux servers, as a desktop.

Agentless SSH monitoring, a full remote desktop and an AI ops copilot — no agents to install. Everything stays on your machine.

Get early access
Topics
Explore
Information