Thought-Aligner: Enabling Agents to Think Twice Before Acting

Background and Motivation

Large language models are moving from "talking" to "doing," shifting AI safety focus from content safety to behavioral safety. National policies in China now require agents to be safe, reliable, and trustworthy, emphasizing task understanding, permission control, and anomaly intervention.

Problem Statement

Traditional risks concentrate on generated content, but agents face risks throughout the "Thought‑Action‑Observation" loop. Unsafe behavior often originates from a seemingly benign but unsafe Thought, leading to actions like accidental deletion of important tasks or skipping verification steps.

Intercepting only at the output or action stage is either too late or overly coarse, harming agent usability.

Thought-Aligner Concept

Thought-Aligner inserts a safety correction layer after the agent generates a Thought but before any tool call or action. It modifies unsafe reasoning in a millisecond‑scale window, allowing the original agent to continue with a safer Thought.

The corrected Thought persists in context, influencing subsequent reasoning and preventing unsafe trajectories.

Key Characteristics

Lightweight and Plug‑in: No changes to the original agent model; works with both closed‑source and open‑source models as long as the intermediate Thought is accessible.

Balanced Safety vs. Utility: Instead of bluntly blocking actions, it refines risky Thoughts while preserving overall task goals, achieving a better safety‑usefulness trade‑off.

Low Latency and Deployability: Available in 1.5B and 7B sizes; the 1.5B version runs on a standard PC with sub‑100 ms per Thought correction, enabling real‑time deployment.

Data and Training

The team built a high‑risk Thought preference dataset covering ten categories (privacy, financial security, cyber security, etc.) using ReAct trajectory simulation. After data validation and repair pipelines, a two‑stage fine‑tuning produced Thought‑Aligner, which learns dynamic thought correction rather than static rules.

Experimental Results

On the ToolEmu benchmark, Thought‑Aligner raised safety from ~50 % to ~90 % (≈23 % average safety gain) while maintaining or improving helpfulness. Similar gains were observed on Agent‑SafetyBench, AgentHarm, AgentDojo, and InjecAgent.

Across multiple benchmarks, the system consistently improved safety without significantly sacrificing task performance.

Real‑World Deployment

Thought‑Aligner was integrated into the OpenClaw framework, a local AI‑agent platform capable of OS and application control. In CIK‑Bench subset tests, it markedly increased behavioral safety while preserving usefulness, demonstrating feasibility beyond simulated benchmarks.

Conclusion

Thought‑Aligner shifts safety from rule‑based interception to proactive thought correction, enabling agents to act more cautiously and reliably without crippling functionality. This approach represents a practical step toward trustworthy, action‑capable AI agents.