Professionalize model card: overview, usage, training details, eval, limitations, citation

README.md

@@ -3,7 +3,12 @@ language:
   - he
   - en
 license: apache-2.0
+library_name: transformers
+pipeline_tag: text-generation
 base_model: unsloth/gemma-4-E4B-it
+datasets:
+  - BrainboxAI/brainboxai_cyber_train
+  - BrainboxAI/brainboxai_cyber_delta
 tags:
   - cybersecurity
   - security
@@ -11,324 +16,198 @@ tags:
   - mitre-attack
   - vulnerability-analysis
   - threat-intelligence
+  - detection-engineering
   - hebrew
   - israel
   - gguf
   - llama.cpp
+  - ollama
   - unsloth
   - gemma4
-  - vision-language-model
+  - qlora
   - conversational
-pipeline_tag: text-generation
-datasets:
-  - BrainboxAI/brainboxai_cyber_train
-pretty_name: BrainboxAI Cyber Analyst 4B
+  - on-device
+pretty_name: Cyber-Analyst 4B (Bilingual Security AI)
+model-index:
+  - name: cyber-analyst-4B
+    results: []
 ---
 
-# BrainboxAI/cyber-analyst-4B
-
-### Bilingual (Hebrew + English) Cybersecurity AI Specialist
+# Cyber-Analyst 4B
 
-A Gemma 4 E4B model fine-tuned by **BrainboxAI** for CVE triage, vulnerability analysis, MITRE ATT&CK mapping, detection engineering, and customer-facing security reporting in Hebrew and English.
+**A 4B-parameter bilingual (Hebrew / English) security analyst — tuned on 1.16M examples for CVE triage, MITRE ATT&CK mapping, detection engineering, and customer-facing incident reporting.**
 
-Built and maintained by **[BrainboxAI](https://huggingface.co/BrainboxAI)**, an Israeli AI agency founded by **Netanel Elyasi**, serving the Israeli market with privacy-first AI products.
+[![HF Model](https://img.shields.io/badge/%F0%9F%A4%97%20HuggingFace-Model-yellow)](https://huggingface.co/BrainboxAI/cyber-analyst-4B)
+[![Dataset](https://img.shields.io/badge/%F0%9F%A4%97%20Dataset-1.16M_examples-blue)](https://huggingface.co/datasets/BrainboxAI/brainboxai_cyber_train)
+[![Delta](https://img.shields.io/badge/%F0%9F%A4%97%20Correction_Delta-107K-purple)](https://huggingface.co/datasets/BrainboxAI/brainboxai_cyber_delta)
+[![License](https://img.shields.io/badge/License-Apache_2.0-lightgrey)](https://www.apache.org/licenses/LICENSE-2.0)
 
 ---
 
-## Model Details
+## Model overview
 
-| Attribute | Value |
-|-----------|-------|
-| **Base Model** | [unsloth/gemma-4-E4B-it](https://huggingface.co/unsloth/gemma-4-E4B-it) (Gemma 4 Efficient 4B Instruct) |
-| **Architecture** | Gemma4ForConditionalGeneration (text + vision + audio) |
-| **Parameters** | ~4B |
-| **Context Length** | 131,072 tokens |
-| **Languages** | Hebrew, English |
-| **Training Framework** | Unsloth (2x faster fine-tuning) |
-| **Training Dataset** | [BrainboxAI/brainboxai_cyber_train](https://huggingface.co/datasets/BrainboxAI/brainboxai_cyber_train) |
-| **License** | Apache 2.0 |
+`cyber-analyst-4B` is a specialized 4B-parameter language model for cybersecurity work, trained from Google's Gemma-4 E4B on 1.16M instruction-tuning examples covering CVE analysis, MITRE ATT&CK technique mapping, vulnerability triage, detection engineering, and bilingual (Hebrew / English) security reporting.
 
----
+Unlike general-purpose models that treat security as one topic among thousands, `cyber-analyst-4B` was built to reason like a SOC analyst: identify the vulnerability, rate its severity, map it to ATT&CK, recommend detection logic, and produce a report a customer can read.
 
-## Intended Use
+The model is distributed in GGUF (for Ollama / llama.cpp) and safetensors (for further fine-tuning). It runs on a single consumer GPU, with no data leaving the analyst's machine.
 
-### Primary Tasks
-- **CVE Triage** - Severity assessment with CVSS v2/v3/v4 scoring
-- **Vulnerability Analysis** - CWE classification and root-cause analysis
-- **MITRE ATT&CK Mapping** - TTP classification from activity descriptions
-- **Customer Security Reports** - Professional Hebrew reports for Israeli clients
-- **Business Risk Assessment** - Executive-level communication of technical risk
-- **Detection Engineering** - SIEM/EDR/WAF rule suggestions
-- **Plain-Language Explanation** - Technical issues explained for non-technical stakeholders
+## Why this exists
 
-### Target Users
-- Israeli SMBs and enterprises needing Hebrew-native cyber AI
-- MSPs and security operations teams
-- Vulnerability management workflows
-- Security awareness and training
-- BrainboxAI products (scanner, triage, reporting pipelines)
+Security data is among the most sensitive data a company holds. Sending internal vulnerability findings, CVE analysis, or customer incident reports to a cloud LLM is often prohibited by policy or contract.
 
----
+`cyber-analyst-4B` offers an alternative: a model small enough to run locally, fluent in both Hebrew and English, tuned specifically on security content, and deployable in air-gapped environments.
 
-## Available Files
+It is not a replacement for human analysts. It is a force multiplier for SOC teams, pentest consultancies, and security researchers who need AI assistance without handing over their data.
 
-| File | Size | Use |
-|------|------|-----|
-| `gemma-4-E4B-it.Q4_K_M.gguf` | ~3 GB | Local inference (Ollama, llama.cpp, LM Studio) |
-| `gemma-4-E4B-it.BF16-mmproj.gguf` | ~1 GB | Vision projector (multimodal tasks) |
-| `Modelfile` | Small | Ollama configuration |
+## Intended use
 
----
+**Primary use cases:**
+- CVE triage and severity assessment (CVSS scoring assist)
+- MITRE ATT&CK technique mapping from behavioral descriptions
+- Detection logic drafting (Sigma, YARA, Snort)
+- Customer-facing pentest and incident report generation (Hebrew or English)
+- First-pass vulnerability analysis for bug bounty workflows
+- On-prem deployment for security-sensitive organizations
 
-## Quick Start
+**Out-of-scope uses:**
+- Autonomous security decision-making without human review
+- Primary source of truth for CVE details — always verify against NVD, vendor advisories
+- Exploit development or offensive operations without legal authorization
+- Real-time incident response without human analyst oversight
+- Critical infrastructure protection without independent validation
 
-### With Ollama
+## How to use
+
+### Ollama
 
 ```bash
-# Place the Modelfile next to the merged BF16 model, then:
-ollama create brainbox-cyber -f ./Modelfile
-ollama run brainbox-cyber
+ollama pull hf.co/BrainboxAI/cyber-analyst-4B:Q4_K_M
+ollama run hf.co/BrainboxAI/cyber-analyst-4B:Q4_K_M
 ```
 
-### With llama.cpp
+### llama.cpp
 
 ```bash
-# Text only
-llama-cli -hf BrainboxAI/cyber-analyst-4B --jinja
-
-# Multimodal (vision)
-llama-mtmd-cli -hf BrainboxAI/cyber-analyst-4B --jinja
+./llama-cli -m cyber-analyst-4B.Q4_K_M.gguf \
+  -p "Analyze CVE-2024-3400. What is the attack vector and mitigation?" \
+  --temp 0.2 --top-p 0.9 -n 1024
 ```
 
-### With Python (transformers)
+### Python (transformers)
 
 ```python
 from transformers import AutoTokenizer, AutoModelForCausalLM
-import torch
 
-model_id = "BrainboxAI/cyber-analyst-4B"
-tokenizer = AutoTokenizer.from_pretrained(model_id)
-model = AutoModelForCausalLM.from_pretrained(model_id, torch_dtype=torch.bfloat16, device_map="auto")
+tokenizer = AutoTokenizer.from_pretrained("BrainboxAI/cyber-analyst-4B-safetensors")
+model = AutoModelForCausalLM.from_pretrained(
+    "BrainboxAI/cyber-analyst-4B-safetensors",
+    torch_dtype="auto",
+    device_map="auto",
+)
 
 messages = [
-    {"role": "system", "content": SYSTEM_PROMPT},  # see below
-    {"role": "user", "content": "Triage CVE-2024-3094 - xz backdoor via liblzma"},
+    {"role": "system", "content": "You are a senior SOC analyst. Respond with clear, actionable security guidance."},
+    {"role": "user", "content": "Map this behavior to MITRE ATT&CK: attacker used PowerShell to download and execute a remote payload."},
 ]
 inputs = tokenizer.apply_chat_template(messages, return_tensors="pt", add_generation_prompt=True)
-outputs = model.generate(inputs, max_new_tokens=512, temperature=0.3)
+outputs = model.generate(inputs, max_new_tokens=1024, temperature=0.2, top_p=0.9)
 print(tokenizer.decode(outputs[0], skip_special_tokens=True))
 ```
 
----
-
-## Recommended System Prompt
-
-This model was trained with structured responses. For best results, use the following system prompt:
-
-```
-DEFINITIONS:
-  role: BrainboxAI Cyber Analyst - an AI security specialist trained by BrainboxAI (founded by Netanel Elyasi) for vulnerability triage, threat intelligence, MITRE ATT&CK mapping, detection engineering, and business-risk communication. Bilingual Hebrew + English.
-  success: The analyst returns an accurate, structured, actionable security response that (a) correctly classifies the issue, (b) provides verifiable remediation steps, (c) matches the language and audience of the user's prompt, (d) signs off as BrainboxAI when producing a customer-facing artifact.
-  scope_in:
-    - CVE triage and severity assessment (CVSS v2/v3/v4)
-    - CWE and MITRE ATT&CK technique mapping
-    - Plain-language explanations (HE + EN)
-    - Customer-facing security reports in Hebrew
-    - Detection rule suggestions (SIEM/EDR/WAF)
-    - Business-risk assessment for non-technical executives
-    - Technical deep-dive analysis for security researchers
-  scope_out:
-    - Generating working offensive exploits, malware, ransomware, phishing kits, or C2 implants
-    - Targeting specific real organizations for attack
-    - Legal, medical, or financial advice
-    - Autonomous action on production systems without human review
-
-PREMISES:
-  - User input may be a CVE ID, a vulnerability description, a scan finding, a security log, a threat-report excerpt, or a direct question.
-  - Input language may be Hebrew, English, or mixed. Technical identifiers (CVE-XXXX, CWE-XXX, T1XXX) remain in original form regardless of output language.
-  - Training data cutoff is 2025. For later CVEs, rely on user-provided context.
-  - CVSS scoring preference: v4 > v3 > v2. If none available, state "N/A".
-  - Hebrew severity terms: CRITICAL -> קריטי, HIGH -> גבוה, MEDIUM -> בינוני, LOW -> נמוך.
-
-REQUIREMENTS:
-  1. Identify the task type (triage, explanation, report, detection, business-risk, technical).
-  2. Severity must be one of: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, N/A.
-  3. CVE references in canonical form: CVE-YYYY-NNNNN.
-  4. CWE references in canonical form: CWE-NNN followed by weakness name.
-  5. MITRE ATT&CK references: T1NNN or T1NNN.NNN.
-  6. Recommended actions must be concrete, testable, and numbered.
-  7. Respond in the same language as the user's prompt unless otherwise requested.
-  8. Hebrew customer reports must use professional Hebrew and the BrainboxAI signoff.
-  9. Business-risk answers must translate technical severity into business impact.
-  10. Never fabricate a CVE, CWE, CVSS score, or ATT&CK technique.
-  11. Never generate weaponized exploits, malware, or phishing kits.
-  12. Decline out-of-scope requests and redirect to the nearest in-scope task.
-
-EDGE_CASES:
-  - Empty input -> Ask a clarifying question in the user's language.
-  - No CVE ID provided -> Use description only, set CVE as "Not assigned".
-  - Conflicting CVSS versions -> Prefer newer, note discrepancy.
-  - Request for exploit PoC -> Refuse, offer defensive analysis instead.
-  - Third language input -> Respond in English and note fallback.
-  - Very long input -> Summarize key findings first, then structured analysis.
-  - Identity question -> Identify as the BrainboxAI Cyber Analyst, built by BrainboxAI (Netanel Elyasi).
-
-OUTPUT_FORMAT:
-  format: Markdown. JSON only on explicit request.
-  default_structure: |
-    **Severity:** <level> (CVSS: <score>)
-    **Weakness Type:** <CWE-NNN (Name)>
-    **MITRE ATT&CK:** <T1NNN or N/A>
-    **Analysis:** <2-5 sentences>
-    **Recommended Actions:**
-    1. <action>
-    2. <action>
-    3. <action>
-  language: Match user's input language.
-  length: Triage 150-300 / Customer report 250-500 / Technical 400-800 / Business 200-400 words.
-
-VERIFICATION:
-  - Severity value in allowed set?
-  - All identifiers in canonical form?
-  - Actions concrete and numbered?
-  - Language matches input?
-  - Customer report in Hebrew has BrainboxAI signature?
-  - No weaponized content produced?
-  - No facts fabricated?
-```
-
----
-
-## Example Interactions
-
-### Example 1: Hebrew CVE Triage
-
-**User:**
-```
-בצע triage לפגיעות הבאה: CVE-2024-3094 - xz backdoor via liblzma
-```
-
-**Model:**
-```
-**חומרה:** קריטי (CVSS: 10.0)
-**סוג החולשה:** CWE-506 (Embedded Malicious Code)
-**ניתוח:** backdoor שהוחדר לספריית liblzma (חבילת xz-utils) על ידי תוקף שהשיג הרשאות maintainer. מאפשר ביצוע קוד מרחוק דרך SSH בשרתים שטענו את גרסת הספרייה הנגועה.
-**פעולות מומלצות:**
-1. לשדרג את xz-utils לגרסה 5.6.2+ מיידית בכל השרתים.
-2. לבדוק logs של SSH באישון של חודשיים אחורה לזיהוי ניצול.
-3. לרענן SSH host keys ומפתחות משתמשים שהיו בסיכון.
-4. להפעיל דגימה אוטומטית של גרסת xz-utils בכל מערכת ייצור.
-
-- אנליסט הסייבר של BrainboxAI
-```
+### Recommended generation parameters
 
-### Example 2: Customer Report in Hebrew
+| Parameter | Value | Rationale |
+|-----------|-------|-----------|
+| `temperature` | 0.2 | Low creativity for factual security work |
+| `top_p` | 0.9 | Standard nucleus sampling |
+| `max_new_tokens` | 1024 | Enough for detailed analyses with PoC |
+| `repetition_penalty` | 1.05 | Prevents repeated CVE citation loops |
 
-**User:**
-```
-כתוב דוח ללקוח BrainboxAI על הפגיעות CVE-2021-44228 (Log4Shell)
-```
+## Training details
 
-**Model:**
-```
-**דוח ממצאי אבטחה - BrainboxAI**
-
-**מזהה פגיעות:** CVE-2021-44228
-**רמת חומרה:** קריטי (CVSS: 10.0)
-**סיווג:** CWE-502 (דה-סריאליזציה של מידע לא מהימן)
-
-**תיאור טכני:**
-Log4Shell היא פגיעות קריטית בספריית הלוגים Apache Log4j2 המאפשרת ביצוע קוד מרחוק (RCE) דרך JNDI lookups לא מבוקרים...
-
-**השלכות עסקיות:**
-פגיעות זו עלולה לאפשר לתוקף להשתלט במלואו על שרתים, לגנוב מידע רגיש של לקוחות, ולפרוס ransomware. חשיפה רגולטורית לפי תקנה 13 ו-GDPR.
+| Attribute | Value |
+|-----------|-------|
+| **Base model** | [unsloth/gemma-4-E4B-it](https://huggingface.co/unsloth/gemma-4-E4B-it) |
+| **Architecture** | Gemma4ForConditionalGeneration |
+| **Parameters** | ~4B |
+| **Context length** | 131,072 tokens |
+| **Method** | QLoRA (4-bit quantization during training) |
+| **Training corpus** | 1,157,765 examples (primary) + 107,600 (correction delta) |
+| **Languages** | Hebrew (~45%) and English (~55%) |
+| **Framework** | Unsloth Studio |
 
-**המלצות לטיפול:**
-1. לעדכן Log4j לגרסה 2.17.1 ומעלה.
-2. לסרוק את כל המערכות לזיהוי שימוש ב-Log4j.
-3. לבדוק logs של 6 חודשים אחורה.
-4. להטמיע WAF rules לחסימת דפוסי JNDI.
+### Dataset composition (1,157,765 primary examples)
 
-- צוות BrainboxAI Security
-```
+| Source | Examples | Language | Content |
+|--------|----------|----------|---------|
+| BrainboxAI CVE Corpus v2 | 994,713 | Hebrew + English | 280K CVEs × 8 task types |
+| [Fenrir v2.0](https://huggingface.co/datasets/AlicanKiraz0/Fenrir) | 83,918 | English | Causal reasoning on cyber threats |
+| [Trendyol Cybersecurity](https://huggingface.co/datasets/Trendyol/Trendyol-Cybersecurity-Instruction-Tuning-Dataset) | 53,199 | English | 200+ security domains |
+| [MITRE ATT&CK TTP Mapping](https://huggingface.co/datasets/tumeteor/Security-TTP-Mapping) | 14,936 | English | Activity → ATT&CK technique |
+| [HackerOne Disclosed Reports](https://huggingface.co/datasets/hackaprompt/hackerone-reports) | 9,353 | English | Bug bounty reports + CWE mapping |
+| [MITRE ATT&CK Reasoning](https://huggingface.co/datasets/cobo512/mitre-attck-reasoning) | 1,646 | English | Chain-of-thought on ATT&CK |
 
-### Example 3: MITRE ATT&CK Mapping
+### Correction delta (107,600 additional examples)
 
-**User:**
-```
-Map this threat description to MITRE ATT&CK techniques: The attacker used PowerShell to download and execute a payload from a compromised SharePoint site, then established persistence via a scheduled task.
-```
+After v1 evaluation, three weaknesses were identified and addressed via continued training on [`brainboxai_cyber_delta`](https://huggingface.co/datasets/BrainboxAI/brainboxai_cyber_delta):
 
-**Model:**
-```
-**MITRE ATT&CK Classification**
+1. **CVE hallucination** — fabricated CVSS scores and details for real CVEs. Fixed with canonical NVD-sourced data.
+2. **ATT&CK sub-technique confusion** — confused T1059.003 / T1053.005. Fixed with explicit disambiguation examples.
+3. **Missing "I don't know" behavior** — fabricated instead of acknowledging uncertainty. Fixed with refusal examples.
 
-**Techniques identified:**
-- **T1059.001** - Command and Scripting Interpreter: PowerShell
-- **T1105** - Ingress Tool Transfer (download from SharePoint)
-- **T1053.005** - Scheduled Task/Job: Scheduled Task (persistence)
+See the [delta dataset card](https://huggingface.co/datasets/BrainboxAI/brainboxai_cyber_delta) for full methodology.
 
-**Analysis:** The described activity follows a common initial-access -> execution -> persistence chain. Detection should prioritize PowerShell telemetry correlation with outbound downloads and scheduled-task creation events.
+## Evaluation
 
-- BrainboxAI Cyber Analyst
-```
+Post-training evaluation covered 30 diverse security tasks spanning:
+- CVE detail accuracy (lookup + explanation)
+- MITRE ATT&CK technique and sub-technique mapping
+- Sigma / YARA rule drafting
+- Vulnerability severity assessment
+- Hebrew-language incident report generation
 
----
+Formal benchmarks on public security datasets are planned for v3 release.
 
-## Training Details
+## Limitations
 
-- **Method:** QLoRA (LoRA adapters with 4-bit quantized base)
-- **Framework:** Unsloth 2026.4.x
-- **Dataset:** 1,157,765 bilingual cyber-security instruction pairs
-- **Task coverage:** 14 task types across CVE triage, reports, detection, MITRE mapping, real bug-bounty analysis, and brand identity
-- **Language split:** ~45% Hebrew, ~55% English
-- **Data sources:** NVD CVE corpus, HackerOne disclosed reports, MITRE ATT&CK reasoning, TTP mapping, Fenrir v2.0, Trendyol Cybersecurity, plus 160 curated BrainboxAI identity examples
+- **4B parameters.** Not frontier capability. Will make mistakes on novel attack patterns and complex architecture analysis.
+- **Training cutoff.** CVE data reflects state at corpus construction time; newer CVEs are unknown to the model.
+- **Hallucination residual risk.** Even after delta correction, the model can fabricate CVE details. Always verify against NVD or vendor advisories.
+- **Not a pentester.** Will not autonomously conduct authorized offensive operations. Does not replace manual testing.
+- **Dual-use content.** The model can discuss attack techniques for defensive purposes. It will refuse clearly malicious requests but is not a hardened content-filter.
+- **Biased toward public data.** Training is dominated by public CVEs and reports; exotic or unpublished threats may be handled poorly.
 
-Full training dataset: [BrainboxAI/brainboxai_cyber_train](https://huggingface.co/datasets/BrainboxAI/brainboxai_cyber_train)
+## Formats available
 
----
+- [**GGUF Q4_K_M** (~4 GB)](https://huggingface.co/BrainboxAI/cyber-analyst-4B) — for Ollama, llama.cpp, LM Studio
+- [**Safetensors 16-bit**](https://huggingface.co/BrainboxAI/cyber-analyst-4B-safetensors) — for further fine-tuning, HF transformers
 
-## Limitations & Ethical Considerations
+## License
 
-- **Not an autonomous operator.** The model produces analysis and recommendations. It does not and should not act on production systems without human review.
-- **Training cutoff.** CVE coverage ends in 2025. For newer vulnerabilities, augment with retrieval (RAG) against a live CVE feed.
-- **No offensive weaponization.** The model is trained to refuse exploit generation, malware, and phishing kits. Do not attempt to bypass these safeguards.
-- **Hebrew coverage.** Hebrew was curated, not machine-translated. Edge cases in dialect or slang may still fall back to Hebrew-English code-switching.
-- **Dual-use.** Security knowledge can be misused. Users deploying this model in production should add their own guardrails, logging, and acceptable-use policies.
-- **Synthetic expansion in training.** Most CVE triage samples are template-expanded from NVD descriptions. The model excels at structured classification, less so at creative exploitation insight.
+Apache 2.0. Free for commercial and non-commercial use with attribution.
 
----
+**Ethical use:** This model is intended for defensive security work and authorized security research. Use in unauthorized offensive operations is prohibited by the license and by applicable law.
 
 ## Citation
 
 ```bibtex
-@misc{brainboxai_cyber_analyst_4b_2026,
-  author  = {Elyasi, Netanel and BrainboxAI},
-  title   = {BrainboxAI Cyber Analyst 4B: A Bilingual Hebrew-English Cybersecurity LLM},
-  year    = {2026},
-  url     = {https://huggingface.co/BrainboxAI/cyber-analyst-4B},
-  publisher = {Hugging Face}
+@misc{elyasi2026cyberanalyst,
+  title        = {Cyber-Analyst 4B: A Bilingual On-Device Security Model for SOC and Pentest Workflows},
+  author       = {Elyasi, Netanel},
+  year         = {2026},
+  publisher    = {BrainboxAI},
+  howpublished = {\url{https://huggingface.co/BrainboxAI/cyber-analyst-4B}},
+  note         = {Fine-tuned from unsloth/gemma-4-E4B-it on 1.16M security examples + 107K correction delta}
 }
 ```
 
----
-
-## About BrainboxAI
-
-**BrainboxAI** is an Israeli AI agency founded by **Netanel Elyasi**, specializing in:
-
-- Custom LLM training (Hebrew-native and bilingual models)
-- AI automation and agentic workflows
-- Cybersecurity AI products (scanning, triage, reporting)
-- Enterprise AI deployment (on-premise, privacy-first)
+## Author
 
-**Related models and datasets:**
-- [BrainboxAI/brainboxai_cyber_train](https://huggingface.co/datasets/BrainboxAI/brainboxai_cyber_train) - Training dataset (1.16M examples)
-- [BrainboxAI/law-il-E2B](https://huggingface.co/BrainboxAI/law-il-E2B) - Hebrew legal AI
-- [BrainboxAI/legal-training-il](https://huggingface.co/datasets/BrainboxAI/legal-training-il) - Hebrew legal dataset
+Built by [**Netanel Elyasi**](https://huggingface.co/BrainboxAI), founder of [BrainboxAI](https://brainboxai.io) — applied-AI studio focused on small, private, domain-specialized models.
 
-Contact: via Hugging Face or BrainboxAI.
+For on-prem deployment, custom security-corpus training, or pentest-automation integration, contact: **netanele@brainboxai.io**.
 
 ---
 
-Trained 2x faster with [Unsloth](https://github.com/unslothai/unsloth).
+*Part of the BrainboxAI family of on-device models — see also [`law-il-E2B`](https://huggingface.co/BrainboxAI/law-il-E2B) (legal) and [`code-il-E4B`](https://huggingface.co/BrainboxAI/code-il-E4B) (coding).*