How to use from the
Use from the
llama-cpp-python library
# !pip install llama-cpp-python

from llama_cpp import Llama

llm = Llama.from_pretrained(
	repo_id="CycleCoreTechnologies/pq-sift-defender-Q4_K_M",
	filename="pq-sift-defender-Q4_K_M.gguf",
)
llm.create_chat_completion(
	messages = [
		{
			"role": "user",
			"content": "What is the capital of France?"
		}
	]
)

pq-sift-defender-Q4_K_M

QLoRA fine-tuned Qwen2.5-1.5B-Instruct for autonomous DFIR incident-response triage. Q4_K_M quantized GGUF for Ollama.

Built by CycleCore Technologies for the SANS FIND EVIL hackathon.

What it does

Reads a security alert (EDR, WAF, IDS, phishing report) and produces a structured verdict: PASS, FLAG, or BLOCK with cited indicators. The model drives the pq-sift-defender agent, which wraps it with a SecurityGates pre-filter and a post-quantum signed audit trail (ML-DSA-65).

Performance

Validated on 136 held-out samples spanning benign events, SSRF, SQL injection, command injection, path traversal, prompt injection, CVE-grounded attacks, boundary recovery, and malware memory dumps.

96.3% accuracy | 100% BLOCK | 94.6% PASS | 11s per triage | CPU-only
Verdict Accuracy Count
BLOCK 100% 72/72
FLAG 75% 6/8
PASS 94.6% 53/56

Training

  • Method: QLoRA (4-bit NF4, LoRA r=64, alpha=16, 5 epochs, lr=1e-4)
  • Data: 785 unique ShareGPT-format samples across 7 batches (benign PASS, attack BLOCK, boundary recovery, FLAG + format, CVE-grounded, hard PASS)
  • Two-axis weighting: per-batch oversampling (up to 1.8x for PASS) + per-sample quality-based loss scaling (A/B/C tiers)
  • Hardware: RTX 5070Ti, 26 minutes
  • Pipeline: Reproducible via training/ directory in the main repo

Usage with Ollama

# Download the GGUF and Modelfile from this repo, then:
ollama create pq-sift-defender -f Modelfile

# Or point your Modelfile FROM line at the downloaded GGUF path:
# FROM /path/to/pq-sift-defender-Q4_K_M.gguf

Then run with the agent:

pip install -e ".[dev]"  # from the main repo
PQ_SIFT_MODEL=pq-sift-defender pq-sift-defender investigate samples/path_traversal.json

Or test directly:

ollama run pq-sift-defender "Analyze this alert: PowerShell -enc SQBFAFgAIAAoA..."

Files

File Size Description
pq-sift-defender-Q4_K_M.gguf 986 MB Q4_K_M quantized model
Modelfile 1.6 KB Ollama import file with ChatML template + system prompt

Quantization

Converted from merged safetensors via llama.cpp/convert_hf_to_gguf.py (external, not Ollama's internal converter). Q4_K_M quantization. 986 MB on disk.

Note: Ollama 0.24.0's internal safetensors-to-GGUF converter has a known bug with transformers 5.9.0 models. Use the external llama.cpp converter if rebuilding from source.

Hardware Requirements

Resource Requirement
RAM 2-3 GB free
CPU One modern x86_64 core
Disk ~1 GB
GPU Not required
CPU Inference time
Intel Core i9-14900KF 4s
AMD Ryzen 7 7800X3D 11s

License

Apache 2.0

Downloads last month
3
GGUF
Model size
2B params
Architecture
qwen2
Hardware compatibility
Log In to add your hardware

4-bit

Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support

Model tree for CycleCoreTechnologies/pq-sift-defender-Q4_K_M

Quantized
(215)
this model

Evaluation results