Abacus-cve

Abacus-cve (Live Agent Coder) is a 32B code model fine-tuned on CVE-Factory agent traces for security vulnerability fixing tasks.

Model Description

Abacus-cve is based on Qwen3-32B and fine-tuned using 4,078 distilled agent traces from ~900 CVE reproduction tasks. The traces were generated using Claude Opus 4.5 with a Mini SWE-Agent harness through the CVE-Factory pipeline.

Training Results

Fine-tuning yields dramatic improvements across security benchmarks:

Model	LiveCVEBench	PatchEval	Terminal-Bench	Avg
Qwen3-32B (base)	5.29	5.66	12.50	7.82
Abacus-cve (Ours)	35.79	23.58	28.75	29.37
Qwen3-Coder-30B	10.58	9.91	13.75	11.41
Qwen3-Coder-480B	19.58	19.34	36.25	25.06
MiniMax-M2	24.87	19.34	37.50	27.24
Claude Sonnet 4	20.11	22.64	33.75	25.50
Claude Sonnet 4.5	34.39	28.77	45.00	36.05
Claude Opus 4.5	41.27	32.08	48.75	40.70

Key findings:

• ~6.8x improvement on LiveCVEBench (5.29% -> 35.79%)
• ~4.2x improvement on PatchEval (5.66% -> 23.58%)
• ~2.3x improvement on Terminal-Bench (12.50% -> 28.75%)
• Outperforms Qwen3-Coder-480B, MiniMax-M2, and Claude Sonnet 4
• Approaches Claude Sonnet 4.5 level on security tasks

Usage

from transformers import AutoModelForCausalLM, AutoTokenizer

model = AutoModelForCausalLM.from_pretrained("Luoberta/Abacus-cve")
tokenizer = AutoTokenizer.from_pretrained("Luoberta/Abacus-cve")

Related Resources

• Leaderboard - Live rankings on LiveCVEBench
• LiveCVEBench - Security vulnerability benchmark
• CVE-Factory - The multi-agent system that generated training traces
• cve_train Dataset - Training data (4k agent traces)

Citation

@misc{luo2026cvefactory,
  title={CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability}, 
  author={Xianzhen Luo and Jingyuan Zhang and Shiqi Zhou and Rain Huang and Chuan Xiao and Qingfu Zhu and Zhiyuan Ma and Xing Yue and Yang Yue and Wencong Zeng and Wanxiang Che},
  year={2026},
  eprint={2602.03012},
  archivePrefix={arXiv},
  primaryClass={cs.CR},
  url={https://arxiv.org/abs/2602.03012}
}