---
language:
- en
- code
license: apache-2.0
tags:
- security
- vulnerability-detection
- code-analysis
- reasoning
- llm
pipeline_tag: text-generation
base_model: Qwen/Qwen2.5-7B-Instruct
---
# VulnLLM-R-7B GGUF Models
## Model Generation Details
This model was generated using [llama.cpp](https://github.com/ggerganov/llama.cpp) at commit [`05fa625ea`](https://github.com/ggerganov/llama.cpp/commit/05fa625eac5bbdbe88b43f857156c35501421d6e).
---
## Quantization Beyond the IMatrix
I've been experimenting with a new quantization approach that selectively elevates the precision of key layers beyond what the default IMatrix configuration provides.
In my testing, standard IMatrix quantization underperforms at lower bit depths, especially with Mixture of Experts (MoE) models. To address this, I'm using the `--tensor-type` option in `llama.cpp` to manually "bump" important layers to higher precision. You can see the implementation here:
π [Layer bumping with llama.cpp](https://github.com/Mungert69/GGUFModelBuilder/blob/main/model-converter/tensor_list_builder.py)
While this does increase model file size, it significantly improves precision for a given quantization level.
### **I'd love your feedbackβhave you tried this? How does it perform for you?**
---
Click here to get info on choosing the right GGUF model format
---
# VulnLLM-R-7B: Specialized Reasoning LLM for Vulnerability Detection
**VulnLLM-R** is the first specialized **reasoning** Large Language Model designed specifically for software vulnerability detection.
Unlike traditional static analysis tools (like CodeQL) or small LLMs that rely on simple pattern matching, VulnLLM-R is trained to **reason step-by-step** about data flow, control flow, and security context. It mimics the thought process of a human security auditor to identify complex logic vulnerabilities with high accuracy.
## π Quick Links
* **Paper:** [arXiv:2512.07533](https://arxiv.org/abs/2512.07533)
* **Code & Data:** [GitHub](https://github.com/ucsb-mlsec/VulnLLM-R)
* **Demo:** [Web demo](https://huggingface.co/spaces/UCSB-SURFI/VulnLLM-R)
## π‘ Key Features
* **Reasoning-Based Detection:** Does not just classify code; it generates a "Chain-of-Thought" to analyze *why* a vulnerability exists.
* **Superior Accuracy:** Outperforms commercial giants (like Claude-3.7-Sonnet, o3-mini) and industry-standard tools (CodeQL, AFL++) on key benchmarks.
* **Efficiency:** Achieves SOTA performance with only **7B parameters**, making it 30x smaller and significantly faster than general-purpose reasoning models.
* **Broad Coverage:** Trained and tested on C, C++, Python, and Java (zero-shot generalization).
## π Quick Start
```python
from transformers import AutoModelForCausalLM, AutoTokenizer
import torch
model_name = "UCSB-SURFI/VulnLLM-R-7B"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = AutoModelForCausalLM.from_pretrained(
model_name,
torch_dtype=torch.bfloat16,
device_map="auto"
)
# Example Code Snippet
code_snippet = """
void vulnerable_function(char *input) {
char buffer[50];
strcpy(buffer, input); // Potential buffer overflow
}
"""
# Prompt Template (Triggering Reasoning)
prompt = f"""You are an advanced vulnerability detection model.
Please analyze the following code step-by-step to determine if it contains a vulnerability.
Code:
{code_snippet}
Please provide your reasoning followed by the final answer.
"""
messages = [
{"role": "user", "content": prompt}
]
text = tokenizer.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
model_inputs = tokenizer([text], return_tensors="pt").to(model.device)
generated_ids = model.generate(
model_inputs.input_ids,
max_new_tokens=512
)
generated_ids = [
output_ids[len(input_ids):] for input_ids, output_ids in zip(model_inputs.input_ids, generated_ids)
]
response = tokenizer.batch_decode(generated_ids, skip_special_tokens=True)[0]
print(response)
```
## π Performance
VulnLLM-R-7B achieves state-of-the-art results on benchmarks including PrimeVul, Juliet 1.3, and ARVO.
(Refer to Figure 1 and Table 4 in the paper for detailed metrics)
## π Citation
If you use this model in your research, please cite our paper:
```Bibtex
@article{nie2025vulnllmr,
title={VulnLLM-R: Specialized Reasoning LLM with Agent Scaffold for Vulnerability Detection},
author={Nie, Yuzhou and Li, Hongwei and Guo, Chengquan and Jiang, Ruizhe and Wang, Zhun and Li, Bo and Song, Dawn and Guo, Wenbo},
journal={arXiv preprint arXiv:2512.07533},
year={2025}
}
```
---
# π If you find these models useful
Help me test my **AI-Powered Quantum Network Monitor Assistant** with **quantum-ready security checks**:
π [Quantum Network Monitor](https://readyforquantum.com/?assistant=open&utm_source=huggingface&utm_medium=referral&utm_campaign=huggingface_repo_readme)
The full Open Source Code for the Quantum Network Monitor Service available at my github repos ( repos with NetworkMonitor in the name) : [Source Code Quantum Network Monitor](https://github.com/Mungert69). You will also find the code I use to quantize the models if you want to do it yourself [GGUFModelBuilder](https://github.com/Mungert69/GGUFModelBuilder)
π¬ **How to test**:
Choose an **AI assistant type**:
- `TurboLLM` (GPT-4.1-mini)
- `HugLLM` (Hugginface Open-source models)
- `TestLLM` (Experimental CPU-only)
### **What Iβm Testing**
Iβm pushing the limits of **small open-source models for AI network monitoring**, specifically:
- **Function calling** against live network services
- **How small can a model go** while still handling:
- Automated **Nmap security scans**
- **Quantum-readiness checks**
- **Network Monitoring tasks**
π‘ **TestLLM** β Current experimental model (llama.cpp on 2 CPU threads on huggingface docker space):
- β
**Zero-configuration setup**
- β³ 30s load time (slow inference but **no API costs**) . No token limited as the cost is low.
- π§ **Help wanted!** If youβre into **edge-device AI**, letβs collaborate!
### **Other Assistants**
π’ **TurboLLM** β Uses **gpt-4.1-mini** :
- **It performs very well but unfortunatly OpenAI charges per token. For this reason tokens usage is limited.
- **Create custom cmd processors to run .net code on Quantum Network Monitor Agents**
- **Real-time network diagnostics and monitoring**
- **Security Audits**
- **Penetration testing** (Nmap/Metasploit)
π΅ **HugLLM** β Latest Open-source models:
- π Runs on Hugging Face Inference API. Performs pretty well using the lastest models hosted on Novita.
### π‘ **Example commands you could test**:
1. `"Give me info on my websites SSL certificate"`
2. `"Check if my server is using quantum safe encyption for communication"`
3. `"Run a comprehensive security audit on my server"`
4. '"Create a cmd processor to .. (what ever you want)" Note you need to install a [Quantum Network Monitor Agent](https://readyforquantum.com/Download/?utm_source=huggingface&utm_medium=referral&utm_campaign=huggingface_repo_readme) to run the .net code on. This is a very flexible and powerful feature. Use with caution!
### Final Word
I fund the servers used to create these model files, run the Quantum Network Monitor service, and pay for inference from Novita and OpenAIβall out of my own pocket. All the code behind the model creation and the Quantum Network Monitor project is [open source](https://github.com/Mungert69). Feel free to use whatever you find helpful.
If you appreciate the work, please consider [buying me a coffee](https://www.buymeacoffee.com/mahadeva) β. Your support helps cover service costs and allows me to raise token limits for everyone.
I'm also open to job opportunities or sponsorship.
Thank you! π