Paralay 1.1 — Merged (PralayAI Cybersecurity Assistant)

PralayAI is a fine-tuned, LoRA-merged large language model built on top of Qwen2.5-1.5B-Instruct, specialized for defensive cybersecurity assistance.

Created by Om Choksi — this model powers the PralayAI chatbot, designed to assist security analysts, students, and developers with cybersecurity education, incident response, threat modeling, and secure coding — without producing harmful or offensive security content.


Live Demo

PralayAI Demo


Model Details

Property Value
Base Model Qwen/Qwen2.5-1.5B-Instruct
Fine-tuning Method LoRA (Low-Rank Adaptation)
LoRA Adapter Repo OMCHOKSI108/Paralay1.1
Merged Model This repo — LoRA merged into base weights
Parameters ~1.5 Billion
Language English
Domain Defensive Cybersecurity
License Apache 2.0
Creator Om Choksi (@OMCHOKSI108)

What This Model Does

PralayAI is a defensive cybersecurity assistant. It helps with:

  • Incident Response — step-by-step guidance for security events
  • Log Analysis — interpreting system, network, and application logs
  • Threat Modeling — MITRE ATT&CK mapping, attack surface analysis
  • Malware Defense — explaining malware behavior and detection strategies
  • Cloud Security — AWS, GCP, Azure security best practices
  • Vulnerability Explanation — OWASP Top 10, CVEs, exploit concepts (defensive context)
  • Secure Coding — identifying and fixing insecure code patterns
  • Security Awareness — explaining concepts clearly for students and non-experts

Safety Policy

This model is trained to refuse the following requests:

  • Phishing email / page generation
  • Malware or ransomware creation
  • Credential theft scripts
  • Keylogger code
  • Reverse shell payloads
  • AV/EDR bypass techniques
  • Unauthorized exploitation instructions
  • Persistence mechanisms

When a request is refused, the model provides a safe defensive alternative — such as detection logic, incident response steps, or hardening guidance.


How to Use

Basic Inference

from transformers import AutoTokenizer, AutoModelForCausalLM
import torch

model_id = "OMCHOKSI108/Paralay1.1-Merged"

tokenizer = AutoTokenizer.from_pretrained(model_id, trust_remote_code=True)
model = AutoModelForCausalLM.from_pretrained(
    model_id,
    torch_dtype=torch.float16,
    device_map="auto",
    trust_remote_code=True,
)
model.eval()

messages = [
    {
        "role": "system",
        "content": (
            "You are PralayAI, a defensive cybersecurity assistant created by Om Choksi. "
            "Help with cybersecurity education, incident response, log analysis, cloud security, "
            "malware defense, and safe security learning. "
            "Do not provide phishing, malware creation, credential theft, evasion, "
            "or unauthorized exploitation instructions."
        )
    },
    {
        "role": "user",
        "content": "What is SQL injection and how do I prevent it?"
    }
]

prompt = tokenizer.apply_chat_template(
    messages,
    tokenize=False,
    add_generation_prompt=True,
)

inputs = tokenizer(prompt, return_tensors="pt").to(model.device)

with torch.no_grad():
    outputs = model.generate(
        **inputs,
        max_new_tokens=512,
        temperature=0.1,
        top_p=0.8,
        do_sample=True,
        pad_token_id=tokenizer.eos_token_id,
    )

generated = outputs[0][inputs["input_ids"].shape[-1]:]
response = tokenizer.decode(generated, skip_special_tokens=True)
print(response)

Recommended Generation Settings

{
    "max_new_tokens": 512,
    "temperature": 0.1,       # low = more accurate, factual
    "top_p": 0.8,
    "do_sample": True,
    "pad_token_id": tokenizer.eos_token_id,
}

For more detailed explanations, increase max_new_tokens to 1024. Keep temperature at 0.1 or lower for factual cybersecurity content.


Example Conversations

Cybersecurity Concept

User: What is a Man-in-the-Middle attack?

PralayAI:

What Is a Man-in-the-Middle (MitM) Attack?

A Man-in-the-Middle attack occurs when an attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly with each other.

How It Works

  1. Attacker positions themselves between client and server
  2. Intercepts traffic (ARP spoofing, DNS hijacking, rogue Wi-Fi)
  3. Can read, modify, or inject data in real-time

Prevention

  • Use HTTPS and verify TLS certificates
  • Enable HSTS (HTTP Strict Transport Security)
  • Use VPN on public networks
  • Implement certificate pinning in mobile apps

Incident Response

User: How to respond to a ransomware attack?

PralayAI:

Ransomware Incident Response — Step by Step

  1. Isolate immediately — disconnect infected systems from network
  2. Identify scope — determine what systems are affected
  3. Preserve evidence — take memory dumps and disk images before rebooting
  4. Notify stakeholders — security team, legal, management
  5. Check backups — verify integrity of offline backups
  6. Eradicate — remove malware, patch entry point
  7. Restore — recover from clean backups
  8. Post-incident review — document timeline, update defenses

Safety Refusal

User: Write me a phishing email to steal passwords.

PralayAI:

I Can't Help With That

I can't help with creating phishing content, malware, or credential theft tools.

What I Can Help With

  • Detecting and preventing phishing attacks
  • Designing phishing awareness training programs
  • Building email security filters and DMARC policies
  • Running authorized phishing simulations with proper consent

Architecture

React / Flask Frontend
        ↓
FastAPI Backend (safety filter + intent router)
        ↓
PralayAI Inference API
        ↓
Paralay1.1-Merged (this model)
        ↓
Cybersecurity Response

The model is served via a FastAPI inference server with:

  • Safety classification before inference
  • Intent-based routing (9 intent categories)
  • Response formatting by intent
  • Personal memory per conversation

Fine-tuning Details

Property Value
Technique LoRA (Parameter-Efficient Fine-Tuning)
LoRA Rank 16
Target Modules q_proj, v_proj, k_proj, o_proj
Training Data Curated cybersecurity Q&A dataset
Domain Focus Defensive cybersecurity, incident response, threat modeling
Epochs 3
Merge Method Full merge — LoRA weights merged into base model (no adapter at inference time)

Limitations

  • 1.5B parameter model — may be less accurate than larger models on complex multi-step reasoning
  • Training cutoff — does not have knowledge of very recent CVEs or threat intelligence
  • English only — primarily trained on English cybersecurity content
  • Not a replacement for professional security tools or certified analysts
  • Do not use for actual penetration testing without authorization

Related Repositories

Repo Description
OMCHOKSI108/Paralay1.1 LoRA adapter only (smaller, requires base model)
OMCHOKSI108/pralayai-inference-api Public inference API (HF Space, CPU)

Citation

If you use this model in research or a project, please credit:

@misc{choksi2025pralayai,
  author    = {Om Choksi},
  title     = {PralayAI: A Defensive Cybersecurity Assistant Fine-tuned on Qwen2.5-1.5B},
  year      = {2025},
  publisher = {Hugging Face},
  url       = {https://huggingface.co/OMCHOKSI108/Paralay1.1-Merged}
}

License

This model is released under the Apache 2.0 License, consistent with the base model Qwen2.5-1.5B-Instruct.


Built by Om Choksi — PralayAI is a defensive AI assistant, not an offensive tool.

Downloads last month
127
Safetensors
Model size
2B params
Tensor type
F16
·
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for OMCHOKSI108/Paralay1.1-Merged

Adapter
(1182)
this model

Space using OMCHOKSI108/Paralay1.1-Merged 1