pocwriter-v1 / README.md
adf1178's picture
Add files using upload-large-folder tool
e51e528 verified
|
Raw
History Blame Contribute Delete
4.22 kB
---
base_model: Qwen/Qwen3.5-9B
datasets:
- RealMythos/RealMythosReasoning
library_name: transformers
pipeline_tag: text-generation
license: apache-2.0
language:
- en
tags:
- qwen3_5
- code
- security
- cybersecurity
- vulnerability-detection
- proof-of-concept
- cve
- cwe
- llama-factory
- sft
---
# RealMythos/pocwriter-v1
`pocwriter-v1` is a full-parameter supervised fine-tune of **Qwen3.5-9B**, specialized for
**security research**: source-code vulnerability discovery/analysis and proof-of-concept (PoC)
generation for *authorized* testing. It is trained on
[**RealMythos/RealMythosReasoning**](https://huggingface.co/datasets/RealMythos/RealMythosReasoning),
a CVE-grounded C/C++ vulnerability-reasoning dataset.
> **Stage:** stage-1 SFT, `checkpoint-748`. This is an early/intermediate checkpoint β€” see *Limitations*.
## Intended use
Built to assist **defensive and authorized offensive security work**:
- **Vulnerability mining** β€” spotting likely-vulnerable patterns in C/C++ source and explaining the bug class (with a focus on memory-safety issues).
- **PoC drafting** β€” generating proof-of-concept code to *validate* a finding on a target you are
authorized to test (pentest engagements, CTF, your own systems, security research).
- **Triage & write-ups** β€” prioritizing findings, drafting reproduction steps and remediation advice.
### Out of scope / responsible use
Do **not** use this model against systems you do not own or lack explicit written authorization to test.
Generated PoCs are intended for validation in controlled, authorized environments only. Users are
solely responsible for complying with applicable laws and for any consequences of use.
## Training data
Trained on [**RealMythos/RealMythosReasoning**](https://huggingface.co/datasets/RealMythos/RealMythosReasoning)
(CC-BY-4.0):
- **6,159** examples, each tied to a **unique real-world CVE** (~177 MB), English.
- Each record pairs a vulnerability-analysis prompt + code context with **CVE/CWE/project metadata**,
**reasoning traces**, a final response, and **PoC evaluation scores** (relevance / exploitability).
- Heavily weighted toward **memory-safety** classes β€” top CWEs: CWE-119 (buffer errors), CWE-125
(out-of-bounds read), CWE-787 (out-of-bounds write).
- Uses *patch-unaware reasoning cleanup* to reduce leakage from fixed-code information, plus quality-control review flags.
## Training setup
| | |
|---|---|
| Base model | Qwen3.5-9B (`Qwen3_5ForConditionalGeneration`) |
| Method | Full-parameter supervised fine-tuning (SFT) |
| Framework | [LLaMA-Factory](https://github.com/hiyouga/LLaMA-Factory) |
| Distributed | DeepSpeed ZeRO |
| Checkpoint | stage-1, global step 748 |
| Precision | bf16 |
## Usage
```python
from transformers import AutoModelForCausalLM, AutoTokenizer
model_id = "RealMythos/pocwriter-v1"
tok = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(model_id, torch_dtype="auto", device_map="auto")
messages = [
{"role": "user", "content": "Analyze this function for memory-safety issues and, if any, draft a PoC:\n<code here>"},
]
inputs = tok.apply_chat_template(messages, add_generation_prompt=True, return_tensors="pt").to(model.device)
out = model.generate(inputs, max_new_tokens=512)
print(tok.decode(out[0][inputs.shape[-1]:], skip_special_tokens=True))
```
> If this is the multimodal variant of the base, load it with the matching `AutoProcessor` /
> `AutoModelForImageTextToText` class instead.
## Limitations
- Intermediate **stage-1** checkpoint; outputs may be unstable, incomplete, or change in later stages.
- Trained primarily on **C/C++ memory-safety** CVEs β€” weaker outside that distribution (other languages / bug classes).
- May **hallucinate** vulnerabilities or emit non-working PoCs β€” **always verify manually**.
- Inherits the biases, knowledge cutoff, and license terms of the Qwen3.5-9B base model.
## Citation
Built on the [RealMythos](https://huggingface.co/RealMythos) effort to reconstruct open-source
security-reasoning infrastructure. If you use this model, please credit both the model and the
[RealMythosReasoning](https://huggingface.co/datasets/RealMythos/RealMythosReasoning) dataset.