Install from WinGet (Windows)
winget install llama.cpp
# Start a local OpenAI-compatible server with a web UI:
llama-server -hf abhaybhargav/PWNISMS-Threat-Model-Structured:F16# Run inference directly in the terminal:
llama-cli -hf abhaybhargav/PWNISMS-Threat-Model-Structured:F16Use pre-built binary
# Download pre-built binary from:
# https://github.com/ggerganov/llama.cpp/releases# Start a local OpenAI-compatible server with a web UI:
./llama-server -hf abhaybhargav/PWNISMS-Threat-Model-Structured:F16# Run inference directly in the terminal:
./llama-cli -hf abhaybhargav/PWNISMS-Threat-Model-Structured:F16Build from source code
git clone https://github.com/ggerganov/llama.cpp.git
cd llama.cpp
cmake -B build
cmake --build build -j --target llama-server llama-cli# Start a local OpenAI-compatible server with a web UI:
./build/bin/llama-server -hf abhaybhargav/PWNISMS-Threat-Model-Structured:F16# Run inference directly in the terminal:
./build/bin/llama-cli -hf abhaybhargav/PWNISMS-Threat-Model-Structured:F16Use Docker
docker model run hf.co/abhaybhargav/PWNISMS-Threat-Model-Structured:F16PWNISMS-Threat-Model-Structured
Fused MLX and GGUF releases of Qwen2.5-1.5B-Instruct fine-tuned to emit valid JSON matching a PWNISMS structured threat model (seven domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain), with optional STRIDE cross-tags and concrete mitigations.
Base Model And License
- Base:
Qwen/Qwen2.5-1.5B-Instruct(Apache-2.0). - This release is a derivative work of the base model. The base license applies; retain notices and state modifications as required by Apache-2.0. See
LICENSE.
Training Summary
- Method: LoRA fine-tuning on MLX (
mlx_lm), then fused into a single checkpoint. - Base:
Qwen/Qwen2.5-1.5B-Instruct - LoRA: rank 8, scale 20, 16 layers, max sequence length 10240, 1200 iterations.
- GGUF conversion: llama.cpp
convert_hf_to_gguf.py, plus Q4_K_M quantization withllama-quantize.
Output Contract
The model is trained to answer with JSON only for a chat shaped as:
- System: PWNISMS architect instructions requiring all seven domains, concrete mitigations, and scenario-grounded components.
- User: Markdown system description.
The expected object is defined by the included threat_model_schema.json.
Minimum bar: at least 5 threats, exactly 7 pwnisms_coverage entries, and each threat id must appear under its domain’s threat_ids.
Limitations And Evaluation
Internal pulse check (n=20 held-out style samples, local script): 16/20 parse as JSON, 12/20 pass full Pydantic validation, and 12/20 cover all seven domains with the schema. Real deployments should validate outputs with Pydantic or JSON Schema and never treat this model as a substitute for expert review.
Long scenarios can need up to ~12k output tokens; lower caps may truncate JSON.
Load And Generate (MLX)
from mlx_lm import load, generate
model, tokenizer = load("abhaybhargav/PWNISMS-Threat-Model-Structured")
system = """You are a senior security architect. Produce a PWNISMS threat model for the described system.
Address all seven PWNISMS domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain.
Mitigations must reference concrete technologies, configurations, or processes.
Return only valid JSON matching the required schema."""
user = open("scenario.md").read()
messages = [{"role": "system", "content": system}, {"role": "user", "content": user}]
prompt = tokenizer.apply_chat_template(messages, add_generation_prompt=True, tokenize=False)
text = generate(model, tokenizer, prompt=prompt, max_tokens=12000, verbose=False)
print(text)
Load And Generate (GGUF / llama.cpp)
Recommended default:
PWNISMS-Threat-Model-Structured-Q4_K_M.gguf(~940MB): broad local compatibility, much smaller than F16.
Reference precision:
PWNISMS-Threat-Model-Structured-F16.gguf(~2.9GB): F16 GGUF export.
Example with llama.cpp:
llama-cli \
-m PWNISMS-Threat-Model-Structured-Q4_K_M.gguf \
--ctx-size 12000 \
--temp 0.2 \
-p '<|im_start|>system
You are a senior security architect. Produce a PWNISMS threat model for the described system.
Address all seven PWNISMS domains: Product, Workload, Network, IAM, Secrets, Monitoring, SupplyChain.
Mitigations must reference concrete technologies, configurations, or processes.
Return only valid JSON matching the required schema.<|im_end|>
<|im_start|>user
<paste the system scenario markdown here><|im_end|>
<|im_start|>assistant
'
Ollama
Create a Modelfile next to the downloaded GGUF:
FROM ./PWNISMS-Threat-Model-Structured-Q4_K_M.gguf
PARAMETER temperature 0.2
PARAMETER num_ctx 12000
TEMPLATE """{{ .Prompt }}"""
Then run:
ollama create pwnisms-threat-model-structured -f Modelfile
ollama run pwnisms-threat-model-structured
Files
| File | Purpose |
|---|---|
model.safetensors |
Fused MLX/HF-format weights |
PWNISMS-Threat-Model-Structured-Q4_K_M.gguf |
Quantized GGUF for llama.cpp/Ollama/local tools |
PWNISMS-Threat-Model-Structured-F16.gguf |
F16 GGUF reference export |
config.json, tokenizer.json, tokenizer_config.json, chat_template.jinja |
Model + tokenizer |
threat_model_schema.json |
JSON Schema for outputs |
examples/sample_scenario.md |
Tiny example input shape |
Intended Use
This model is intended to assist application and security architects in drafting structured PWNISMS threat models from system descriptions. It is not a formal risk decision engine and should be reviewed by humans before use in production assurance, audit, or compliance workflows.
- Downloads last month
- 311
Quantized
Install from brew
# Start a local OpenAI-compatible server with a web UI: llama-server -hf abhaybhargav/PWNISMS-Threat-Model-Structured:F16# Run inference directly in the terminal: llama-cli -hf abhaybhargav/PWNISMS-Threat-Model-Structured:F16