README.md

---
license: apache-2.0
base_model: georgehenney/Qwen3-8B-heretic
tags:
  - security
  - cybersecurity
  - pentest
  - CVSS
  - OWASP
  - red-team
  - bug-bounty
  - 128k-context
  - MLX
  - Safetensors
  - qwen3
  - 4-bit
  - apple-silicon
  - ravenx
  - rath-protocol
  - tool-calling
language:
  - en
pipeline_tag: text-generation
library_name: mlx
---

# RavenX-Sec Qwen3-8B v4.0 — Autonomous Security Intelligence Model 128K

> **MLX 4-bit** · Apple Silicon native · 128K context · 6-step RATH protocol · 610K training examples · 21 datasets · Zero truncation

Qwen3-8B with security LoRA fused directly into the weights. The model **self-evolved** from 4 to 6 RATH steps during training — adding DOCUMENT and PREVENT phases for complete vulnerability lifecycle management.

> 📦 **Looking for the GGUF version?** → [RavenX-Sec-8B-GGUF](https://huggingface.co/deadbydawn101/RavenX-Sec-8B-GGUF) (Ollama / llama.cpp / LM Studio)

Part of the [RavenX MLX Models](https://huggingface.co/collections/deadbydawn101/ravenx-mlx-models-apple-silicon-inference-stack-67f7270ac5b85c49a6c0f47f) collection.

**Built by [@DeadByDawn101](https://github.com/DeadByDawn101) (RavenX LLC)**

## Quick Start

```python
from mlx_lm import load, generate

model, tokenizer = load("deadbydawn101/RavenX-Sec-8B-Security-RATH-128k-mlx-4bit")

messages = [
    {"role": "system", "content": "You are RavenX-Sec. Follow the RATH protocol for every finding."},
    {"role": "user", "content": "You found OpenSSH 7.4 on port 22. Classify and remediate."}
]

prompt = tokenizer.apply_chat_template(messages, add_generation_prompt=True, tokenize=False)
response = generate(model, tokenizer, prompt=prompt, max_tokens=1024)
print(response)
```

### Chat REPL
```bash
mlx_lm.chat --model "deadbydawn101/RavenX-Sec-8B-Security-RATH-128k-mlx-4bit"
```

## Related Models

| Model | Format | Link |
|-------|--------|------|
| **RavenX-Sec v4.0 MLX 4-bit** | MLX Safetensors | This repo |
| RavenX-Sec v4.0 GGUF | GGUF (F16/Q8/Q5/Q4) | [RavenX-Sec-8B-GGUF](https://huggingface.co/deadbydawn101/RavenX-Sec-8B-GGUF) |

## What This Is

A fine-tuned Qwen3-8B specialized for the complete vulnerability lifecycle: **find → classify → fix → verify → report → prevent**. Trained on 610,220 examples from 21 security-specific datasets with 8192 sequence length (zero truncation). Extended to 128K context via YaRN rope scaling.

The model **self-evolved** from a 4-step to a **6-step RATH protocol** during training:

| Step | What It Does |
|------|-------------|
| **R — Risk / Identify** | Finding context, affected systems, exposure |
| **A — Assessment** | CVSS score + vector, CWE, scope, ground truth |
| **T — Threat** | Attacker objectives, attack vectors, likelihood |
| **H — Highlight / Remediate** | Immediate action, recommended fix, workaround, verification |
| **D — Document** | Severity, weakness classification, steps, SLA |
| **P — Prevent** | Process improvements, controls, training, monitoring |

## Example Output (v4.0 — 6-Step RATH)

```
RATH STEP 1: IDENTIFY
- Finding: OpenSSH 7.4 running on port 22 of production server
- Context: Older version with known vulnerabilities

RATH STEP 2: ASSESS
- CVSS Score: 6.3 for multiple vulnerabilities
- Impact: Remote code execution, information disclosure
- Scope: Entire server and SSH-dependent services

RATH STEP 3: THREAT
- Attacker Objective: Exploit known CVEs in OpenSSH 7.4
- Attack Vectors: Remote code execution via SSH
- Likelihood: High — well-documented and widely exploited

RATH STEP 4: REMEDIATE
- Immediate: Apply latest security patches
- Recommended: Upgrade to OpenSSH 8.x or higher
- Workaround: Apply all available security updates
- Verification: Check version post-remediation

RATH STEP 5: DOCUMENT
- Severity: Critical
- Weakness: Outdated software
- SLA: Follow org patching SLA for critical vulns

RATH STEP 6: PREVENT
- Process: Implement automated patch management
- Controls: Deploy CVE scanning, maintain system inventory
- Training: Educate team on software update importance
- Monitoring: Enable continuous vulnerability scanning

✅ RATH VERDICT: REMEDIATE IMMEDIATELY
```

## Model Details

| Parameter | Value |
|-----------|-------|
| **Architecture** | Qwen3-8B |
| **Base** | georgehenney/Qwen3-8B-heretic (abliterated) |
| **Context Window** | 128K (YaRN rope scaling, factor 4.0) |
| **Training Data** | 610,220 examples |
| **Security Content** | 53% (323K examples) |
| **Agent/Tool Content** | 37% (228K examples) |
| **Datasets** | 21 sources |
| **Max Seq Length** | 8192 (zero truncation) |
| **Tokens Trained** | 3,644,923 |
| **Method** | MLX LoRA (rank 32, 8 layers, 1e-5 LR, 2000 iters) |
| **Hardware** | Apple M4 Max 128GB |
| **Peak Memory** | 69.5 GB |

## Training Datasets (21)

**Security (11):** Trendyol/Cybersecurity-Instruction-Tuning (50K) · SkywardNomad92/pentest-findings-v2 (50K) · WNT3D/Ultimate-Offensive-Red-Team (25.6K) · auren-research/cve-sft-v5 (10K) · theelderemo/pentesting-explanations (5.9K) · Rootkit7/pentest-redteam-steering (2K) · acnimatic3722/kali-linux-pentesting-data (343) · AYI-NEDJIMI/bug-bounty-pentest-en · CJJones/Synthetic_PenTest_Reports · Whoisjutanlee/4-Security-Tools-Pentesting · cpagac/venomx-pentesting-harmful

**Agent/Tool/Coding (5):** burtenshaw/agent-tools · Nanbeige/ToolMind · togethercomputer/CoderForge-Preview · automatelab/mcp-servers-tool-catalog · Jackrong/Claude-opus-4.7-TraceInversion-5000x

**Agentic:** WithinUsAI/AgentAngel_100k (50K capped) · WithinUsAI/claude_mythos_distilled_25k (16K security)

**Extracted:** hackingBuddyGPT · PentestGPT · Shannon · Ghidra · OpenMythos + Synthetic RATH chains

## Frameworks Supported

CVSS 3.1 · NIST CSF 2.0 · OWASP Top 10 · CWE · MITRE ATT&CK · PCI DSS · HIPAA · SOX

## Source Code & Training Pipeline

**[github.com/DeadByDawn101/RavenX-Sec](https://github.com/DeadByDawn101/RavenX-Sec)**

## License

Apache-2.0

---

*"We don't give up. We do what others don't and build what isn't possible." — RavenX LLC*