File size: 5,374 Bytes
e6b0b49 45aaf8b e6b0b49 45aaf8b e21dec1 45aaf8b e6b0b49 45aaf8b e6b0b49 45aaf8b e6b0b49 45aaf8b | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 | ---
language:
- en
license: mit
library_name: transformers
tags:
- security
- code
- vulnerability-detection
- grpo
- reinforcement-learning
- unsloth
- openenv
- agentbeats
base_model: unsloth/Qwen2.5-Coder-7B-Instruct-bnb-4bit
datasets:
- custom
pipeline_tag: text-generation
---
# VulnHunter: AI Security Agent
**An AI agent trained with GRPO to detect and fix web application security vulnerabilities.**
[](https://github.com/gateremark/vulnhunter)
[](https://wandb.ai/gatere-ai/huggingface/runs/v0dge86p)
[](https://rdi.berkeley.edu/agentx-agentbeats)
This model was trained 2x faster with [Unsloth](https://github.com/unslothai/unsloth) and Huggingface's TRL library.
[<img src="https://raw.githubusercontent.com/unslothai/unsloth/main/images/unsloth%20made%20with%20love.png" width="200"/>](https://github.com/unslothai/unsloth)
## Model Description
VulnHunter is a fine-tuned Qwen2.5-Coder-7B model specialized for security vulnerability detection and patching. It was trained using **GRPO (Group Relative Policy Optimization)** with a custom security reward function.
### Capabilities
- ✅ **SQL Injection Detection** - Identifies unsanitized SQL queries
- ✅ **XSS Detection** - Finds unescaped user input in HTML
- ✅ **Path Traversal Detection** - Detects unchecked file paths
- ✅ **Automatic Fix Generation** - Suggests secure code patches
## Quick Start
```python
from unsloth import FastLanguageModel
model, tokenizer = FastLanguageModel.from_pretrained(
"gateremark/vulnhunter-agent"
)
# Analyze vulnerable code
prompt = """Analyze this code for security vulnerabilities:
query = f"SELECT * FROM users WHERE id = {user_id}"
cursor.execute(query)
"""
inputs = tokenizer(prompt, return_tensors="pt")
outputs = model.generate(**inputs, max_new_tokens=256)
print(tokenizer.decode(outputs[0], skip_special_tokens=True))
```
## Training Details
### Base Model
- **Model:** Qwen2.5-Coder-7B-Instruct
- **Quantization:** 4-bit (BitsAndBytes)
- **Framework:** Unsloth + TRL
### Why Qwen2.5-Coder?
1. Pre-trained on code - understands Python, SQL, security patterns
2. Instruct variant - follows instructions out-of-the-box
3. 7B size - sweet spot between capability and cost
4. Unsloth support - 2x faster training
### Training Configuration
| Parameter | Value |
|-----------|-------|
| Method | GRPO (Group Relative Policy Optimization) |
| Hardware | NVIDIA A100-SXM4-40GB |
| Training Time | ~90 minutes |
| Steps | 200 |
| LoRA Rank | 32 |
| Learning Rate | 2e-5 |
| Batch Size | 1 (4 gradient accumulation) |
| Group Size | 4 generations |
### Why GRPO?
| Method | Memory | Our Choice |
|--------|--------|------------|
| SFT | Low | Too passive |
| PPO | High (needs critic) | Memory-prohibitive |
| DPO | Medium | Needs preference pairs |
| **GRPO** | Low | ✅ Perfect for rewards |
GRPO eliminates the critic model by comparing responses within groups, giving PPO-quality learning without 2x memory overhead.
### Reward Function
| Event | Reward |
|-------|--------|
| Identify vulnerability type | +0.3 |
| Generate valid patch | +0.2 |
| Patch blocks exploit | +1.0 |
| Syntax error in patch | -0.2 |
## Evaluation Results
### Test Cases
**SQL Injection:**
```python
# Input
query = f"SELECT * FROM users WHERE username = '{username}'"
# VulnHunter Output
# "SQL injection vulnerability. Use parameterized queries:
# query = 'SELECT * FROM users WHERE username = %s'
# cursor.execute(query, (username,))"
```
**XSS:**
```python
# Input
return f"<h1>Results for: {query}</h1>"
# VulnHunter Output
# "XSS vulnerability. Escape user input:
# from html import escape
# return f'<h1>Results for: {escape(query)}</h1>'"
```
**Path Traversal:**
```python
# Input
return send_file(f"/uploads/{filename}")
# VulnHunter Output
# "Path traversal vulnerability. Use safe_join:
# from werkzeug.utils import safe_join
# return send_file(safe_join('/uploads', filename))"
```
## OpenEnv Environment
VulnHunter comes with an OpenEnv-compatible RL environment:
```bash
git clone https://github.com/gateremark/vulnhunter
cd vulnhunter
uvicorn vulnhunter.env_server.server:app --port 8000
```
## Green Agent (A2A Protocol)
The model includes an A2A-compatible agent wrapper:
```bash
cd vulnhunter/green_agent
python server.py
# Agent at http://localhost:9009
```
### Agent Card
```json
{
"name": "VulnHunter",
"skills": [{"id": "analyze_code", "name": "Analyze Code"}]
}
```
## Links
- **GitHub:** [github.com/gateremark/vulnhunter](https://github.com/gateremark/vulnhunter)
- **W&B Training:** [wandb.ai/gatere-ai/huggingface/runs/v0dge86p](https://wandb.ai/gatere-ai/huggingface/runs/v0dge86p)
- **OpenEnv:** [github.com/meta-pytorch/OpenEnv](https://github.com/meta-pytorch/OpenEnv)
## Citation
```bibtex
@misc{vulnhunter2026,
author = {gateremark},
title = {VulnHunter: AI Security Agent with GRPO},
year = {2026},
publisher = {HuggingFace},
url = {https://huggingface.co/gateremark/vulnhunter-agent}
}
```
## Acknowledgments
Built for the **AgentBeats OpenEnv Challenge** sponsored by PyTorch, Hugging Face, and Unsloth.
---
*Built with ❤️ by [gateremark](https://github.com/gateremark)*
|