--- license: apache-2.0 base_model: huihui-ai/Huihui-Qwen3.6-35B-A3B-Claude-4.7-Opus-abliterated tags: - security - cybersecurity - pentest - bug-bounty - red-team - agent - tool-calling - MCP - GGUF - llama-cpp - ollama - lm-studio - vllm - CVSS - CWE - MITRE-ATT&CK - ravenx - rath-protocol - MoE - 35B - autonomous-agent - abliterated - qwen3.6 - openmythos - quantized language: - en pipeline_tag: text-generation library_name: gguf --- # RavenX-CyberAgent GGUF — Ollama / LM Studio / llama.cpp / vLLM ### 35B MoE (3B Active) | Q4_K_M 20.7 GB | 89 t/s Generation | 900 t/s Prompt | Agent Harness Agnostic > **The most comprehensive open-source security agent model — in GGUF.** Runs in Ollama, LM Studio, llama.cpp, vLLM, and any GGUF runtime. 51/51 LoRA tensors merged. Identical to the MLX version. **Built by [@DeadByDawn101](https://github.com/DeadByDawn101) | [RavenX LLC](https://github.com/DeadByDawn101)** > *"We don't give up. We do what others don't and build what isn't possible."* — RavenX LLC --- ## Also Available (Same Model, Different Format) | Format | Link | Best For | |--------|------|----------| | **GGUF (THIS)** | You are here | Ollama, LM Studio, llama.cpp, vLLM, NVIDIA GPUs | | **MLX** | [RavenX-CyberAgent MLX](https://huggingface.co/deadbydawn101/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-mlx) | Apple Silicon native (M1-M4) | **Both versions are identical** — same 51/51 LoRA tensors, same 745K+ training data, same 12 training rounds. --- ## Benchmarks (M4 Max 128GB, llama.cpp b9501) ``` Prompt Processing: 900.6 tokens/sec Generation: 89.3 tokens/sec Model Size: 20.7 GB (Q4_K_M, 4.89 BPW) Peak Memory: ~24 GB Context Tested: 32K (262K native) ``` **People are NOT getting the most out of local LLMs.** A 35B MoE at Q4_K_M gives dramatically better output than a 7B model at the SAME speed — because only 3B params activate per token. | Model | Speed | Quality | Size | |-------|-------|---------|------| | Llama 7B Q4 | ~30 t/s | Basic chat | 4 GB | | Mistral 7B Q4 | ~50 t/s | Decent | 4 GB | | **RavenX 35B MoE Q4** | **89 t/s** | **Kill chains + CVSS + MITRE** | **20.7 GB** | --- ## Available Files | File | Size | BPW | Best For | |------|------|-----|----------| | `RavenX-CyberAgent-35B-v5.1-F16.gguf` | 67.8 GB | 16.01 | Maximum quality | | `RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf` | 20.7 GB | 4.89 | **Recommended** | --- ## Quick Start ### Ollama ``` # Modelfile FROM ./RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf SYSTEM "You are RavenX-Sec v5.1 by RavenX LLC. ALWAYS use EXACT 6 RATH step names: 1-Attack Surface, 2-Exploit, 3-Impact, 4-Remediation, 5-Document, 6-Prevent. Include CVSS scores, CWE IDs, and MITRE ATT&CK TTPs. Be concise. Never repeat." PARAMETER temperature 0.7 PARAMETER top_p 0.9 PARAMETER num_ctx 32768 ``` ```bash ollama create ravenx-cyberagent -f Modelfile ollama run ravenx-cyberagent ``` ### llama.cpp ```bash llama-cli -m RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf \ --system-prompt "You are RavenX-Sec v5.1 by RavenX LLC. Use 6 RATH steps. Include CVSS, CWE, MITRE. Be concise." \ -cnv -n 8192 -c 32768 ``` ### LM Studio Download the Q4_K_M GGUF, load in LM Studio, set the system prompt, chat. --- ## Agent Harness Agnostic This model works with **ANY** agent framework — not locked to any platform: | Framework | Integration | |-----------|------------| | **OpenClaw** | Ollama backend, full SOUL.md support | | **Hermes** | llama.cpp server, self-improving loop | | **Ollama** | Native GGUF | | **LM Studio** | GUI + API server | | **vLLM** | Production serving | | **llama.cpp** | CLI + server mode | ### Better Results: Custom SOUL.md The model works great with just a system prompt. But add a custom `SOUL.md` or `agent.md` configuration and results improve significantly: ```markdown # SOUL.md — RavenX Security Agent name: RavenX-Sec version: 5.1 protocol: 6-step RATH style: Direct, actionable, no fluff includes: CVSS 3.1, CWE IDs, MITRE ATT&CK TTPs, compliance mapping ``` ### Thinking Toggle (OFF / LOW / MED / HIGH) The model supports chain-of-thought reasoning via think blocks. Toggle depth for your use case: | Mode | Add to System Prompt | Use Case | |------|---------------------|----------| | **OFF** | "Skip internal reasoning. Output directly." | Fast scans, real-time | | **LOW** | "Think briefly in 1-2 sentences, then output." | Standard checks | | **MED** | "Think through the problem step by step." | Detailed reports | | **HIGH** | "Think deeply about every angle. Map full kill chains." | Complex APT analysis | **HIGH produces incredible multi-phase kill chain analysis** — but uses more tokens for reasoning. Toggle based on your needs. --- ## Example Output **Prompt:** `Kubernetes EKS pentest: anonymous auth, privileged pods, SA tokens everywhere, no network policies, etcd without TLS, Jenkins SSH keys as secrets, Grafana admin/admin` **1-Attack Surface** — 7-finding table with CWE-284, CWE-250, CWE-798, CWE-319 **2-Exploit (Kill Chain)** - Phase 1: Initial Access via Grafana default creds - Phase 2: SA token impersonation, kubectl exec into privileged pod - Phase 3: Persistence via malicious pod with hostPath mount - Phase 4: etcd direct read, extract all K8s secrets including Jenkins SSH keys - Phase 5: Lateral movement to production nodes via stolen SSH keys **3-Impact** — CVSS 9.8, full cluster compromise, data exfiltration, APT persistence **4-Remediation** — disable anonymous auth, enforce PSA, network policies, etcd TLS **5-Document** — MITRE T1078.004, T1611, T1557, compliance mapping **6-Prevent** — admission controllers, Falco monitoring, secret rotation, CIS benchmarks --- ## Training (12 Rounds) | Round | Examples | Iters | LR | Val Loss | Focus | |-------|----------|-------|----|----------|-------| | R1 | 675,696 | 2,000 | 1e-5 | 0.684 | Deep security + agent knowledge | | R2 | 680,150 | 500 | 5e-6 | 0.768 | RATH format reinforcement | | R3 | 705,165 | 1,000 | 5e-6 | 0.688 | Claude Mythos reasoning chains | | R4 | 730,849 | 1,000 | 5e-6 | 0.674 | Pentesting tools + frameworks | | R5 | 730,869 | 200 | 5e-6 | 0.717 | Meta-response tuning | | R6 | 730,869 | 1,000 | 5e-6 | — | Extended (checkpoint 1000 = production) | | R7 | 732,361 | 1,500 | 3e-6 | 0.926 | Bug bounty data (36 shuvonsec repos) | | R8 | 732,364 | 200 | 5e-6 | — | Strict RATH step naming fix | | R9 | 745,697 | 1,500 | 3e-6 | 0.693 | MITRE + blackhat + code + quantum | | R10 | 745,724 | 1,500 | 3e-6 | **0.688** | **GRAM distilled traces + 17 tool-calling** | | R11 | 745,843 | 1,500 | 3e-6 | 0.822 | 119 comprehensive tool-calling examples | | R12 | 745,843 | 1,500 | 3e-6 | 0.820 | Tool-calling integration round | **Hardware:** Apple M4 Max 128GB · Peak memory: ~90GB · Framework: MLX (mlx-lm) **Total training examples:** 745K+ from 110 sources ## Ecosystem | Repo | Description | |------|-------------| | [OpenMythos-MLX](https://github.com/DeadByDawn101/OpenMythos-MLX) | RDT + MoDA (4x depth extrapolation confirmed!) | | [RavenX-Sec](https://github.com/DeadByDawn101/RavenX-Sec) | Training pipeline | | [turboquant-mlx](https://github.com/DeadByDawn101/turboquant-mlx) | KV cache compression | | [grove-mlx](https://github.com/DeadByDawn101/grove-mlx) | Distributed training | --- --- ## IN-CONTEXT ADAPTATION (Breakthrough Discovery) **This model can learn from references IN THE PROMPT — no retraining needed.** ### What We Discovered When pointed at a GitHub repo containing pentest report templates, the model: 1. Analyzed the repo's report structure (NIST format) 2. Applied that structure to its current findings 3. Produced a complete, client-ready pentest deliverable 4. All at 80+ tokens/sec locally ### Example ``` PROMPT: "Use your MCP tool to look at github.com/juliocesarfort/public-pentesting-reports and learn how to format a pentest report, then create a report on the pentest you just did on [target]" OUTPUT: Complete professional pentest report with: → Executive Summary (5 critical, 7 high, 4 medium, 3 low) → 5-Phase Kill Chain with real commands → 19 findings with CVSS + CWE + MITRE ATT&CK → Risk Matrix ranked by severity → Remediation Timeline (0-30, 30-60, 60-90, 90+ days) → Specific commands for EVERY finding ``` ### Why This Works The model was trained on 745K+ examples including: - 42K self-improving agent examples (Hermes) - 6.7K AI-Scientist research automation - 3.6K AutoResearch pipeline data - 25K Claude Mythos reasoning chains - 551 Mythos character distillation (behavioral depth) - 1,003 blackhat AI offensive security conversations This combination created **emergent meta-learning** — the model learned HOW TO LEARN from references. It can: | Point At | Result | |----------|--------| | Mandiant report template | Mandiant-formatted report | | CrowdStrike template | CrowdStrike-formatted report | | NIST framework | NIST-formatted assessment | | Company internal template | Custom-formatted deliverable | | ANY GitHub repo | Adapted output format | **No retraining. No fine-tuning. Just point and generate.** ### What This Means A $50K-$150K pentest engagement deliverable — generated in 60 seconds on a laptop. The model adapts its output format from ANY reference, produces client-ready reports with real commands, and maintains full RATH protocol structure throughout. This is not prompt engineering. This is **In-Context Adaptation** — a capability that emerged from training on self-improving agent + research automation + reasoning chain data. --- ## ⚠️ Important Disclaimer **This model is released for RESEARCH PURPOSES ONLY under fair use.** This is an extremely capable autonomous security assessment model. It has been trained on 745K+ examples from 110 sources covering penetration testing, vulnerability assessment, exploit development, tool usage, and attack chain methodology. **Responsible Use:** - This model is intended for authorized security testing, research, and education ONLY - Users must have explicit written authorization before assessing any target - Use within a properly configured agent harness with appropriate guardrails - All security testing must comply with applicable laws and regulations - The model authors are not responsible for misuse **What This Model Can Do:** - Generate complete RATH security assessments with CVSS, CWE, MITRE ATT&CK - Produce tool-calling commands (nmap, sqlmap, nuclei, kubectl, aws-cli, etc.) - Create professional pentest reports ($50K+ consulting quality) - Learn output formats from reference repositories (In-Context Adaptation) - Operate with agent memory (TurboVec + FTS5 + markdown) at model + harness level **Agent Harness Considerations:** - The harness MUST strip `` blocks (Qwen3.6 architecture always generates them) - The harness MUST validate `` JSON before execution - The harness SHOULD implement authorization checks before executing commands - The harness SHOULD implement rate limiting and scope restrictions - Memory operations require the [ravenx-memory](https://github.com/DeadByDawn101/ravenx-memory) system **Built by:** [@DeadByDawn101](https://github.com/DeadByDawn101) / RavenX LLC **AI Pair Programmer:** Claude (Anthropic) ## License Apache-2.0 *Built on Apple Silicon. Quantized with llama.cpp. Agent harness agnostic. Thinking toggleable.* 🐦‍⬛ --- > **New:** Try [v6.2 Experimental GGUF](https://huggingface.co/deadbydawn101/RavenX-CyberAgent-v6.2-Experimental-GGUF) — improved reasoning, 90 tok/s, Soul Infusion identity training. Benchmarked 80.9%.