Text Generation
PEFT
Safetensors
code
English
security
cybersecurity
secure-coding
ai-security
owasp
code-generation
lora
fine-tuned
securecode
gemma-4
conversational
Instructions to use scthornton/gemma-4-e4b-securecode with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- PEFT
How to use scthornton/gemma-4-e4b-securecode with PEFT:
from peft import PeftModel from transformers import AutoModelForCausalLM base_model = AutoModelForCausalLM.from_pretrained("google/gemma-4-E4B-it") model = PeftModel.from_pretrained(base_model, "scthornton/gemma-4-e4b-securecode") - Notebooks
- Google Colab
- Kaggle
Update model card: audited SecureCode 2,372 dataset, bf16 LoRA on DGX Spark GB10
Browse files
README.md
CHANGED
|
@@ -1,199 +1,207 @@
|
|
| 1 |
---
|
| 2 |
-
|
| 3 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
---
|
| 5 |
|
| 6 |
-
#
|
| 7 |
|
| 8 |
-
<
|
| 9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
|
|
|
|
| 11 |
|
| 12 |
-
|
| 13 |
-
|
| 14 |
-
### Model Description
|
| 15 |
-
|
| 16 |
-
<!-- Provide a longer summary of what this model is. -->
|
| 17 |
-
|
| 18 |
-
This is the model card of a 🤗 transformers model that has been pushed on the Hub. This model card has been automatically generated.
|
| 19 |
-
|
| 20 |
-
- **Developed by:** [More Information Needed]
|
| 21 |
-
- **Funded by [optional]:** [More Information Needed]
|
| 22 |
-
- **Shared by [optional]:** [More Information Needed]
|
| 23 |
-
- **Model type:** [More Information Needed]
|
| 24 |
-
- **Language(s) (NLP):** [More Information Needed]
|
| 25 |
-
- **License:** [More Information Needed]
|
| 26 |
-
- **Finetuned from model [optional]:** [More Information Needed]
|
| 27 |
-
|
| 28 |
-
### Model Sources [optional]
|
| 29 |
-
|
| 30 |
-
<!-- Provide the basic links for the model. -->
|
| 31 |
-
|
| 32 |
-
- **Repository:** [More Information Needed]
|
| 33 |
-
- **Paper [optional]:** [More Information Needed]
|
| 34 |
-
- **Demo [optional]:** [More Information Needed]
|
| 35 |
-
|
| 36 |
-
## Uses
|
| 37 |
-
|
| 38 |
-
<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
|
| 39 |
-
|
| 40 |
-
### Direct Use
|
| 41 |
-
|
| 42 |
-
<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
|
| 43 |
-
|
| 44 |
-
[More Information Needed]
|
| 45 |
-
|
| 46 |
-
### Downstream Use [optional]
|
| 47 |
|
| 48 |
-
<
|
| 49 |
|
| 50 |
-
|
| 51 |
-
|
| 52 |
-
### Out-of-Scope Use
|
| 53 |
-
|
| 54 |
-
<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
|
| 55 |
-
|
| 56 |
-
[More Information Needed]
|
| 57 |
-
|
| 58 |
-
## Bias, Risks, and Limitations
|
| 59 |
-
|
| 60 |
-
<!-- This section is meant to convey both technical and sociotechnical limitations. -->
|
| 61 |
-
|
| 62 |
-
[More Information Needed]
|
| 63 |
|
| 64 |
-
##
|
| 65 |
|
| 66 |
-
|
| 67 |
|
| 68 |
-
|
|
|
|
|
|
|
|
|
|
| 69 |
|
| 70 |
-
|
| 71 |
|
| 72 |
-
|
| 73 |
|
| 74 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 75 |
|
| 76 |
## Training Details
|
| 77 |
|
| 78 |
-
###
|
| 79 |
-
|
| 80 |
-
<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
|
| 81 |
-
|
| 82 |
-
[More Information Needed]
|
| 83 |
-
|
| 84 |
-
### Training Procedure
|
| 85 |
-
|
| 86 |
-
<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
|
| 87 |
-
|
| 88 |
-
#### Preprocessing [optional]
|
| 89 |
-
|
| 90 |
-
[More Information Needed]
|
| 91 |
-
|
| 92 |
-
|
| 93 |
-
#### Training Hyperparameters
|
| 94 |
-
|
| 95 |
-
- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
|
| 96 |
-
|
| 97 |
-
#### Speeds, Sizes, Times [optional]
|
| 98 |
-
|
| 99 |
-
<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
|
| 100 |
-
|
| 101 |
-
[More Information Needed]
|
| 102 |
-
|
| 103 |
-
## Evaluation
|
| 104 |
-
|
| 105 |
-
<!-- This section describes the evaluation protocols and provides the results. -->
|
| 106 |
-
|
| 107 |
-
### Testing Data, Factors & Metrics
|
| 108 |
-
|
| 109 |
-
#### Testing Data
|
| 110 |
-
|
| 111 |
-
<!-- This should link to a Dataset Card if possible. -->
|
| 112 |
-
|
| 113 |
-
[More Information Needed]
|
| 114 |
-
|
| 115 |
-
#### Factors
|
| 116 |
-
|
| 117 |
-
<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
|
| 118 |
-
|
| 119 |
-
[More Information Needed]
|
| 120 |
-
|
| 121 |
-
#### Metrics
|
| 122 |
-
|
| 123 |
-
<!-- These are the evaluation metrics being used, ideally with a description of why. -->
|
| 124 |
-
|
| 125 |
-
[More Information Needed]
|
| 126 |
-
|
| 127 |
-
### Results
|
| 128 |
-
|
| 129 |
-
[More Information Needed]
|
| 130 |
-
|
| 131 |
-
#### Summary
|
| 132 |
-
|
| 133 |
-
|
| 134 |
-
|
| 135 |
-
## Model Examination [optional]
|
| 136 |
-
|
| 137 |
-
<!-- Relevant interpretability work for the model goes here -->
|
| 138 |
-
|
| 139 |
-
[More Information Needed]
|
| 140 |
|
| 141 |
-
|
| 142 |
|
| 143 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 144 |
|
| 145 |
-
|
| 146 |
|
| 147 |
-
|
| 148 |
-
- **Hours used:** [More Information Needed]
|
| 149 |
-
- **Cloud Provider:** [More Information Needed]
|
| 150 |
-
- **Compute Region:** [More Information Needed]
|
| 151 |
-
- **Carbon Emitted:** [More Information Needed]
|
| 152 |
|
| 153 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 154 |
|
| 155 |
-
|
| 156 |
|
| 157 |
-
|
| 158 |
|
| 159 |
-
###
|
| 160 |
|
| 161 |
-
|
| 162 |
|
| 163 |
-
#
|
| 164 |
|
| 165 |
-
|
| 166 |
|
| 167 |
-
|
| 168 |
|
| 169 |
-
|
| 170 |
|
| 171 |
-
##
|
| 172 |
|
| 173 |
-
|
| 174 |
|
| 175 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 176 |
|
| 177 |
-
|
| 178 |
|
| 179 |
-
|
| 180 |
|
| 181 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 182 |
|
| 183 |
-
##
|
| 184 |
|
| 185 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 186 |
|
| 187 |
-
|
|
|
|
|
|
|
|
|
|
| 188 |
|
| 189 |
-
##
|
| 190 |
|
| 191 |
-
|
| 192 |
|
| 193 |
-
##
|
| 194 |
|
| 195 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 196 |
|
| 197 |
-
##
|
| 198 |
|
| 199 |
-
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
---
|
| 2 |
+
license: gemma
|
| 3 |
+
base_model: google/gemma-4-E4B-it
|
| 4 |
+
tags:
|
| 5 |
+
- security
|
| 6 |
+
- cybersecurity
|
| 7 |
+
- secure-coding
|
| 8 |
+
- ai-security
|
| 9 |
+
- owasp
|
| 10 |
+
- code-generation
|
| 11 |
+
- lora
|
| 12 |
+
- fine-tuned
|
| 13 |
+
- securecode
|
| 14 |
+
- gemma-4
|
| 15 |
+
datasets:
|
| 16 |
+
- scthornton/securecode
|
| 17 |
+
library_name: peft
|
| 18 |
+
pipeline_tag: text-generation
|
| 19 |
+
language:
|
| 20 |
+
- code
|
| 21 |
+
- en
|
| 22 |
---
|
| 23 |
|
| 24 |
+
# Gemma 4 E4B SecureCode
|
| 25 |
|
| 26 |
+
<div align="center">
|
| 27 |
|
| 28 |
+
-blue.svg)
|
| 29 |
+

|
| 30 |
+

|
| 31 |
+

|
| 32 |
|
| 33 |
+
**Security-specialized code model fine-tuned on the [SecureCode](https://huggingface.co/datasets/scthornton/securecode) dataset**
|
| 34 |
|
| 35 |
+
[Dataset](https://huggingface.co/datasets/scthornton/securecode) | [Paper (arXiv:2512.18542)](https://arxiv.org/abs/2512.18542) | [Model Collection](https://huggingface.co/collections/scthornton/securecode) | [perfecXion.ai](https://perfecxion.ai)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 36 |
|
| 37 |
+
</div>
|
| 38 |
|
| 39 |
+
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40 |
|
| 41 |
+
## What This Model Does
|
| 42 |
|
| 43 |
+
This model generates **secure code** when developers ask about building features. Instead of producing vulnerable implementations (like 45% of AI-generated code does), it:
|
| 44 |
|
| 45 |
+
- Identifies the security risks in common coding patterns
|
| 46 |
+
- Provides vulnerable *and* secure implementations side by side
|
| 47 |
+
- Explains how attackers would exploit the vulnerability
|
| 48 |
+
- Includes defense-in-depth guidance: logging, monitoring, SIEM integration, infrastructure hardening
|
| 49 |
|
| 50 |
+
The model was fine-tuned on **2,372 security training examples** covering both traditional web security (OWASP Top 10 2021) and AI/ML security (OWASP LLM Top 10 2025).
|
| 51 |
|
| 52 |
+
## Model Details
|
| 53 |
|
| 54 |
+
| | |
|
| 55 |
+
|---|---|
|
| 56 |
+
| **Base Model** | [Gemma 4 E4B Instruct](https://huggingface.co/google/gemma-4-E4B-it) |
|
| 57 |
+
| **Parameters** | E4B (~8B raw, ~4B effective via per-layer embeddings) |
|
| 58 |
+
| **Architecture** | Gemma 4 (multimodal base; fine-tuned and intended for text-only use) |
|
| 59 |
+
| **Tier** | Tier 1: Accessible |
|
| 60 |
+
| **Method** | bf16 LoRA (no quantization) |
|
| 61 |
+
| **LoRA Rank** | 16 (alpha=32) |
|
| 62 |
+
| **Target Modules** | `q_proj, k_proj, v_proj, o_proj, gate_proj, up_proj, down_proj` on the language model decoder (the 18 KV-shared layers own no k/v weights, so k_proj/v_proj are adapted on the 24 layers that have them) |
|
| 63 |
+
| **Training Data** | [scthornton/securecode](https://huggingface.co/datasets/scthornton/securecode) (2,372 examples) |
|
| 64 |
+
| **Hardware** | NVIDIA DGX Spark GB10 (Blackwell, unified memory) |
|
| 65 |
+
|
| 66 |
+
Newest member of the SecureCode collection. Requires **transformers >= 5.13** (earlier 5.x versions have Gemma 4 training bugs; see notes below).
|
| 67 |
+
|
| 68 |
+
## Quick Start
|
| 69 |
+
|
| 70 |
+
```python
|
| 71 |
+
from peft import PeftModel
|
| 72 |
+
from transformers import AutoModelForCausalLM, AutoTokenizer
|
| 73 |
+
import torch
|
| 74 |
+
|
| 75 |
+
# Requires transformers >= 5.13
|
| 76 |
+
base_model = AutoModelForCausalLM.from_pretrained(
|
| 77 |
+
"google/gemma-4-E4B-it",
|
| 78 |
+
dtype=torch.bfloat16,
|
| 79 |
+
device_map="auto",
|
| 80 |
+
)
|
| 81 |
+
tokenizer = AutoTokenizer.from_pretrained("scthornton/gemma-4-e4b-securecode")
|
| 82 |
+
model = PeftModel.from_pretrained(base_model, "scthornton/gemma-4-e4b-securecode")
|
| 83 |
+
|
| 84 |
+
# Ask a security-relevant coding question (chat template required)
|
| 85 |
+
messages = [
|
| 86 |
+
{"role": "user", "content": "How do I implement JWT authentication with refresh tokens in Python?"}
|
| 87 |
+
]
|
| 88 |
+
|
| 89 |
+
inputs = tokenizer.apply_chat_template(
|
| 90 |
+
messages, add_generation_prompt=True, return_tensors="pt"
|
| 91 |
+
).to(model.device)
|
| 92 |
+
outputs = model.generate(inputs, max_new_tokens=2048, temperature=0.7)
|
| 93 |
+
print(tokenizer.decode(outputs[0], skip_special_tokens=True))
|
| 94 |
+
```
|
| 95 |
|
| 96 |
## Training Details
|
| 97 |
|
| 98 |
+
### Dataset
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 99 |
|
| 100 |
+
Trained on the full **[SecureCode](https://huggingface.co/datasets/scthornton/securecode)** unified dataset (audited release):
|
| 101 |
|
| 102 |
+
- **2,372 total examples** (1,625 web security + 747 AI/ML security)
|
| 103 |
+
- **20 vulnerability categories** across OWASP Top 10 2021 and OWASP LLM Top 10 2025
|
| 104 |
+
- **12+ programming languages** and **49+ frameworks**
|
| 105 |
+
- **4-turn conversational structure**: feature request, vulnerable/secure implementations, advanced probing, operational guidance
|
| 106 |
+
- **100% incident grounding**: every example tied to real CVEs, vendor advisories, or published attack research
|
| 107 |
|
| 108 |
+
Unlike the rest of the collection (trained with `### User:` / `### Assistant:` role markers), this model was trained through **Gemma 4's own chat template**, matching its instruction tuning.
|
| 109 |
|
| 110 |
+
### Hyperparameters
|
|
|
|
|
|
|
|
|
|
|
|
|
| 111 |
|
| 112 |
+
| Parameter | Value |
|
| 113 |
+
|-----------|-------|
|
| 114 |
+
| LoRA rank | 16 |
|
| 115 |
+
| LoRA alpha | 32 |
|
| 116 |
+
| LoRA dropout | 0.05 |
|
| 117 |
+
| Target modules | language model decoder projections (see Model Details) |
|
| 118 |
+
| Quantization | None (bf16 base weights) |
|
| 119 |
+
| Learning rate | 2e-4 |
|
| 120 |
+
| LR scheduler | Cosine with 100-step warmup |
|
| 121 |
+
| Epochs | 3 |
|
| 122 |
+
| Per-device batch size | 1 |
|
| 123 |
+
| Gradient accumulation | 16x |
|
| 124 |
+
| Effective batch size | 16 |
|
| 125 |
+
| Max sequence length | 4096 tokens |
|
| 126 |
+
| Optimizer | adamw_torch_fused |
|
| 127 |
+
| Attention | PyTorch SDPA (fused) |
|
| 128 |
+
| Precision | bf16 |
|
| 129 |
|
| 130 |
+
**Notes:** Gradient checkpointing is deliberately OFF: Gemma 4 E4B's KV-shared layers read earlier layers' KV cache entries within a single forward pass, and checkpointing force-disables that cache, silently corrupting training. transformers 5.13+ also fixes `num_items_in_batch` loss normalization for this architecture. Trained text-only; the vision and audio towers are untouched by the LoRA adapter.
|
| 131 |
|
| 132 |
+
## Security Coverage
|
| 133 |
|
| 134 |
+
### Web Security (1,625 examples)
|
| 135 |
|
| 136 |
+
OWASP Top 10 2021: Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable Components, Authentication Failures, Software Integrity Failures, Logging/Monitoring Failures, SSRF.
|
| 137 |
|
| 138 |
+
Languages: Python, JavaScript, Java, Go, PHP, C#, TypeScript, Ruby, Rust, Kotlin, YAML.
|
| 139 |
|
| 140 |
+
### AI/ML Security (747 examples)
|
| 141 |
|
| 142 |
+
OWASP LLM Top 10 2025: Prompt Injection, Sensitive Information Disclosure, Supply Chain Vulnerabilities, Data/Model Poisoning, Improper Output Handling, Excessive Agency, System Prompt Leakage, Vector/Embedding Weaknesses, Misinformation, Unbounded Consumption.
|
| 143 |
|
| 144 |
+
Frameworks: LangChain, OpenAI, Anthropic, HuggingFace, LlamaIndex, ChromaDB, Pinecone, FastAPI, Flask, vLLM, CrewAI, and 30+ more.
|
| 145 |
|
| 146 |
+
## SecureCode Model Collection
|
| 147 |
|
| 148 |
+
This model is part of the **SecureCode** collection of 9 security-specialized models:
|
| 149 |
|
| 150 |
+
| Model | Base | Size | Tier | HuggingFace |
|
| 151 |
+
|-------|------|------|------|-------------|
|
| 152 |
+
| Llama 3.2 SecureCode | meta-llama/Llama-3.2-3B-Instruct | 3B | Accessible | [`llama-3.2-3b-securecode`](https://huggingface.co/scthornton/llama-3.2-3b-securecode) |
|
| 153 |
+
| Gemma 4 E4B SecureCode | google/gemma-4-E4B-it | E4B (8B raw) | Accessible | [`gemma-4-e4b-securecode`](https://huggingface.co/scthornton/gemma-4-e4b-securecode) |
|
| 154 |
+
| Qwen2.5 Coder SecureCode | Qwen/Qwen2.5-Coder-7B-Instruct | 7B | Mid-size | [`qwen2.5-coder-7b-securecode`](https://huggingface.co/scthornton/qwen2.5-coder-7b-securecode) |
|
| 155 |
+
| DeepSeek Coder SecureCode | deepseek-ai/deepseek-coder-6.7b-instruct | 6.7B | Mid-size | [`deepseek-coder-6.7b-securecode`](https://huggingface.co/scthornton/deepseek-coder-6.7b-securecode) |
|
| 156 |
+
| CodeGemma SecureCode | google/codegemma-7b-it | 7B | Mid-size | [`codegemma-7b-securecode`](https://huggingface.co/scthornton/codegemma-7b-securecode) |
|
| 157 |
+
| CodeLlama SecureCode | codellama/CodeLlama-13b-Instruct-hf | 13B | Large | [`codellama-13b-securecode`](https://huggingface.co/scthornton/codellama-13b-securecode) |
|
| 158 |
+
| Qwen2.5 Coder 14B SecureCode | Qwen/Qwen2.5-Coder-14B-Instruct | 14B | Large | [`qwen2.5-coder-14b-securecode`](https://huggingface.co/scthornton/qwen2.5-coder-14b-securecode) |
|
| 159 |
+
| StarCoder2 SecureCode | bigcode/starcoder2-15b-instruct-v0.1 | 15B | Large | [`starcoder2-15b-securecode`](https://huggingface.co/scthornton/starcoder2-15b-securecode) |
|
| 160 |
+
| Granite 20B Code SecureCode | ibm-granite/granite-20b-code-instruct-8k | 20B | XL | [`granite-20b-code-securecode`](https://huggingface.co/scthornton/granite-20b-code-securecode) |
|
| 161 |
|
| 162 |
+
Choose based on your deployment constraints: **3B/E4B** for edge and resource-constrained use, **7B** for general use, **13B-15B** for deeper reasoning, **20B** for maximum capability.
|
| 163 |
|
| 164 |
+
## SecureCode Dataset Family
|
| 165 |
|
| 166 |
+
| Dataset | Examples | Focus | Link |
|
| 167 |
+
|---------|----------|-------|------|
|
| 168 |
+
| **SecureCode** | 2,372 | Unified (web + AI/ML) | [scthornton/securecode](https://huggingface.co/datasets/scthornton/securecode) |
|
| 169 |
+
| SecureCode Web | 1,625 | Web security (OWASP Top 10 2021) | [scthornton/securecode-web](https://huggingface.co/datasets/scthornton/securecode-web) |
|
| 170 |
+
| SecureCode AI/ML | 747 | AI/ML security (OWASP LLM Top 10 2025) | [scthornton/securecode-aiml](https://huggingface.co/datasets/scthornton/securecode-aiml) |
|
| 171 |
|
| 172 |
+
## Intended Use
|
| 173 |
|
| 174 |
+
**Use this model for:**
|
| 175 |
+
- Training AI coding assistants to write secure code
|
| 176 |
+
- Security education and training
|
| 177 |
+
- Vulnerability research and secure code review
|
| 178 |
+
- Building security-aware development tools
|
| 179 |
|
| 180 |
+
**Do not use this model for:**
|
| 181 |
+
- Offensive exploitation or automated attack generation
|
| 182 |
+
- Circumventing security controls
|
| 183 |
+
- Any activity that violates the base model's license
|
| 184 |
|
| 185 |
+
## Changelog
|
| 186 |
|
| 187 |
+
- **2026-07 (v1, current)**: Initial release. Trained on the audited SecureCode release (**2,372 examples**: 1,625 web + 747 AI/ML) using **bf16 LoRA on an NVIDIA DGX Spark GB10 (Blackwell)**. Added to the SecureCode family alongside the 2026-07 refresh of the original 8 models.
|
| 188 |
|
| 189 |
+
## Citation
|
| 190 |
|
| 191 |
+
```bibtex
|
| 192 |
+
@misc{thornton2026securecode,
|
| 193 |
+
title={SecureCode: A Production-Grade Multi-Turn Dataset for Training Security-Aware Code Generation Models},
|
| 194 |
+
author={Thornton, Scott},
|
| 195 |
+
year={2026},
|
| 196 |
+
publisher={perfecXion.ai},
|
| 197 |
+
url={https://huggingface.co/datasets/scthornton/securecode},
|
| 198 |
+
note={arXiv:2512.18542}
|
| 199 |
+
}
|
| 200 |
+
```
|
| 201 |
|
| 202 |
+
## Links
|
| 203 |
|
| 204 |
+
- **Dataset**: [scthornton/securecode](https://huggingface.co/datasets/scthornton/securecode)
|
| 205 |
+
- **Paper**: [arXiv:2512.18542](https://arxiv.org/abs/2512.18542)
|
| 206 |
+
- **Collection**: [SecureCode models](https://huggingface.co/collections/scthornton/securecode)
|
| 207 |
+
- **perfecXion.ai**: [https://perfecxion.ai](https://perfecxion.ai)
|