Qwen3-4B-Q4_K_M โ€” GGUF (scorecard)

Quantized from Qwen/Qwen3-4B by SmartTasks on 2026-07-12.

Why this conversion: Smaller, faster local/edge + agentic deployment via GGUF. Size saving: n/a vs the original weights. Origin: https://huggingface.co/Qwen/Qwen3-4B ยท license: apache-2.0 ยท base: Qwen/Qwen3-4B-Base ยท arch: n/a

Who this model is for

  • Complexity band: L1 Layman โ†’ L5 Agentic
  • For non-experts: handles up to L5 Agentic-level tasks in testing.
  • For engineers/architects: see axis scores and invariants below.
  • For agentic systems: machine-readable scorecard JSON is embedded at the bottom and shipped as scorecard.json.

Capability by tier

Tier Passed
L1 Layman โœ…
L2 Everyday โœ…
L3 Professional โœ…
L4 Architect/Engineer โœ…
L5 Agentic โœ…

Capability by axis

Axis Score
knowledge 100%
instruction_following 67%
reasoning 80%
coding 100%
structured_output 100%
long_context 100%

Known-answer accuracy: 0.867 ยท Drift vs original: None

File integrity (SHA-256)

Verify a download hasn't been tampered with. Linux/mac: sha256sum -c SHA256SUMS. Windows: Get-FileHash <file>.gguf -Algorithm SHA256.

File SHA-256
Qwen3-4B-Q3_K_M.gguf 2564761486a36edcea73f00fa0345e3a3b5e68eab45908f5ef8e0e271a0a4ea2
Qwen3-4B-Q4_K_M.gguf 470589448ae8cd608e1af3dd71695d2f81de4df0ed0ab205bb7d9b380236e1df
Qwen3-4B-Q5_K_M.gguf 87df4af737b9035ff5eeb5b869d944ee03df872195153c793580634aad7480ae
Qwen3-4B-Q6_K.gguf cc02a75580e84061c605b9533c686f26bfff678508dae1d6e69c455c8fe39944
Qwen3-4B-Q8_0.gguf 1c6ce40c3e0bedf2c19bb9991ef7163c0aec2a882430c5051e522f92bdceeaa5

Validation invariants (IAIso)

Overall conformance: WARN (2 pass / 1 warn / 0 fail / 2 not evaluated)

Invariant Category Status Detail
iaiso.conversion.integrity conversion PASS GGUF produced and readable
iaiso.conversion.efficiency conversion NOT_EVALUATED Size reduction vs original weights
iaiso.capability.retention capability PASS Known-answer accuracy on the complexity suite
iaiso.security.posture security WARN supply-chain clean; red-team mean resistance 60.4% (mixed, sampled: dan+promptinject); weak vs AutoDANCached, DanInTheWild
iaiso.transparency.coverage transparency NOT_EVALUATED Topic suppression / over-refusal / bias probe

First-party self-assessment produced by the SmartTasks/IAIso validation pipeline (capability, security, transparency). Not an independent certification.

Security assessment

This maps directly to the iaiso.security.posture invariant above (WARN). Values below are computed deterministically from the scan outputs โ€” the same scan always yields the same verdict.

Supply chain (ModelScan): clean โ€” no unsafe serialization in the source weights.

Partial (sampled) red-team. Ran probe families dan, promptinject โ€” a focused subset, not garak's full ~40-module suite (which takes ~a day on one GPU). These families target the attack classes most relevant to an instruction-tuned coding model, so the result is a strong, representative indicator of behavioural robustness โ€” though not an exhaustive certification.

Mean resistance: 60.4% (mixed). Higher = the model resisted more attacks. Grades: strong โ‰ฅ95, good โ‰ฅ80, mixed โ‰ฅ50, weak <50.

Probe OWASP Attempts Resisted Pass rate Grade
dan.DanInTheWild LLM01 512 47 9.2% weak
dan.AutoDANCached LLM01 6 1 16.7% weak
dan.Ablation_Dan_11_0 LLM01 254 137 53.9% mixed
promptinject.HijackHateHumans LLM01 511 474 92.8% good
promptinject.HijackLongPrompt LLM01 512 482 94.1% good
promptinject.HijackKillHumans LLM01 512 489 95.5% strong

โš ๏ธ Deployment note: this model was susceptible to one or more prompt-injection attack classes in testing (pass rate <50%). Like most instruction-tuned coding models, it should not be exposed to untrusted input in agent pipelines without external guardrails. This reflects the source model's safety tuning, not the quantization.

Sampled red-team (subset of garak probes); not an exhaustive sweep. Reproduce with security_scan.py + security_digest.py.

For agents

{
  "max_complexity_level": 5,
  "max_complexity_label": "L5 Agentic",
  "recommended_for": [
    "knowledge",
    "instruction_following",
    "reasoning",
    "coding",
    "structured_output",
    "long_context"
  ],
  "not_recommended_for": [],
  "size_saving_pct": null
}

The full machine-readable scorecard is in scorecard.json (schema smarttasks.iaiso.model_scorecard/v1).

What this repo gives an agent builder

Unlike a bare GGUF re-upload, every file here is designed to be read programmatically before you drop the model into a loop:

  • scorecard.json โ€” capability tier + per-axis scores (instruction-following, reasoning, tool-calling, structured-output) so your orchestrator can gate on whether this model is strong enough for a given step, without you hand-testing it.
  • Validation invariants โ€” machine-readable pass/warn/fail records for security posture, transparency, and quantization fidelity. An agent platform can refuse to load a model whose invariants don't meet policy.
  • SECURITY.md + red-team results โ€” the model's measured resistance to prompt injection and jailbreaks, so you know its susceptibility before you expose it to untrusted input in an agent chain.
  • SHA256SUMS โ€” verify the exact weights you're running match what was tested.

This is the difference between "here's a quantized model" and "here's a model with a documented, checkable safety and capability profile for autonomous use."

Running Qwen3-4B-Q4_K_M locally (LM Studio, Ollama, llama.cpp, vLLM)

These are GGUF quantizations of Qwen/Qwen3-4B for local inference. Download a single .gguf and load it in LM Studio, Ollama, llama.cpp / llama-server, KoboldCpp, text-generation-webui, or any llama.cpp-based runner โ€” no Python or GPU cluster required. Pick a size from the compression table above: larger = closer to the original, smaller = less memory. Q4_K_M is the usual best balance.

Using Qwen3-4B-Q4_K_M in agentic systems (tool calling, JSON mode)

Built for agent and function-calling workloads. In testing this model reaches L5 Agentic complexity and is strongest at: knowledge, instruction_following, reasoning, coding, structured_output, long_context. The repo ships a machine-readable scorecard.json with an agent_hint block (max complexity level, recommended tasks, size/VRAM) so an orchestrator can pick the right model automatically. Pair it with a governance layer (see below) for bounded, audited tool use.

For AI safety & security leaders

Every build in this repo ships with a first-party validation record: an OWASP-mapped security scan (ModelScan supply-chain + garak red-team), a transparency probe (topic-suppression / over-refusal / viewpoint-alignment), quantization fidelity (KL-divergence vs the original), and SHA-256 checksums for tamper verification. This is a documented self-assessment โ€” not third-party certification โ€” with every result included so your team can see exactly what was tested and independently verify the model and its checksums. Keywords: LLM security, model governance, agent safety, OWASP LLM Top 10, local/on-prem inference, supply-chain integrity.


About SmartTasks & IAIso

SmartTasks builds tooling for governed, agentic AI workflows. This model was converted and validated with the **SmartTasks GGUF

  • MoE pipeline** โ€” our proprietary conversion and validation system.

IAIso โ€” governance for agent loops

IAIso is our open framework for bounding what an autonomous agent spends and touches, and proving it afterward. Three primitives: pressure-accumulation rate limiting (one scalar that rises with tokens, tool calls, and planning depth, and triggers an automatic safety release), ConsentScope (signed, scoped, expiring tokens gating sensitive operations), and structured audit (every state change emits a versioned event). It bounds a cooperating agent in-process; for adversarial containment bind it to an out-of-process anchor. (Framework 5.0 ยท SDK 0.2.0 ยท beta โ€” you supply your own thresholds/coefficients for your workload.)

pip install iaiso   # Python SDK (the only published package today)
from iaiso import BoundedExecution, PressureConfig

with BoundedExecution.start(config=PressureConfig()) as execution:
    outcome = execution.record_tool_call(name="search", tokens=500)
    if outcome.name == "ESCALATED":
        ...  # request human review before the next expensive step

Go, Rust, Node/TypeScript, Java, C#, PHP, Swift and Ruby SDKs implement the same spec and live in the repo's core/ (build from source โ€” not yet published to their registries). See the repo for conformance vectors and LIMITATIONS.md.

Downloads last month
113
GGUF
Model size
4B params
Architecture
qwen3
Hardware compatibility
Log In to add your hardware

3-bit

4-bit

5-bit

6-bit

8-bit

Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support

Model tree for smarttasks/Qwen3-4B-GGUF

Finetuned
Qwen/Qwen3-4B
Quantized
(249)
this model