| --- |
| title: OpenMythos |
| emoji: π‘οΈ |
| colorFrom: gray |
| colorTo: indigo |
| sdk: gradio |
| sdk_version: 6.18.0 |
| python_version: '3.13' |
| app_file: app.py |
| pinned: true |
| short_description: An Open Source Cyber Security Agent |
| license: apache-2.0 |
| --- |
| |
| # openMythos π |
|
|
| **Paste your codebase. Our AI security agent audits the repository** β a multi-level vulnerability analysis, a visual dependency risk path, a declared threat level β then generates an instant, verifiable hotfix patch before threat actors can exploit it. |
|
|
| Built during the **Hugging Face Small Gradio Hackathon**, openMythos democratizes cutting-edge security auditing. It bridges an immersive retro terminal interface with the elite agentic reasoning and long-context preservation architecture of a fine-tuned dense model. |
|
|
| > β οΈ **Proactive Defense.** This platform is engineered for defensive security intelligence. It aims to discover flaws, memory leaks, security configurations, and input bugs instantly, empowering software engineering teams to deploy hotfixes long before a threat vector is weaponized. |
|
|
| --- |
|
|
| ## βΆοΈ See it in action |
|
|
| - **Demo video:** TODO β Watch the Social Media Demo Video & Technical Explainer Post |
| - **Social post:** TODO β Paste your launch post link here |
|
|
| --- |
|
|
| ## Why it's worth a look |
|
|
| - π§ **Deep Agentic Reasoning, Not a Basic RegEx Scanner.** Powered by a specialized Qwen3.6-27B foundation architecture, openMythos maps complex variable trails and dependency structures across entire software repositories during a single security sweep using its native long-context window. |
|
|
| - π¨ **Immersive Retro UI.** No default Gradio look: a distraction-free retro terminal architecture optimized for low-latency code-auditing loops. |
|
|
| - π **100% Local & Privacy-First.** Designed as a fully open-source alternative to proprietary security intelligence layers (like Claude's Mythos model). It can be run entirely locally, requiring zero internet connectivity or external dependencies to operate. |
|
|
| --- |
|
|
| ## How it works |
|
|
| A multi-stage engineering pipeline built around aggregated, industry-standard security sources: |
|
|
| | Stage | Role | Source Data / Methodology | |
| |:-----:|------|---------------------------| |
| | **1** | **Data Prep & Aggregation** | Incident reports, GitHub Advisory, VulnHub, and papers. Rigorously trained on BigVul-Filtered and Arvix-Filtered sets. | |
| | **2** | **Initial Fine-Tuning (SFT)** | Supervised Fine-Tuning on cybersecurity tasks. Qwen3.6-27B Base (Up to 262k+ token context window). | |
| | **3** | **Reinforcement Learning (RLVR)** | Verifiable Reward via vulnerable vs. fixed repo branches. Verified by a separate evaluation model checking fixes. | |
| | **4** | **Rigorous Evaluation** | Benchmarked against CyberGYM and SWE Bench Verified. Evaluates historical vulnerabilities and code generation. | |
|
|
| The entire pipeline leverages highly specialized weights to ensure an elite vulnerability discovery rate. No massive API dependencies anywhere: a clever chain of targeted engineering (**prepare β SFT β RLVR β verify**) delivers the whole security suite. |
|
|
| ``` |
| Raw Codebase Input |
| βββΆ Stage 1: Data Prep β BigVul & arXiv research paper data curation |
| βββΆ Stage 2: SFT Train β Supervised fine-tuning on targeted cybersecurity tasks |
| βββΆ Stage 3: RLVR Refinement β Reinforcement Learning via Verifiable Rewards (Vulnerable vs Fixed Code) |
| + CyberGYM & SWE Bench verification models |
| + Retro Terminal UI output |
| β Instantly remediated source-code patch |
| ``` |
|
|
| --- |
|
|
| ## Tech |
|
|
| - **Frontend:** This Gradio 6 Space using an immersive terminal configuration. |
| - **Base Architecture Alternative Options:** While utilizing Qwen3.6-27B, the training framework also supports Devstral-Small-2-24B, Magistral-Small, gemma-4-12B-it, and gpt-oss-20b. |
| - **Data Integrations:** Hardwired to ingest top-tier vulnerability streams like BigVul-Filtered and ArvixImport-Filtered-Final. |
|
|
| --- |
|
|
| ## Run it locally |
|
|
| ```bash |
| # Clone the repository and initialize the security agent interface locally |
| python app.py |
| ``` |
|
|
| --- |
|
|
| ## π€ Project Contributors & Ecosystem Credits |
|
|
| Developed with β€οΈ during the **Hugging Face Small Gradio Hackathon** by: |
|
|
| - **KingNish** β [HuggingFace Profile](https://huggingface.co/KingNish) |
| - **Himanshu** β [HuggingFace Profile](https://huggingface.co/Himanshu) |
|
|
| --- |
|
|
| ## π Citations & Academic Attributions |
|
|
| ```bibtex |
| @misc{openmythos2026, |
| title = {openMythos: Defensive Security Code-Auditing Agent Interface via Qwen3.6 Context Preservation}, |
| author = {KingNish and Himanshu}, |
| year = {2026}, |
| howpublished = {Hugging Face Small Gradio Hackathon Project Suite} |
| } |
| |
| @misc{qwen3.6-27b, |
| title = {{Qwen3.6-27B}: Flagship-Level Coding in a {27B} Dense Model}, |
| author = {{Qwen Team}}, |
| month = {April}, |
| year = {2026}, |
| url = {https://qwen.ai/blog?id=qwen3.6-27b} |
| } |
| |