OpenMythos / README.md
himanshu17HF's picture
Update README.md
978fe3e verified
|
Raw
History Blame
4.94 kB
---
title: OpenMythos
emoji: πŸ›‘οΈ
colorFrom: gray
colorTo: indigo
sdk: gradio
sdk_version: 6.18.0
python_version: '3.13'
app_file: app.py
pinned: true
short_description: An Open Source Cyber Security Agent
license: apache-2.0
---
# openMythos 🌌
**Paste your codebase. Our AI security agent audits the repository** β€” a multi-level vulnerability analysis, a visual dependency risk path, a declared threat level β€” then generates an instant, verifiable hotfix patch before threat actors can exploit it.
Built during the **Hugging Face Small Gradio Hackathon**, openMythos democratizes cutting-edge security auditing. It bridges an immersive retro terminal interface with the elite agentic reasoning and long-context preservation architecture of a fine-tuned dense model.
> ⚠️ **Proactive Defense.** This platform is engineered for defensive security intelligence. It aims to discover flaws, memory leaks, security configurations, and input bugs instantly, empowering software engineering teams to deploy hotfixes long before a threat vector is weaponized.
---
## ▢️ See it in action
- **Demo video:** TODO β€” Watch the Social Media Demo Video & Technical Explainer Post
- **Social post:** TODO β€” Paste your launch post link here
---
## Why it's worth a look
- 🧠 **Deep Agentic Reasoning, Not a Basic RegEx Scanner.** Powered by a specialized Qwen3.6-27B foundation architecture, openMythos maps complex variable trails and dependency structures across entire software repositories during a single security sweep using its native long-context window.
- 🎨 **Immersive Retro UI.** No default Gradio look: a distraction-free retro terminal architecture optimized for low-latency code-auditing loops.
- πŸ”Œ **100% Local & Privacy-First.** Designed as a fully open-source alternative to proprietary security intelligence layers (like Claude's Mythos model). It can be run entirely locally, requiring zero internet connectivity or external dependencies to operate.
---
## How it works
A multi-stage engineering pipeline built around aggregated, industry-standard security sources:
| Stage | Role | Source Data / Methodology |
|:-----:|------|---------------------------|
| **1** | **Data Prep & Aggregation** | Incident reports, GitHub Advisory, VulnHub, and papers. Rigorously trained on BigVul-Filtered and Arvix-Filtered sets. |
| **2** | **Initial Fine-Tuning (SFT)** | Supervised Fine-Tuning on cybersecurity tasks. Qwen3.6-27B Base (Up to 262k+ token context window). |
| **3** | **Reinforcement Learning (RLVR)** | Verifiable Reward via vulnerable vs. fixed repo branches. Verified by a separate evaluation model checking fixes. |
| **4** | **Rigorous Evaluation** | Benchmarked against CyberGYM and SWE Bench Verified. Evaluates historical vulnerabilities and code generation. |
The entire pipeline leverages highly specialized weights to ensure an elite vulnerability discovery rate. No massive API dependencies anywhere: a clever chain of targeted engineering (**prepare β†’ SFT β†’ RLVR β†’ verify**) delivers the whole security suite.
```
Raw Codebase Input
└─▢ Stage 1: Data Prep ─ BigVul & arXiv research paper data curation
└─▢ Stage 2: SFT Train ─ Supervised fine-tuning on targeted cybersecurity tasks
└─▢ Stage 3: RLVR Refinement ─ Reinforcement Learning via Verifiable Rewards (Vulnerable vs Fixed Code)
+ CyberGYM & SWE Bench verification models
+ Retro Terminal UI output
β†’ Instantly remediated source-code patch
```
---
## Tech
- **Frontend:** This Gradio 6 Space using an immersive terminal configuration.
- **Base Architecture Alternative Options:** While utilizing Qwen3.6-27B, the training framework also supports Devstral-Small-2-24B, Magistral-Small, gemma-4-12B-it, and gpt-oss-20b.
- **Data Integrations:** Hardwired to ingest top-tier vulnerability streams like BigVul-Filtered and ArvixImport-Filtered-Final.
---
## Run it locally
```bash
# Clone the repository and initialize the security agent interface locally
python app.py
```
---
## 🀝 Project Contributors & Ecosystem Credits
Developed with ❀️ during the **Hugging Face Small Gradio Hackathon** by:
- **KingNish** – [HuggingFace Profile](https://huggingface.co/KingNish)
- **Himanshu** – [HuggingFace Profile](https://huggingface.co/Himanshu)
---
## πŸ“œ Citations & Academic Attributions
```bibtex
@misc{openmythos2026,
title = {openMythos: Defensive Security Code-Auditing Agent Interface via Qwen3.6 Context Preservation},
author = {KingNish and Himanshu},
year = {2026},
howpublished = {Hugging Face Small Gradio Hackathon Project Suite}
}
@misc{qwen3.6-27b,
title = {{Qwen3.6-27B}: Flagship-Level Coding in a {27B} Dense Model},
author = {{Qwen Team}},
month = {April},
year = {2026},
url = {https://qwen.ai/blog?id=qwen3.6-27b}
}