Hugging Face's logo

madox81
/
SmolLM2-Cyber-Insight

Text Generation
Transformers
Safetensors
English
llama
text-generation-inference
unsloth
conversational
Model card Files
xet
Community

Uploaded finetuned model

  • Developed by: madox81
  • License: apache-2.0
  • Finetuned from model : unsloth/SmolLM2-1.7b-Instruct

This llama model was trained 2x faster with Unsloth and Huggingface's TRL library.

Smollm2_Cyber_Insight

Model Overview

Smollm2_Cyber_Insight is a lightweight domain-adapted language model fine-tuned for cybersecurity threat analysis tasks.
The model specializes in interpreting short textual descriptions of security incidents and producing structured (JSON) security insights.

  • Base Model: smollm2-1.7b-instruct
  • Architecture: SmolLM2
  • Training Method: LoRA fine-tuning
  • Domain: Cyber Threat Analysis
  • Model Size: ~1.7B parameters

Capabilities

The model supports the following tasks:

  • Mapping incidents to MITRE ATT&CK tactics
  • Identifying possible attack techniques
  • Assessing incident severity and potential business impact
  • Assisting in structured cybersecurity analysis

Intended Use

This model is suitable for:

  • Cyber threat intelligence experiments
  • NLP research in cybersecurity
  • Cybersecurity research
  • Prototyping AI-assisted SOC tools

Limitations

  • Predictions are probabilistic and may require analyst validation
  • Performance depends on similarity to training data
  • Not intended for autonomous security decision-making

Training Data

The model was trained on a specialized cybersecurity dataset madox81/mittre_severity_ds containing incident descriptions and structured labels including:

  • attack tactics
  • attack techniques
  • incident severity indicators.

Example Prompt 

Map the following security event to MITRE ATT&CK tactics and techniques.
Input: rule apt_lolbin { strings: $a = "certutil.exe" nocase; $b = "-urlfetch" nocase; condition: $a and $b }

Identify the ATT&CK tactics and techniques in this data.
Input: selection: EventName: 'UpdateDomainNameservers' AND SourceIPAddress not in ('aws-internal')

Classify this cybersecurity event into MITRE ATT&CK framework.
Input: rule apt_wasm { strings: $a = "WebAssembly.compile" nocase; $b = "fetch" nocase; condition: $a and $b }

Map the following security event to MITRE ATT&CK tactics and techniques.
Input: Incident Type: Data Breach
Target: MongoDB Instance
Vector: Weak Authentication

Assess the severity and business risk of the following incident.
Input: Incident: Phishing affecting HR Accounts.

Analyze the business risk and severity for the input below.
Input: Incident: Supply Chain Attack affecting CI/CD Pipeline.

Rate the severity (Low/Medium/High/Critical) and impact of this event.
Input: Incident: Credential Dumping affecting Windows Domain Controller.

License

Refer to the base model license.

Downloads last month
133
Safetensors
Model size
2B params
Tensor type
BF16
·
Inference Providers NEW
Text Generation
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Dataset used to train madox81/SmolLM2-Cyber-Insight

Space using madox81/SmolLM2-Cyber-Insight 1