Mungert/Foundation-Sec-8B-GGUF

Foundation-Sec-8B GGUF Models

Model Generation Details

This model was generated using llama.cpp at commit 19e899c.

Ultra-Low-Bit Quantization with IQ-DynamicGate (1-2 bit)

Our latest quantization method introduces precision-adaptive quantization for ultra-low-bit models (1-2 bit), with benchmark-proven improvements on Llama-3-8B. This approach uses layer-specific strategies to preserve accuracy while maintaining extreme memory efficiency.

Benchmark Context

All tests conducted on Llama-3-8B-Instruct using:

• Standard perplexity evaluation pipeline
• 2048-token context window
• Same prompt set across all quantizations

Method

• Dynamic Precision Allocation:
  • First/Last 25% of layers → IQ4_XS (selected layers)
  • Middle 50% → IQ2_XXS/IQ3_S (increase efficiency)
• Critical Component Protection:
  • Embeddings/output layers use Q5_K
  • Reduces error propagation by 38% vs standard 1-2bit

Quantization Performance Comparison (Llama-3-8B)

Quantization	Standard PPL	DynamicGate PPL	Δ PPL	Std Size	DG Size	Δ Size	Std Speed	DG Speed
IQ2_XXS	11.30	9.84	-12.9%	2.5G	2.6G	+0.1G	234s	246s
IQ2_XS	11.72	11.63	-0.8%	2.7G	2.8G	+0.1G	242s	246s
IQ2_S	14.31	9.02	-36.9%	2.7G	2.9G	+0.2G	238s	244s
IQ1_M	27.46	15.41	-43.9%	2.2G	2.5G	+0.3G	206s	212s
IQ1_S	53.07	32.00	-39.7%	2.1G	2.4G	+0.3G	184s	209s

Key:

• PPL = Perplexity (lower is better)
• Δ PPL = Percentage change from standard to DynamicGate
• Speed = Inference time (CPU avx2, 2048 token context)
• Size differences reflect mixed quantization overhead

Key Improvements:

• 🔥 IQ1_M shows massive 43.9% perplexity reduction (27.46 → 15.41)
• 🚀 IQ2_S cuts perplexity by 36.9% while adding only 0.2GB
• ⚡ IQ1_S maintains 39.7% better accuracy despite 1-bit quantization

Tradeoffs:

• All variants have modest size increases (0.1-0.3GB)
• Inference speeds remain comparable (<5% difference)

When to Use These Models

📌 Fitting models into GPU VRAM

✔ Memory-constrained deployments

✔ Cpu and Edge Devices where 1-2bit errors can be tolerated

✔ Research into ultra-low-bit quantization

Choosing the Right Model Format

Selecting the correct model format depends on your hardware capabilities and memory constraints.

BF16 (Brain Float 16) – Use if BF16 acceleration is available

• A 16-bit floating-point format designed for faster computation while retaining good precision.
• Provides similar dynamic range as FP32 but with lower memory usage.
• Recommended if your hardware supports BF16 acceleration (check your device's specs).
• Ideal for high-performance inference with reduced memory footprint compared to FP32.

📌 Use BF16 if:
✔ Your hardware has native BF16 support (e.g., newer GPUs, TPUs).
✔ You want higher precision while saving memory.
✔ You plan to requantize the model into another format.

📌 Avoid BF16 if:
❌ Your hardware does not support BF16 (it may fall back to FP32 and run slower).
❌ You need compatibility with older devices that lack BF16 optimization.

---

F16 (Float 16) – More widely supported than BF16

• A 16-bit floating-point high precision but with less of range of values than BF16.
• Works on most devices with FP16 acceleration support (including many GPUs and some CPUs).
• Slightly lower numerical precision than BF16 but generally sufficient for inference.

📌 Use F16 if:
✔ Your hardware supports FP16 but not BF16.
✔ You need a balance between speed, memory usage, and accuracy.
✔ You are running on a GPU or another device optimized for FP16 computations.

📌 Avoid F16 if:
❌ Your device lacks native FP16 support (it may run slower than expected).
❌ You have memory limitations.

---

Quantized Models (Q4_K, Q6_K, Q8, etc.) – For CPU & Low-VRAM Inference

Quantization reduces model size and memory usage while maintaining as much accuracy as possible.

• Lower-bit models (Q4_K) → Best for minimal memory usage, may have lower precision.
• Higher-bit models (Q6_K, Q8_0) → Better accuracy, requires more memory.

📌 Use Quantized Models if:
✔ You are running inference on a CPU and need an optimized model.
✔ Your device has low VRAM and cannot load full-precision models.
✔ You want to reduce memory footprint while keeping reasonable accuracy.

📌 Avoid Quantized Models if:
❌ You need maximum accuracy (full-precision models are better for this).
❌ Your hardware has enough VRAM for higher-precision formats (BF16/F16).

---

Very Low-Bit Quantization (IQ3_XS, IQ3_S, IQ3_M, Q4_K, Q4_0)

These models are optimized for extreme memory efficiency, making them ideal for low-power devices or large-scale deployments where memory is a critical constraint.

• IQ3_XS: Ultra-low-bit quantization (3-bit) with extreme memory efficiency.

  • Use case: Best for ultra-low-memory devices where even Q4_K is too large.
  • Trade-off: Lower accuracy compared to higher-bit quantizations.

• IQ3_S: Small block size for maximum memory efficiency.

  • Use case: Best for low-memory devices where IQ3_XS is too aggressive.

• IQ3_M: Medium block size for better accuracy than IQ3_S.

  • Use case: Suitable for low-memory devices where IQ3_S is too limiting.

• Q4_K: 4-bit quantization with block-wise optimization for better accuracy.

  • Use case: Best for low-memory devices where Q6_K is too large.

• Q4_0: Pure 4-bit quantization, optimized for ARM devices.

  • Use case: Best for ARM-based devices or low-memory environments.

---

Summary Table: Model Format Selection

Model Format	Precision	Memory Usage	Device Requirements	Best Use Case
BF16	Highest	High	BF16-supported GPU/CPUs	High-speed inference with reduced memory
F16	High	High	FP16-supported devices	GPU inference when BF16 isn't available
Q4_K	Medium Low	Low	CPU or Low-VRAM devices	Best for memory-constrained environments
Q6_K	Medium	Moderate	CPU with more memory	Better accuracy while still being quantized
Q8_0	High	Moderate	CPU or GPU with enough VRAM	Best accuracy among quantized models
IQ3_XS	Very Low	Very Low	Ultra-low-memory devices	Extreme memory efficiency and low accuracy
Q4_0	Low	Low	ARM or low-memory devices	llama.cpp can optimize for ARM devices

---

Included Files & Details

Foundation-Sec-8B-bf16.gguf

• Model weights preserved in BF16.
• Use this if you want to requantize the model into a different format.
• Best if your device supports BF16 acceleration.

Foundation-Sec-8B-f16.gguf

• Model weights stored in F16.
• Use if your device supports FP16, especially if BF16 is not available.

Foundation-Sec-8B-bf16-q8_0.gguf

• Output & embeddings remain in BF16.
• All other layers quantized to Q8_0.
• Use if your device supports BF16 and you want a quantized version.

Foundation-Sec-8B-f16-q8_0.gguf

• Output & embeddings remain in F16.
• All other layers quantized to Q8_0.

Foundation-Sec-8B-q4_k.gguf

• Output & embeddings quantized to Q8_0.
• All other layers quantized to Q4_K.
• Good for CPU inference with limited memory.

Foundation-Sec-8B-q4_k_s.gguf

• Smallest Q4_K variant, using less memory at the cost of accuracy.
• Best for very low-memory setups.

Foundation-Sec-8B-q6_k.gguf

• Output & embeddings quantized to Q8_0.
• All other layers quantized to Q6_K .

Foundation-Sec-8B-q8_0.gguf

• Fully Q8 quantized model for better accuracy.
• Requires more memory but offers higher precision.

Foundation-Sec-8B-iq3_xs.gguf

• IQ3_XS quantization, optimized for extreme memory efficiency.
• Best for ultra-low-memory devices.

Foundation-Sec-8B-iq3_m.gguf

• IQ3_M quantization, offering a medium block size for better accuracy.
• Suitable for low-memory devices.

Foundation-Sec-8B-q4_0.gguf

• Pure Q4_0 quantization, optimized for ARM devices.
• Best for low-memory environments.
• Prefer IQ4_NL for better accuracy.

🚀 If you find these models useful

❤ Please click "Like" if you find this useful!
Help me test my AI-Powered Network Monitor Assistant with quantum-ready security checks:
👉 Free Network Monitor

💬 How to test:
Choose an AI assistant type:

• TurboLLM (GPT-4o-mini)
• HugLLM (Hugginface Open-source)
• TestLLM (Experimental CPU-only)

What I’m Testing

I’m pushing the limits of small open-source models for AI network monitoring, specifically:

• Function calling against live network services
• How small can a model go while still handling:
  • Automated Nmap scans
  • Quantum-readiness checks
  • Network Monitoring tasks

🟡 TestLLM – Current experimental model (llama.cpp on 2 CPU threads):

• ✅ Zero-configuration setup
• ⏳ 30s load time (slow inference but no API costs)
• 🔧 Help wanted! If you’re into edge-device AI, let’s collaborate!

Other Assistants

🟢 TurboLLM – Uses gpt-4o-mini for:

• Create custom cmd processors to run .net code on Free Network Monitor Agents
• Real-time network diagnostics and monitoring
• Security Audits
• Penetration testing (Nmap/Metasploit)
• 🔑 Get more tokens by logging in or downloading our Free Network Monitor Agent with integrated AI Assistant

🔵 HugLLM – Latest Open-source models:

• 🌐 Runs on Hugging Face Inference API

💡 Example commands to you could test:

1. "Give me info on my websites SSL certificate"
2. "Check if my server is using quantum safe encyption for communication"
3. "Run a comprehensive security audit on my server"
4. '"Create a cmd processor to .. (what ever you want)" Note you need to install a Free Network Monitor Agent to run the .net code from. This is a very flexible and powerful feature. Use with caution!

Foundation-Sec-8B - Model Card

Model Information

Foundation-Sec-8B (Llama-3.1-FoundationAI-SecurityLLM-base-8B) is an open-weight, 8-billion parameter base language model specialized for cybersecurity applications. It extends Llama-3.1-8B model through continued pretraining on a curated corpus of cybersecurity-specific text, including threat intelligence reports, vulnerability databases, incident response documentation, and security standards. It has been trained to understand security concepts, terminology, and practices across multiple security domains. The model is designed to serve as a domain-adapted base model for use in applications such as threat detection, vulnerability assessment, security automation, and attack simulation. Foundation-Sec-8B enables organizations to build AI-driven security tools that can be deployed locally, reducing dependency on cloud-based AI services while maintaining high performance on security-related tasks.

• Model Name: Foundation-Sec-8B (Llama-3.1-FoundationAI-SecurityLLM-base-8B)
• Model Developer: Amin Karbasi and team at Foundation AI — Cisco
• Technical Report: https://arxiv.org/abs/2504.21039
• Model Card Contact: For questions about the team, model usage, and future directions, contact [email protected]. For technical questions about the model, please contact [email protected].
• Model Release Date: April 28, 2025
• Supported Language(s): English
• Model Architecture: Auto-regressive language model that uses an optimized transformer architecture (Meta Llama-3.1-8B backbone)
• Training Objective: Continued pre-training on cybersecurity-specific corpus
• Training Data Status: This is a static model trained on an offline dataset. Future versions of the tuned models will be released on updated data.
• License: Apache 2.0

Intended Use

Intended Use Cases

Foundation-Sec-8B is designed for security practitioners, researchers, and developers building AI-powered security workflows and applications. Foundation-Sec-8B is optimized for three core use case categories:

• SOC Acceleration: Automating triage, summarization, case note generation, and evidence collection.
• Proactive Threat Defense: Simulating attacks, prioritizing vulnerabilities, mapping TTPs, and modeling attacker behavior.
• Engineering Enablement: Providing security assistance, validating configurations, assessing compliance evidence, and improving security posture.

The model is intended for local deployment in environments prioritizing data security, regulatory compliance, and operational control.

Downstream Use

Foundation-Sec-8B can be used directly for security-related language tasks and serves as a strong starting point for fine-tuning across a variety of cybersecurity workflows. Example downstream applications include:

• Summarization
  • Summarizing detection playbooks and incident reports
  • Consolidating fragmented analyst notes into structured case summaries
• Classification
  • Mapping threats to MITRE ATT&CK techniques
  • Prioritizing vulnerabilities based on contextual risk
  • Classifying security-relevant emails and leaked file contents
• Named Entity Recognition
  • Extracting compliance evidence from documents
  • Building network behavior profiles from technical manuals
• Question & Answer
  • Assisting SOC analysts with alert triage and investigation
  • Responding to cloud security and software compliance queries
• Reasoning and Text Generation
  • Generating red-team attack plans and threat models
  • Predicting attacker next steps in active investigations
  • Enriching vulnerability scan results with contextual insights

For questions or assistance with fine-tuning Foundation-Sec-8B, please contact Paul Kassianik ([email protected]) or Dhruv Kedia ([email protected]).

Out-of-Scope Use

The following uses are out-of-scope and are neither recommended nor intended use cases:

1. Generating harmful content - The model should not be used to:
   • Generate malware or other malicious code
   • Create phishing content or social engineering scripts
   • Develop attack plans targeting specific organizations
   • Design exploitation techniques for vulnerabilities without legitimate security research purposes
2. Critical security decisions without human oversight - The model should not be used for:
   • Autonomous security decision-making without human review
   • Critical infrastructure protection without expert supervision
   • Final determination of security compliance without human verification
   • Autonomous vulnerability remediation without testing
3. Legal or medical advice - The model is not qualified to provide:
   • Legal advice regarding security regulations, compliance requirements, or intellectual property disputes
   • Legal advice regarding security issues that would reference legal statutes, precedents, or case law necessary to provide legal advice
   • Medical advice regarding health impacts of security incidents
4. Non-security use cases - The model is specifically optimized for cybersecurity and may not perform as well on general tasks as models trained for broader applications.
5. Violation of Laws or Regulations - Any use that violates applicable laws or regulations.

How to Get Started with the Model

Use the code below to get started with the model.

# Import the required libraries
import torch
from transformers import AutoTokenizer, AutoModelForCausalLM

# Load the model and tokenizer
tokenizer = AutoTokenizer.from_pretrained("fdtn-ai/Foundation-Sec-8B")
model = AutoModelForCausalLM.from_pretrained("fdtn-ai/Foundation-Sec-8B")

# Example: Matching CWE to CVE IDs
prompt="""CVE-2021-44228 is a remote code execution flaw in Apache Log4j2 via unsafe JNDI lookups (“Log4Shell”). The CWE is CWE-502.

CVE-2017-0144 is a remote code execution vulnerability in Microsoft’s SMBv1 server (“EternalBlue”) due to a buffer overflow. The CWE is CWE-119.

CVE-2014-0160 is an information-disclosure bug in OpenSSL’s heartbeat extension (“Heartbleed”) causing out-of-bounds reads. The CWE is CWE-125.

CVE-2017-5638 is a remote code execution issue in Apache Struts 2’s Jakarta Multipart parser stemming from improper input validation of the Content-Type header. The CWE is CWE-20.

CVE-2019-0708 is a remote code execution vulnerability in Microsoft’s Remote Desktop Services (“BlueKeep”) triggered by a use-after-free. The CWE is CWE-416.

CVE-2015-10011 is a vulnerability about OpenDNS OpenResolve improper log output neutralization. The CWE is"""

# Tokenize the input
inputs = tokenizer(prompt, return_tensors="pt")

# Generate the response
outputs = model.generate(
    inputs["input_ids"],
    max_new_tokens=3,
    do_sample=True,
    temperature=0.1,
    top_p=0.9,
)

# Decode and print the response
response = tokenizer.decode(outputs[0], skip_special_tokens=True)
response = response.replace(prompt, "").strip()
print(response)

Training and Evaluation

Training Data

Foundation-sec-8B was pretrained on approximately 5.1 billion tokens of cybersecurity-specific data curated in-house by Cisco’s Foundation AI team. The dataset was meticulously collected from public sources on the web.

The pre-training corpus was built through a multi-stage pipeline that included large-scale web crawling, relevancy filtering, deduplication, and quality filtering.

Data cutoff: April 10th, 2025.

More detailed methodology is available in the technical report.

Training Setup

Foundation-sec-8B is based on the Llama 3.1 8B architecture. Pre-training was performed on Cisco Foundation AI’s internal compute cluster.

Key training details:

• Continued pretraining for cybersecurity specialization
• 4096-token sequence length
• Optimizer: AdamW

More detailed methodology is available in the technical report.

Evaluation

Foundation-sec-8B was benchmarked on cybersecurity and general reasoning tasks, using a standardized 5-shot prompting setup (temperature = 0.3).

Benchmark	Foundation-sec-8B	Llama 3.1 8B	Llama 3.1 70B
CTI-MCQA	67.39	64.14	68.23
CTI-RCM	75.26	66.43	72.66

Benchmark Overview:

• CTI-MCQA: 2,500 multiple-choice questions testing cybersecurity knowledge across frameworks like MITRE ATT&CK, NIST, GDPR, and threat intelligence best practices.
• CTI-RCM: 900+ vulnerability root cause mapping examples linking CVEs to CWE categories, assessing deep understanding of security weaknesses.

Key highlights:

• +3 to +9 point gains over Llama-3.1-8B across security-specific benchmarks.
• Comparable or better performance than Llama-3.1-70B on cyber threat intelligence tasks.
• Minimal drop (~2%) in general language reasoning (MMLU) despite cybersecurity specialization.

For full benchmark details and evaluation methodology, please refer to the technical report.

Limitations

Foundation-Sec-8B has several limitations that users should be aware of:

1. Domain-specific knowledge limitations:
   • Foundation-Sec-8B may not be familiar with recent vulnerabilities, exploits, or novel attack vectors or security technologies released after its training cutoff date
   • Knowledge of specialized or proprietary security systems or tools may be limited
2. Potential biases:
   • The model may reflect biases present in security literature and documentation
   • The model may be trained on known attack patterns and have difficulty recognizing novel attack vectors
   • Security practices and recommendations may be biased toward certain technological ecosystems
   • Geographic and cultural biases in security approaches may be present
3. Security risks:
   • The model cannot verify the identity or intentions of users
   • Adversarial prompting techniques might potentially bypass safety mechanisms
   • The model may unintentionally provide information that could be misused if proper prompting guardrails are not implemented
4. Contextual blindness:
   • The model may struggle to understand the complex interrelationships between systems, users, and data in order to provide accurate context.
5. Technical limitations:
   • Performance varies based on how security concepts are described in prompts
   • May not fully understand complex, multi-step security scenarios without clear explanation
   • Cannot access external systems or actively scan environments
   • Cannot independently verify factual accuracy of its outputs
6. Ethical considerations:
   • Dual-use nature of security knowledge requires careful consideration of appropriate use cases

Recommendations

To address the limitations of Foundation-Sec-8B, we recommend:

1. Human oversight:
   • Always have qualified security professionals review model outputs before implementation
   • Use the model as an assistive tool rather than a replacement for expert human judgment
   • Implement a human-in-the-loop approach for security-critical applications
2. System design safeguards:
   • Implement additional validation layers for applications built with this model
   • Consider architectural constraints that limit the model's ability to perform potentially harmful actions (excessive agency)
   • Deploy the model in environments with appropriate access controls
3. Prompt engineering:
   • Use carefully designed prompts that encourage ethical security practices
   • Include explicit instructions regarding responsible disclosure and ethical hacking principles
   • Structure interactions to minimize the risk of inadvertently harmful outputs
4. Knowledge supplementation:
   • Supplement the model with up-to-date security feeds and databases
   • Implement retrieval-augmented generation for current threat intelligence sources
5. Usage policies:
   • Develop and enforce clear acceptable use policies for applications using this model
   • Implement monitoring and auditing for high-risk applications
   • Create documentation for end users about the model's limitations