--- license: apache-2.0 language: - en base_model: fdtn-ai/Foundation-Sec-8B pipeline_tag: text-generation library_name: transformers tags: - security - llama - gguf - quantization --- # Foundation-Sec-8B-Q4_K_M-GGUF Model Card **This model was quantized from [fdtn-ai/Foundation-Sec-8B](https://huggingface.co/fdtn-ai/Foundation-Sec-8B) to an 4-bit (Q4_K_M) GGUF checkpoint using llama.cpp. It retains the cybersecurity specialization of the original 8-billion-parameter model while reducing the memory footprint from approximately 16GB (BF16) to around 4.92GB (Q4_K_M) for inference.** ## Model Description `fdtn-ai/Foundation-Sec-8B-Q4_K_M-GGUF` is an 4-bit quantized variant of **Foundation-Sec-8B** — an 8B-parameter LLaMA 3.1–based model that was continued-pretrained on a curated corpus of cybersecurity-specific text (e.g., CVEs, threat intel reports, exploit write-ups, compliance guides). The base model was originally released on April 28, 2025 under Apache 2.0, and excels at tasks such as: - **Threat intelligence summarization** (e.g., summarizing CVE details) - **Vulnerability classification** (mapping CVEs/CWEs to MITRE ATT&CK) - **Incident triage assistance** (extracting IoCs, summarizing log data) - **Red-team simulation prompts** and **security-workflow generation** Rather than re-uploading or replicating the entire training details, please refer to the original model card for foundational architecture, training data, evaluation results, and known limitations. ## Quantization Details - **Quantization Scheme:** 4-bit, GPTQ-inspired “Q4_K_M” (vector-wise quantization with per-group scales) - **Toolchain:** Converted via [llama.cpp’s export utilities](https://github.com/ggml-org/llama.cpp) (commit `v0.1.81` or newer) to GGUF format. - **Resulting File Size:** ~ 4.92 GB on disk (raw GGUF blob) - **Runtime Footprint:** - Memory: ≈ 4.94 GB of RAM when loaded on CPU with llama.cpp - **Format:** - File extension: `.gguf` - Internally contains: 1. Metadata (architecture, tokenizer vocab, hyperparameters) 2. Vocabulary list (BPE tokens) 3. Weight tensors (for each layer and head) stored in 4-bit quantized form - Compliant with LlamaCpp Python wrapper (`llama_cpp`) and C++ CLI (`llama.cpp`) inference engines ## How to Use ### Install llama.cpp on Mac Use Homebrew: ```bash brew install llama-cpp ``` or install from scratch: ```bash # Install dependencies brew install cmake # Clone and build llama.cpp git clone https://github.com/ggml-org/llama.cpp.git cd llama.cpp make # Add to PATH (optional) sudo cp llama-cli /usr/local/bin/ ``` ### Run the Model ```bash llama-cli -m foundation-sec-8b-q4_k_m.gguf -p "CVE-2021-44228 is a remote code execution flaw in Apache Log4j2 via unsafe JNDI lookups (\"Log4Shell\"). The CWE is CWE-502.\n\nCVE-2017-0144 is a remote code execution vulnerability in Microsoft's SMBv1 server (\"EternalBlue\") due to a buffer overflow. The CWE is CWE-119.\n\nCVE-2014-0160 is an information-disclosure bug in OpenSSL's heartbeat extension (\"Heartbleed\") due to out-of-bounds reads. The CWE is CWE-125.\n\nCVE-2017-5638 is a remote code execution issue in Apache Struts 2's Jakarta Multipart parser stemming from improper input validation of the Content-Type header. The CWE is CWE-20.\n\nCVE-2019-0708 is a remote code execution vulnerability in Microsoft's Remote Desktop Services (\"BlueKeep\") triggered by a use-after-free. The CWE is CWE-416.\n\nCVE-2015-10011 is a vulnerability about OpenDNS OpenResolve improper log output neutralization. The CWE is" -n 128 ``` ## References 1. **Original Model Card:** [fdtn-ai/Foundation-Sec-8B](https://huggingface.co/fdtn-ai/Foundation-Sec-8B) (April 28, 2025) – continued pretraining of LLaMA 3.1-8B on cybersecurity data. 2. **Llama-cpp GGUF Quantization:** Ggerganov, J. (2022). _Llama.cpp: Llama inference in pure C/C++/Assembly/GGUF_. GitHub repository. 3. **ZeroQuant:** Yao, Z. et al. (2022). “ZeroQuant: Efficient and Affordable Post-Training Quantization for Large-Scale Transformers.” arXiv: 2206.01861. 4. **SmoothQuant:** Xiao, G. et al. (2022). “SmoothQuant: Accurate and Efficient Post-Training Quantization for Large Language Models.” arXiv: 2211.10438. **License:** Apache 2.0 (same as base) **Contact:** For questions about usage, quantization details, or license terms, please open an issue on the Hugging Face repo or contact `paulkass@cisco.com`.