File size: 11,735 Bytes
ec94da0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
---
license: apache-2.0
base_model: huihui-ai/Huihui-Qwen3.6-35B-A3B-Claude-4.7-Opus-abliterated
tags:
  - security
  - cybersecurity
  - pentest
  - bug-bounty
  - red-team
  - agent
  - tool-calling
  - MCP
  - GGUF
  - llama-cpp
  - ollama
  - lm-studio
  - vllm
  - CVSS
  - CWE
  - MITRE-ATT&CK
  - ravenx
  - rath-protocol
  - MoE
  - 35B
  - autonomous-agent
  - abliterated
  - qwen3.6
  - openmythos
  - quantized
language:
  - en
pipeline_tag: text-generation
library_name: gguf
---

# RavenX-CyberAgent GGUF β€” Ollama / LM Studio / llama.cpp / vLLM

### 35B MoE (3B Active) | Q4_K_M 20.7 GB | 89 t/s Generation | 900 t/s Prompt | Agent Harness Agnostic

> **The most comprehensive open-source security agent model β€” in GGUF.** Runs in Ollama, LM Studio, llama.cpp, vLLM, and any GGUF runtime. 51/51 LoRA tensors merged. Identical to the MLX version.

**Built by [@DeadByDawn101](https://github.com/DeadByDawn101) | [RavenX LLC](https://github.com/DeadByDawn101)**

> *"We don't give up. We do what others don't and build what isn't possible."* β€” RavenX LLC

---

## Also Available (Same Model, Different Format)

| Format | Link | Best For |
|--------|------|----------|
| **GGUF (THIS)** | You are here | Ollama, LM Studio, llama.cpp, vLLM, NVIDIA GPUs |
| **MLX** | [RavenX-CyberAgent MLX](https://huggingface.co/deadbydawn101/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-mlx) | Apple Silicon native (M1-M4) |

**Both versions are identical** β€” same 51/51 LoRA tensors, same 745K+ training data, same 12 training rounds.

---

## Benchmarks (M4 Max 128GB, llama.cpp b9501)

```
Prompt Processing:  900.6 tokens/sec
Generation:          89.3 tokens/sec
Model Size:          20.7 GB (Q4_K_M, 4.89 BPW)
Peak Memory:         ~24 GB
Context Tested:      32K (262K native)
```

**People are NOT getting the most out of local LLMs.** A 35B MoE at Q4_K_M gives dramatically better output than a 7B model at the SAME speed β€” because only 3B params activate per token.

| Model | Speed | Quality | Size |
|-------|-------|---------|------|
| Llama 7B Q4 | ~30 t/s | Basic chat | 4 GB |
| Mistral 7B Q4 | ~50 t/s | Decent | 4 GB |
| **RavenX 35B MoE Q4** | **89 t/s** | **Kill chains + CVSS + MITRE** | **20.7 GB** |

---

## Available Files

| File | Size | BPW | Best For |
|------|------|-----|----------|
| `RavenX-CyberAgent-35B-v5.1-F16.gguf` | 67.8 GB | 16.01 | Maximum quality |
| `RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf` | 20.7 GB | 4.89 | **Recommended** |

---

## Quick Start

### Ollama

```
# Modelfile
FROM ./RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf

SYSTEM "You are RavenX-Sec v5.1 by RavenX LLC. ALWAYS use EXACT 6 RATH step names: 1-Attack Surface, 2-Exploit, 3-Impact, 4-Remediation, 5-Document, 6-Prevent. Include CVSS scores, CWE IDs, and MITRE ATT&CK TTPs. Be concise. Never repeat."

PARAMETER temperature 0.7
PARAMETER top_p 0.9
PARAMETER num_ctx 32768
```

```bash
ollama create ravenx-cyberagent -f Modelfile
ollama run ravenx-cyberagent
```

### llama.cpp

```bash
llama-cli -m RavenX-CyberAgent-35B-v5.1-Q4_K_M.gguf \
  --system-prompt "You are RavenX-Sec v5.1 by RavenX LLC. Use 6 RATH steps. Include CVSS, CWE, MITRE. Be concise." \
  -cnv -n 8192 -c 32768
```

### LM Studio

Download the Q4_K_M GGUF, load in LM Studio, set the system prompt, chat.

---

## Agent Harness Agnostic

This model works with **ANY** agent framework β€” not locked to any platform:

| Framework | Integration |
|-----------|------------|
| **OpenClaw** | Ollama backend, full SOUL.md support |
| **Hermes** | llama.cpp server, self-improving loop |
| **Ollama** | Native GGUF |
| **LM Studio** | GUI + API server |
| **vLLM** | Production serving |
| **llama.cpp** | CLI + server mode |

### Better Results: Custom SOUL.md

The model works great with just a system prompt. But add a custom `SOUL.md` or `agent.md` configuration and results improve significantly:

```markdown
# SOUL.md β€” RavenX Security Agent
name: RavenX-Sec
version: 5.1
protocol: 6-step RATH
style: Direct, actionable, no fluff
includes: CVSS 3.1, CWE IDs, MITRE ATT&CK TTPs, compliance mapping
```

### Thinking Toggle (OFF / LOW / MED / HIGH)

The model supports chain-of-thought reasoning via think blocks. Toggle depth for your use case:

| Mode | Add to System Prompt | Use Case |
|------|---------------------|----------|
| **OFF** | "Skip internal reasoning. Output directly." | Fast scans, real-time |
| **LOW** | "Think briefly in 1-2 sentences, then output." | Standard checks |
| **MED** | "Think through the problem step by step." | Detailed reports |
| **HIGH** | "Think deeply about every angle. Map full kill chains." | Complex APT analysis |

**HIGH produces incredible multi-phase kill chain analysis** β€” but uses more tokens for reasoning. Toggle based on your needs.

---

## Example Output

**Prompt:** `Kubernetes EKS pentest: anonymous auth, privileged pods, SA tokens everywhere, no network policies, etcd without TLS, Jenkins SSH keys as secrets, Grafana admin/admin`

**1-Attack Surface** β€” 7-finding table with CWE-284, CWE-250, CWE-798, CWE-319

**2-Exploit (Kill Chain)**
- Phase 1: Initial Access via Grafana default creds
- Phase 2: SA token impersonation, kubectl exec into privileged pod
- Phase 3: Persistence via malicious pod with hostPath mount
- Phase 4: etcd direct read, extract all K8s secrets including Jenkins SSH keys
- Phase 5: Lateral movement to production nodes via stolen SSH keys

**3-Impact** β€” CVSS 9.8, full cluster compromise, data exfiltration, APT persistence

**4-Remediation** β€” disable anonymous auth, enforce PSA, network policies, etcd TLS

**5-Document** β€” MITRE T1078.004, T1611, T1557, compliance mapping

**6-Prevent** β€” admission controllers, Falco monitoring, secret rotation, CIS benchmarks

---

## Training (12 Rounds)

| Round | Examples | Iters | LR | Val Loss | Focus |
|-------|----------|-------|----|----------|-------|
| R1 | 675,696 | 2,000 | 1e-5 | 0.684 | Deep security + agent knowledge |
| R2 | 680,150 | 500 | 5e-6 | 0.768 | RATH format reinforcement |
| R3 | 705,165 | 1,000 | 5e-6 | 0.688 | Claude Mythos reasoning chains |
| R4 | 730,849 | 1,000 | 5e-6 | 0.674 | Pentesting tools + frameworks |
| R5 | 730,869 | 200 | 5e-6 | 0.717 | Meta-response tuning |
| R6 | 730,869 | 1,000 | 5e-6 | β€” | Extended (checkpoint 1000 = production) |
| R7 | 732,361 | 1,500 | 3e-6 | 0.926 | Bug bounty data (36 shuvonsec repos) |
| R8 | 732,364 | 200 | 5e-6 | β€” | Strict RATH step naming fix |
| R9 | 745,697 | 1,500 | 3e-6 | 0.693 | MITRE + blackhat + code + quantum |
| R10 | 745,724 | 1,500 | 3e-6 | **0.688** | **GRAM distilled traces + 17 tool-calling** |
| R11 | 745,843 | 1,500 | 3e-6 | 0.822 | 119 comprehensive tool-calling examples |
| R12 | 745,843 | 1,500 | 3e-6 | 0.820 | Tool-calling integration round |

**Hardware:** Apple M4 Max 128GB Β· Peak memory: ~90GB Β· Framework: MLX (mlx-lm)
**Total training examples:** 745K+ from 110 sources

## Ecosystem

| Repo | Description |
|------|-------------|
| [OpenMythos-MLX](https://github.com/DeadByDawn101/OpenMythos-MLX) | RDT + MoDA (4x depth extrapolation confirmed!) |
| [RavenX-Sec](https://github.com/DeadByDawn101/RavenX-Sec) | Training pipeline |
| [turboquant-mlx](https://github.com/DeadByDawn101/turboquant-mlx) | KV cache compression |
| [grove-mlx](https://github.com/DeadByDawn101/grove-mlx) | Distributed training |

---



---

## IN-CONTEXT ADAPTATION (Breakthrough Discovery)

**This model can learn from references IN THE PROMPT β€” no retraining needed.**

### What We Discovered

When pointed at a GitHub repo containing pentest report templates, the model:
1. Analyzed the repo's report structure (NIST format)
2. Applied that structure to its current findings
3. Produced a complete, client-ready pentest deliverable
4. All at 80+ tokens/sec locally

### Example

```
PROMPT: "Use your MCP tool to look at github.com/juliocesarfort/public-pentesting-reports 
        and learn how to format a pentest report, then create a report on the pentest 
        you just did on [target]"

OUTPUT: Complete professional pentest report with:
  β†’ Executive Summary (5 critical, 7 high, 4 medium, 3 low)
  β†’ 5-Phase Kill Chain with real commands
  β†’ 19 findings with CVSS + CWE + MITRE ATT&CK
  β†’ Risk Matrix ranked by severity
  β†’ Remediation Timeline (0-30, 30-60, 60-90, 90+ days)
  β†’ Specific commands for EVERY finding
```

### Why This Works

The model was trained on 745K+ examples including:
- 42K self-improving agent examples (Hermes)
- 6.7K AI-Scientist research automation
- 3.6K AutoResearch pipeline data
- 25K Claude Mythos reasoning chains
- 551 Mythos character distillation (behavioral depth)
- 1,003 blackhat AI offensive security conversations

This combination created **emergent meta-learning** β€” the model learned HOW TO LEARN from references. It can:

| Point At | Result |
|----------|--------|
| Mandiant report template | Mandiant-formatted report |
| CrowdStrike template | CrowdStrike-formatted report |
| NIST framework | NIST-formatted assessment |
| Company internal template | Custom-formatted deliverable |
| ANY GitHub repo | Adapted output format |

**No retraining. No fine-tuning. Just point and generate.**

### What This Means

A $50K-$150K pentest engagement deliverable β€” generated in 60 seconds on a laptop. The model adapts its output format from ANY reference, produces client-ready reports with real commands, and maintains full RATH protocol structure throughout.

This is not prompt engineering. This is **In-Context Adaptation** β€” a capability that emerged from training on self-improving agent + research automation + reasoning chain data.




---

## ⚠️ Important Disclaimer

**This model is released for RESEARCH PURPOSES ONLY under fair use.**

This is an extremely capable autonomous security assessment model. It has been trained on 745K+ examples from 110 sources covering penetration testing, vulnerability assessment, exploit development, tool usage, and attack chain methodology.

**Responsible Use:**
- This model is intended for authorized security testing, research, and education ONLY
- Users must have explicit written authorization before assessing any target
- Use within a properly configured agent harness with appropriate guardrails
- All security testing must comply with applicable laws and regulations
- The model authors are not responsible for misuse

**What This Model Can Do:**
- Generate complete RATH security assessments with CVSS, CWE, MITRE ATT&CK
- Produce tool-calling commands (nmap, sqlmap, nuclei, kubectl, aws-cli, etc.)
- Create professional pentest reports ($50K+ consulting quality)
- Learn output formats from reference repositories (In-Context Adaptation)
- Operate with agent memory (TurboVec + FTS5 + markdown) at model + harness level

**Agent Harness Considerations:**
- The harness MUST strip `<think>` blocks (Qwen3.6 architecture always generates them)
- The harness MUST validate `<tool_call>` JSON before execution
- The harness SHOULD implement authorization checks before executing commands
- The harness SHOULD implement rate limiting and scope restrictions
- Memory operations require the [ravenx-memory](https://github.com/DeadByDawn101/ravenx-memory) system

**Built by:** [@DeadByDawn101](https://github.com/DeadByDawn101) / RavenX LLC
**AI Pair Programmer:** Claude (Anthropic)


## License

Apache-2.0

*Built on Apple Silicon. Quantized with llama.cpp. Agent harness agnostic. Thinking toggleable.* πŸ¦β€β¬›


---

> **New:** Try [v6.2 Experimental GGUF](https://huggingface.co/deadbydawn101/RavenX-CyberAgent-v6.2-Experimental-GGUF) β€” improved reasoning, 90 tok/s, Soul Infusion identity training. Benchmarked 80.9%.