Instructions to use madox81/SmolLM2-Cyber-Insight with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use madox81/SmolLM2-Cyber-Insight with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="madox81/SmolLM2-Cyber-Insight")
messages = [
    {"role": "user", "content": "Who are you?"},
]
pipe(messages)

# Load model directly
from transformers import AutoTokenizer, AutoModelForCausalLM

tokenizer = AutoTokenizer.from_pretrained("madox81/SmolLM2-Cyber-Insight")
model = AutoModelForCausalLM.from_pretrained("madox81/SmolLM2-Cyber-Insight")
messages = [
    {"role": "user", "content": "Who are you?"},
]
inputs = tokenizer.apply_chat_template(
	messages,
	add_generation_prompt=True,
	tokenize=True,
	return_dict=True,
	return_tensors="pt",
).to(model.device)

outputs = model.generate(**inputs, max_new_tokens=40)
print(tokenizer.decode(outputs[0][inputs["input_ids"].shape[-1]:]))

Notebooks
Google Colab
Kaggle
Local Apps

vLLM

How to use madox81/SmolLM2-Cyber-Insight with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "madox81/SmolLM2-Cyber-Insight"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "madox81/SmolLM2-Cyber-Insight",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/madox81/SmolLM2-Cyber-Insight

SGLang

How to use madox81/SmolLM2-Cyber-Insight with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "madox81/SmolLM2-Cyber-Insight" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "madox81/SmolLM2-Cyber-Insight",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "madox81/SmolLM2-Cyber-Insight" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "madox81/SmolLM2-Cyber-Insight",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Unsloth Studio new

How to use madox81/SmolLM2-Cyber-Insight with Unsloth Studio:

Install Unsloth Studio (macOS, Linux, WSL)

curl -fsSL https://unsloth.ai/install.sh | sh
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for madox81/SmolLM2-Cyber-Insight to start chatting

Install Unsloth Studio (Windows)

irm https://unsloth.ai/install.ps1 | iex
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for madox81/SmolLM2-Cyber-Insight to start chatting

Using HuggingFace Spaces for Unsloth

# No setup required
# Open https://huggingface.co/spaces/unsloth/studio in your browser
# Search for madox81/SmolLM2-Cyber-Insight to start chatting

Load model with FastModel

pip install unsloth
from unsloth import FastModel
model, tokenizer = FastModel.from_pretrained(
    model_name="madox81/SmolLM2-Cyber-Insight",
    max_seq_length=2048,
)

Docker Model Runner
How to use madox81/SmolLM2-Cyber-Insight with Docker Model Runner:
```
docker model run hf.co/madox81/SmolLM2-Cyber-Insight
```

Uploaded finetuned model

Developed by: madox81
License: apache-2.0
Finetuned from model : unsloth/SmolLM2-1.7b-Instruct

This llama model was trained 2x faster with Unsloth and Huggingface's TRL library.

Smollm2_Cyber_Insight

Model Overview

Smollm2_Cyber_Insight is a lightweight domain-adapted language model fine-tuned for cybersecurity threat analysis tasks.
The model specializes in interpreting short textual descriptions of security incidents and producing structured (JSON) security insights.

Base Model: smollm2-1.7b-instruct
Architecture: SmolLM2
Training Method: LoRA fine-tuning
Domain: Cyber Threat Analysis
Model Size: ~1.7B parameters

Capabilities

The model supports the following tasks:

Mapping incidents to MITRE ATT&CK tactics
Identifying possible attack techniques
Assessing incident severity and potential business impact
Assisting in structured cybersecurity analysis

Intended Use

This model is suitable for:

Cyber threat intelligence experiments
NLP research in cybersecurity
Cybersecurity research
Prototyping AI-assisted SOC tools

Limitations

Predictions are probabilistic and may require analyst validation
Performance depends on similarity to training data
Not intended for autonomous security decision-making

Training Data

The model was trained on a specialized cybersecurity dataset madox81/mittre_severity_ds containing incident descriptions and structured labels including:

attack tactics
attack techniques
incident severity indicators.

Example Prompt

Map the following security event to MITRE ATT&CK tactics and techniques.
Input: rule apt_lolbin { strings: $a = "certutil.exe" nocase; $b = "-urlfetch" nocase; condition: $a and $b }

Identify the ATT&CK tactics and techniques in this data.
Input: selection: EventName: 'UpdateDomainNameservers' AND SourceIPAddress not in ('aws-internal')

Classify this cybersecurity event into MITRE ATT&CK framework.
Input: rule apt_wasm { strings: $a = "WebAssembly.compile" nocase; $b = "fetch" nocase; condition: $a and $b }

Map the following security event to MITRE ATT&CK tactics and techniques.
Input: Incident Type: Data Breach
Target: MongoDB Instance
Vector: Weak Authentication

Assess the severity and business risk of the following incident.
Input: Incident: Phishing affecting HR Accounts.

Analyze the business risk and severity for the input below.
Input: Incident: Supply Chain Attack affecting CI/CD Pipeline.

Rate the severity (Low/Medium/High/Critical) and impact of this event.
Input: Incident: Credential Dumping affecting Windows Domain Controller.

License

Refer to the base model license.

Downloads last month: 23

Safetensors

Model size

2B params

Tensor type

BF16

madox81
/

SmolLM2-Cyber-Insight