SecLLM
Fine-tuned open LLM purpose-built for vulnerability analysis and malware-behavior descriptions
โก TL;DR
๐ฏ The Problem It Solves
Generic LLMs confidently answer security questions with invented CVEs, wrong CVSS scores, and hallucinated CWE mappings. SecLLM solves this by fine-tuning an open-base model (Llama/Mistral) on a curated security corpus so its outputs are grounded in real vulnerability data โ without sending your queries to OpenAI. For teams that need real security reasoning under a data-sovereignty constraint, it's the best open-source option.
๐ง How It Works
SecLLM takes a foundation LLM and fine-tunes it on a curated dataset of CVE descriptions, CWE entries, malware-behavior reports, and security Q&A pairs. The result is a model that classifies vulnerability types, writes accurate malware-behavior descriptions, and answers security questions with far fewer hallucinations than a base model. It ships with inference scripts, a LoRA checkpoint, and instructions for further fine-tuning on your own data. Runs locally on a consumer GPU (16GB+ VRAM for 13B, less with quantization).
๐ Installation & Quick Start
Installation
git clone https://github.com/M0g1/SecLLM.git
cd SecLLM
pip install -r requirements.txt
# Download the fine-tuned checkpoint (~6GB for 7B, ~13GB for 13B)
python scripts/download-checkpoint.sh secllm-7bQuick Start
- git clone https://github.com/M0g1/SecLLM && cd SecLLM
- pip install -r requirements.txt
- python scripts/download-checkpoint.sh secllm-7b
- python -m secllm.classify --text "Buffer overflow in the PDF parser allows code execution"
- python -m secllm.malware Describe the behavior of a credential-stealing trojan
โ Pros
- โขBest open-source option when data can't leave your network
- โขDramatically fewer hallucinations vs base Llama/Mistral
- โขFine-tuning scripts included for your own data
- โขRuns on consumer hardware with 4-bit quantization
โ Cons
- โขNot as capable as GPT-4 on complex reasoning
- โขStill hallucinates โ verify any actionable output
- โขGPU memory requirements exclude low-end machines
- โขModel freshness depends on re-training cadence
๐ฌ Practitioner Verdict
"SecLLM fills a real gap: a security-fine-tuned LLM you can run on-prem when data rules out OpenAI. It's worse than GPT-4 at complex analysis, but far better than a base model, and its classifications and malware descriptions are genuinely useful. If you need to keep your prompts inside your perimeter, this is the tool."
๐ Specifications
- Language
- Python
- License
- MIT
- Platform
- Linux, macOS, Windows
- Kill Chain
- Analysis / Intelligence
- MITRE ATT&CK
- T1595, T1592
๐ฐ Pricing Reality
SecLLM is free (MIT). The only cost is your own GPU compute: a 13GB VRAM card (RTX 3080+) for 13B, or 8GB with a quantized 7B. No API fees, ever.
๐ฅ Community Health
๐ท๏ธ Tags
๐ฌ Video Tutorials
SecLLM Security LLM Demo
SecLLM ยท 28K views ยท 19:20