๐Ÿ”’SecurityRepoIndex

SecLLM

Fine-tuned open LLM purpose-built for vulnerability analysis and malware-behavior descriptions

3.9/ 53,200 GitHub starsPythonMIT

โšก TL;DR

What
Fine-tuned open LLM purpose-built for vulnerability analysis and malware-behavior descriptions
Who
Security Researchers, AI Engineers, SOC Teams, Malware Analysts
Catch
Not as capable as GPT-4 on complex reasoning
Verdict
โญโญโญโญ Recommended

๐ŸŽฏ The Problem It Solves

Generic LLMs confidently answer security questions with invented CVEs, wrong CVSS scores, and hallucinated CWE mappings. SecLLM solves this by fine-tuning an open-base model (Llama/Mistral) on a curated security corpus so its outputs are grounded in real vulnerability data โ€” without sending your queries to OpenAI. For teams that need real security reasoning under a data-sovereignty constraint, it's the best open-source option.

๐Ÿ”ง How It Works

SecLLM takes a foundation LLM and fine-tunes it on a curated dataset of CVE descriptions, CWE entries, malware-behavior reports, and security Q&A pairs. The result is a model that classifies vulnerability types, writes accurate malware-behavior descriptions, and answers security questions with far fewer hallucinations than a base model. It ships with inference scripts, a LoRA checkpoint, and instructions for further fine-tuning on your own data. Runs locally on a consumer GPU (16GB+ VRAM for 13B, less with quantization).

๐Ÿš€ Installation & Quick Start

Installation

git clone https://github.com/M0g1/SecLLM.git
cd SecLLM
pip install -r requirements.txt
# Download the fine-tuned checkpoint (~6GB for 7B, ~13GB for 13B)
python scripts/download-checkpoint.sh secllm-7b

Quick Start

  1. git clone https://github.com/M0g1/SecLLM && cd SecLLM
  2. pip install -r requirements.txt
  3. python scripts/download-checkpoint.sh secllm-7b
  4. python -m secllm.classify --text "Buffer overflow in the PDF parser allows code execution"
  5. python -m secllm.malware Describe the behavior of a credential-stealing trojan

โœ… Pros

  • โ€ขBest open-source option when data can't leave your network
  • โ€ขDramatically fewer hallucinations vs base Llama/Mistral
  • โ€ขFine-tuning scripts included for your own data
  • โ€ขRuns on consumer hardware with 4-bit quantization

โŒ Cons

  • โ€ขNot as capable as GPT-4 on complex reasoning
  • โ€ขStill hallucinates โ€” verify any actionable output
  • โ€ขGPU memory requirements exclude low-end machines
  • โ€ขModel freshness depends on re-training cadence

๐Ÿ’ฌ Practitioner Verdict

"SecLLM fills a real gap: a security-fine-tuned LLM you can run on-prem when data rules out OpenAI. It's worse than GPT-4 at complex analysis, but far better than a base model, and its classifications and malware descriptions are genuinely useful. If you need to keep your prompts inside your perimeter, this is the tool."
โ€” Emmanuel, Security Reviewer

๐Ÿ“Š Specifications

Language
Python
License
MIT
Platform
Linux, macOS, Windows
Kill Chain
Analysis / Intelligence
MITRE ATT&CK
T1595, T1592

๐Ÿ’ฐ Pricing Reality

SecLLM is free (MIT). The only cost is your own GPU compute: a 13GB VRAM card (RTX 3080+) for 13B, or 8GB with a quantized 7B. No API fees, ever.

๐Ÿ‘ฅ Community Health

Stars3,200
Forks400
Contributors64
Health Score5.9/10

๐Ÿท๏ธ Tags

AgentsLLM

๐ŸŽฌ Video Tutorials

SecLLM Security LLM Demo

SecLLM ยท 28K views ยท 19:20