%22%2F%3E%0A%3Ccircle%20cx%3D%22978%22%20cy%3D%22150%22%20r%3D%22210%22%20fill%3D%22rgba(124%2C166%2C199%2C0.16)%22%2F%3E%0A%3Ccircle%20cx%3D%22978%22%20cy%3D%22150%22%20r%3D%22122%22%20fill%3D%22rgba(255%2C255%2C255%2C0.04)%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.12)%22%2F%3E%0A%3Cpath%20d%3D%22M70%20428H1130%22%20stroke%3D%22rgba(208%2C122%2C85%2C0.28)%22%20stroke-width%3D%222%22%20stroke-dasharray%3D%2210%2014%22%2F%3E%0A%3Crect%20x%3D%2276%22%20y%3D%2272%22%20width%3D%22360%22%20height%3D%2242%22%20rx%3D%2221%22%20fill%3D%22rgba(255%2C255%2C255%2C0.06)%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.1)%22%2F%3E%0A%3Ctext%20x%3D%2298%22%20y%3D%2299%22%20fill%3D%22rgba(242%2C244%2C247%2C0.82)%22%20font-family%3D%22Arial%2C%20Helvetica%2C%20sans-serif%22%20font-size%3D%2217%22%20font-weight%3D%22700%22%20letter-spacing%3D%223%22%3EHUGGING%20FACE%20BLOG%3C%2Ftext%3E%0A%3Ctext%20x%3D%2278%22%20y%3D%22212%22%20fill%3D%22%23F2F4F7%22%20font-family%3D%22Georgia%2C%20'Times%20New%20Roman'%2C%20serif%22%20font-size%3D%2254%22%20font-weight%3D%22700%22%3E%3Ctspan%20x%3D%2278%22%20dy%3D%220%22%3ECyberSecQwen-4B%3A%20Why%3C%2Ftspan%3E%3Ctspan%20x%3D%2278%22%20dy%3D%2262%22%3EDefensive%20Cyber%20Needs%3C%2Ftspan%3E%3Ctspan%20x%3D%2278%22%20dy%3D%2262%22%3ESmall%2C...%3C%2Ftspan%3E%3C%2Ftext%3E%0A%3Crect%20x%3D%2278%22%20y%3D%22502%22%20width%3D%22260%22%20height%3D%2246%22%20rx%3D%2223%22%20fill%3D%22rgba(208%2C122%2C85%2C0.18)%22%20stroke%3D%22rgba(208%2C122%2C85%2C0.32)%22%2F%3E%0A%3Ctext%20x%3D%22104%22%20y%3D%22532%22%20fill%3D%22%23F2F4F7%22%20font-family%3D%22Arial%2C%20Helvetica%2C%20sans-serif%22%20font-size%3D%2222%22%20font-weight%3D%22700%22%3ECore%20AI%3C%2Ftext%3E%0A%3Crect%20x%3D%22900%22%20y%3D%22410%22%20width%3D%22190%22%20height%3D%22190%22%20rx%3D%2238%22%20fill%3D%22rgba(255%2C255%2C255%2C0.06)%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.12)%22%2F%3E%0A%3Ctext%20x%3D%22995%22%20y%3D%22522%22%20text-anchor%3D%22middle%22%20fill%3D%22%23F2F4F7%22%20font-family%3D%22Arial%2C%20Helvetica%2C%20sans-serif%22%20font-size%3D%2292%22%20font-weight%3D%22800%22%3EHU%3C%2Ftext%3E%0A%3C%2Fsvg%3E)
Original article excerpt
Server-side extracted preview paragraphs from the original source.
A Blog post by Lablab.ai AMD Developer Hackathon on Hugging Face
Frontier models are very good at very many things. They are also expensive to call, ship every prompt off to someone else's datacenter, and are explicitly trained to refuse the messy edge cases a real defender lives in incident write-ups, attacker-grade payloads found in your own logs, vulnerability disclosure drafts.
Defensive cybersecurity is not a place where any of those tradeoffs are acceptable.
A 70B generalist running locally on four GPUs is "local" but it isn't deployable. A 4B generalist running locally on a single consumer GPU is deployable but it doesn't beat the 8B specialist on the work you actually need it to do.
The bet behind CyberSecQwen-4B is that for narrow, well-evaluated cyber threat intelligence tasks — CWE classification, CVE-to-CWE mapping, structured CTI Q&A — a careful 4B fine-tune can match or beat an 8B specialist while fitting on a 12 GB consumer card.
We tested this against the strongest public baseline we could find: Cisco's Foundation-Sec-Instruct-8B, evaluated under their own published protocol on CTI-Bench.
CyberSecQwen-4B retains 97.3 % of Foundation-Sec-Instruct-8B's CTI-RCM accuracy while exceeding its CTI-MCQ score by +8.7 points, at half the parameter count. That's the only number that should matter to a defender choosing what to deploy.