AnamayaVyas/phi3-mini-nvd-security-qlora

Phi-3.5 Mini QLoRA — NVD Security Instructions

A QLoRA adapter fine-tuned on microsoft/Phi-3.5-mini-instruct using the AnamayaVyas/nvd-security-instructions dataset. Analyzes CVE vulnerability data and produces structured, developer-friendly security analysis in JSON format.

Evaluation Results

Metric	Score
Valid JSON rate	100% (50/50)
All fields present	100% (50/50)
Training loss	0.53 → 0.42

Run Locally with Ollama (Easiest)

Step 1 - Install Ollama from https://ollama.com

Step 2 - Pull and run the model: ollama pull hf.co/AnamayaVyas/nvd-security-phi35-gguf ollama run hf.co/AnamayaVyas/nvd-security-phi35-gguf

Step 3 - Type your CVE details:

You are a senior security engineer. Analyze this CVE and respond with a JSON object containing exactly these fields: what_happened, who_is_affected, how_bad_is_it, what_to_do.

CVE ID : CVE-2023-38699 Description : MindsDB prior to version 23.7.4.0 disables SSL certificate checks when calling requests with verify=False, allowing attackers to intercept sensitive data. CVSS Score : 9.1 CVSS Severity : CRITICAL Fix Available : True CWEs : CWE-311

Expected output: { "what_happened": "MindsDB disables SSL certificate checks, allowing attackers to intercept sensitive data.", "who_is_affected": ["MindsDB versions prior to 23.7.4.0"], "how_bad_is_it": "CRITICAL (9.1) - exploitable remotely, no privileges needed, high impact on confidentiality and integrity.", "what_to_do": [ "Update to version 23.7.4.0 or later", "Disable the AI Virtual Database feature until patched", "Use a secure connection when connecting to the database" ] }

Run with Python

pip install transformers peft bitsandbytes accelerate

from peft import PeftModel from transformers import AutoModelForCausalLM, AutoTokenizer, BitsAndBytesConfig import torch

bnb_config = BitsAndBytesConfig( load_in_4bit=True, bnb_4bit_quant_type='nf4', bnb_4bit_compute_dtype=torch.float16, bnb_4bit_use_double_quant=True, ) base_model = AutoModelForCausalLM.from_pretrained( 'microsoft/Phi-3.5-mini-instruct', quantization_config=bnb_config, device_map='auto', torch_dtype=torch.float16, ) tokenizer = AutoTokenizer.from_pretrained('AnamayaVyas/phi3-mini-nvd-security-qlora') model = PeftModel.from_pretrained(base_model, 'AnamayaVyas/phi3-mini-nvd-security-qlora')

prompt = '''<|user|> You are a senior security engineer. Analyze this CVE and respond with a JSON object containing exactly these fields: what_happened, who_is_affected, how_bad_is_it, what_to_do.

CVE ID : CVE-XXXX-XXXXX Description : ... CVSS Score : ... CVSS Severity : ...<|end|> <|assistant|> '''

inputs = tokenizer(prompt, return_tensors='pt').to(model.device) outputs = model.generate(**inputs, max_new_tokens=512, temperature=0.1, do_sample=True) print(tokenizer.decode(outputs[0], skip_special_tokens=True))

System Requirements

	Ollama	Python
RAM needed	8GB	8GB
GPU needed	No	No (slow)
Difficulty	Easy	Medium

Training Details

Parameter	Value
Base model	Phi-3.5-mini-instruct
Method	QLoRA (4-bit NF4 + fp16)
LoRA rank	16
LoRA alpha	32
Epochs	3
Learning rate	2e-4
Batch size	8 (effective)
Max seq length	2048
Hardware	Kaggle Tesla T4 (15.6GB)
Dataset	2,060 CVE examples

Related

• Dataset: https://huggingface.co/datasets/AnamayaVyas/nvd-security-instructions
• GGUF model: https://huggingface.co/AnamayaVyas/nvd-security-phi35-gguf