Add Hardware Requirements + Methodology sections

README.md

@@ -99,6 +99,24 @@ The following uses are out-of-scope and are neither recommended nor intended use
 4. **Non-security use cases** — general chat, code generation, summarization, translation, or other domains outside its specialization will produce lower-quality output than purpose-built models.
 5. **Violation of laws or regulations** — including but not limited to unauthorized vulnerability scanning, illegal data access, or misuse contrary to applicable cybersecurity statutes (CFAA, GDPR, etc.).
 
+## Hardware Requirements
+
+The numbers below are first-principles estimates from the bf16 weight footprint plus typical KV-cache overhead at the trained 4096-token context. They are not measured throughput numbers; for production deployment, profile against your specific traffic pattern.
+
+| Specification | CyberSecQwen-4B | Foundation-Sec-Instruct-8B (reference) |
+|---|---|---|
+| Parameters (total / non-embedding) | 4.0 B / 3.6 B | 8 B |
+| bf16 weight file on disk | ~8.0 GB | ~16 GB |
+| Inference VRAM, weights only (bf16) | ~8 GB | ~16 GB |
+| Inference VRAM, weights + 4 K KV cache (bf16) | ~9–10 GB | ~17–18 GB |
+| Single-GPU class (bf16, headroom for batch ≥ 1) | Fits on 12 GB+ consumer GPU (e.g., RTX 3060 12 GB, RTX 4070 12 GB, T4 16 GB) | Typically requires 24 GB+ (e.g., RTX 4090, A10, A100 40 GB) |
+| AMD Instinct MI300X 192 GB (validated) | Fits trivially with very large batch / long context | Fits trivially |
+
+Notes:
+- Compute (FLOPs / token) is approximately proportional to the parameter count at fixed context length, so per-token inference cost is roughly **0.50×** that of an 8 B model.
+- Quantized variants (int8, int4) further reduce VRAM by ~½ and ~¼ respectively. The released checkpoint is bf16 only; community quantization is not validated by the authors of this release.
+- This model has been validated end-to-end on AMD Instinct MI300X via vLLM ROCm + FlashAttention-2; consult the "How to Get Started" section below for the exact serving command on AMD hardware.
+
 ## How to Get Started with the Model
 
 ```python
@@ -156,6 +174,19 @@ The model was trained on a combined cybersecurity corpus of approximately **14,7
 
 Decontamination matters here: an earlier internal version of this work showed roughly 72% test-set overlap when trained on undeduplicated CTI corpora, producing inflated CTI-RCM scores that did not generalize. The released model trains exclusively on the 2021 cohort with overlap items removed.
 
+### Methodology
+
+This model uses **direct supervised fine-tuning (SFT)** of an instruction-tuned base via LoRA. The training recipe was selected through a controlled-experiment series across multiple trained variants spanning two model families and several corpus compositions, with multi-trial benchmark validation locking the released hyperparameters.
+
+Key methodological choices that informed the released recipe:
+
+- **Direct SFT, not knowledge distillation.** Knowledge-distillation variants from a larger 20B teacher model (CyberPal-2.0-20B) were evaluated during recipe development. At the corpus sizes tested (≤ 15K supervised records), direct SFT on the curated corpus outperformed distillation on the headline benchmarks. The released model is direct SFT only.
+- **Decontaminated training data.** An earlier internal iteration showed ~72% test-set overlap when trained on undeduplicated CTI corpora, producing inflated CTI-RCM scores that did not generalize. The released model trains exclusively on the 2021 cohort with CTI-Bench overlap items removed.
+- **Instruction-tuned base, not pre-trained base.** Direct SFT on the IT checkpoint preserves the existing format priors (terse-answer multiple-choice convention) better than SFT on the pre-trained base; comparable runs on base checkpoints (Qwen3-4B-Base + identical recipe) showed substantial CTI-MCQ format-binding decay at the same corpus scale.
+- **Recipe portability across substrates was an explicit design goal.** The same corpus + hyperparameters were applied independently to Gemma-4-E2B-it ([Gemma4Defense-2B](https://huggingface.co/athena129/Gemma4Defense-2B)). Both models converge to within 0.9 points on CTI-RCM, providing a built-in robustness check that the result is recipe-driven rather than substrate-specific.
+- **Multi-trial benchmarking.** All headline numbers are means of 5 independent trials with random sampling seeds at temperature 0.3; standard deviations are reported alongside.
+- **AMD MI300X end-to-end pipeline.** Training, adapter merging, and evaluation all run on a single AMD Instinct MI300X 192 GB instance via PyTorch + ROCm + Hugging Face transformers + PEFT + TRL inside the official vLLM ROCm Docker image. FlashAttention-2 is enabled in training for forward-and-backward passes; vLLM serves with TRITON_ATTN backend for inference.
+
 ### Training Setup
 
 | Hyperparameter | Value |