ThreatMon/qwen36-secura
ThreatMon/qwen36-secura is a 27B-parameter domain-specialized Cyber Threat Intelligence (CTI) model, fine-tuned from Qwen3.6-27B. It utilizes a 2-phase pipeline of Continued Pretraining on a cybersecurity corpus and reasoning-augmented Supervised Fine-Tuning across 4 CTI tasks. This model excels at ATT&CK technique extraction and CVSS scoring, outperforming GPT-5.4 and Gemini 3.5 Flash on the CTIBench COMBINED score. It is designed for precise, evidence-based threat intelligence analysis tasks.
Loading preview...
ThreatMon/qwen36-secura: A Specialized CTI Model
ThreatMon/qwen36-secura is a 27.7 billion parameter language model developed by ThreatMon, specifically engineered for Cyber Threat Intelligence (CTI) analysis. Built upon the Qwen3.6-27B base, it underwent a two-phase fine-tuning process: Continued Pretraining (CPT) on a vast cybersecurity corpus (including NIST NVD and MITRE ATT&CK) and reasoning-augmented Supervised Fine-Tuning (SFT) across four critical CTI tasks using Chain-of-Thought.
Key Capabilities
- Superior CTI Performance: Outperforms GPT-5.4 and Gemini 3.5 Flash on the CTIBench COMBINED score (68.41 vs 68.20 vs 66.55).
- Exceptional ATT&CK Technique Extraction: Achieves 81.09% ATE Recall, significantly higher than GPT-5.4 (43.76%) and Gemini (37.88%).
- Reliable CVSS Scoring: Delivers 100% valid CVSS v3.1 vector output, ensuring format reliability.
- Reasoning-Augmented: Trained with full
<think>Chain-of-Thought, enabling step-by-step analysis for complex tasks. - Open-Weight & Self-Hostable: Provides a powerful, domain-specific alternative to frontier commercial models.
Ideal Use Cases
- CVSS v3.1 Vulnerability Scoring: Analyze CVE descriptions and calculate base scores.
- CWE Root-Cause Mapping: Map CVE descriptions to underlying CWE classifications.
- ATT&CK Technique Extraction: Identify MITRE ATT&CK techniques from threat intelligence reports.
- CTI Knowledge Q&A: Answer questions about ATT&CK, tactics, mitigations, and general cybersecurity concepts.