abhaybhargav/PWNISMS-Threat-Model-Structured

PWNISMS-Threat-Model-Structured Overview

This model, developed by abhaybhargav, is a 1.5 billion parameter variant of Qwen2.5-1.5B-Instruct specifically fine-tuned to produce structured threat models in valid JSON format. It leverages LoRA fine-tuning on MLX and is available in both MLX and GGUF releases, including quantized versions for broader local compatibility.

Key Capabilities

• Structured JSON Output: Designed to emit JSON exclusively, adhering to a predefined threat_model_schema.json for consistency.
• PWNISMS Framework: Generates threat models across seven critical domains: Product, Workload, Network, IAM, Secrets, Monitoring, and SupplyChain.
• Concrete Mitigations: Outputs include specific, actionable mitigations referencing technologies, configurations, or processes.
• Chat-based Interaction: Expects a system prompt defining the architect's role and requirements, followed by a user prompt with a markdown system description.
• Output Validation: Internal evaluations show 16/20 outputs parse as JSON, and 12/20 pass full Pydantic validation and cover all seven domains, though human review is always recommended.

Good For

• Security Architects: Assisting in the rapid drafting of structured threat models.
• Automated Threat Modeling: Generating initial threat model drafts that can be programmatically validated against a schema.
• Integration with Security Workflows: Providing structured data for further analysis, audit, or compliance processes.

Limitations: The model can require up to 12,000 output tokens for long scenarios, and lower token caps may truncate JSON. It is not a substitute for expert human review in production assurance.