Foundation-Sec-8B-Instruct: Cybersecurity LLM

Foundation-Sec-8B-Instruct is an 8-billion parameter instruction-tuned language model developed by Foundation AI at Cisco, built upon the Meta Llama-3.1-8B architecture. It is specifically optimized for cybersecurity applications, understanding security concepts, terminology, and practices across various domains. The model is designed for local deployment, catering to organizations prioritizing data security and regulatory compliance.

Key Capabilities & Use Cases

This model is tailored for security practitioners, researchers, and developers, focusing on three core areas:

SOC Acceleration: Automating tasks like triage, summarization of incident reports, and evidence collection.
Proactive Threat Defense: Simulating attacks, prioritizing vulnerabilities, mapping TTPs (Tactics, Techniques, and Procedures), and modeling attacker behavior.
Engineering Enablement: Providing security assistance, validating configurations, and assessing compliance evidence.

It can perform tasks such as summarizing detection playbooks, classifying threats to MITRE ATT&CK, extracting compliance evidence, and generating red-team attack plans.

Performance & Training

Foundation-Sec-8B-Instruct was instruction fine-tuned and aligned with human preferences using RLHF, based on a wide variety of public and proprietary security-specific question-answer pairs. It demonstrates +3 to +11 point gains over Llama-3.1-8B-Instruct on cybersecurity benchmarks like CTI-MCQA and CTI-RCM, and shows competitive instruction-following capabilities against models like GPT-4o-mini. Safety alignment was also a key focus, with performance significantly enhanced when combined with LlamaGuard.