oyildirim/CyberStrike-OffSec-35B
CyberStrike-OffSec-35B by oyildirim is a 35.1 billion parameter Mixture-of-Experts (MoE) language model, fine-tuned on Qwen3.6-35B-A3B, specifically optimized for offensive security tasks. It excels in areas like vulnerability discovery, exploit development, and red team operations, outperforming GPT-4-turbo on SecEval and GPT-4 on MITRE ATT&CK and CWE benchmarks. This model provides expert-level cybersecurity knowledge at an inference cost comparable to a 3B model, making it ideal for authorized security assessments and research.
Loading preview...
CyberStrike-OffSec-35B: The Leading Open-Source Model for Offensive Security
CyberStrike-OffSec-35B is a highly specialized 35.1 billion parameter Mixture-of-Experts (MoE) language model, built upon the Qwen3.6-35B-A3B architecture. It is meticulously fine-tuned using a two-stage pipeline (SFT + DPO) to provide expert-level knowledge across the entire offensive security lifecycle. This model stands out by offering the knowledge capacity of a 35B model with inference costs similar to a 3B model, thanks to its MoE design with approximately 3 billion active parameters per token.
Key Capabilities
- Superior Benchmark Performance: Achieves the #1 rank on SecEval (81.39%), outperforming GPT-4-turbo by +2.32 points across 9 cybersecurity domains. It also leads on MITRE ATT&CK (93.94%) and CWE (93.05%) benchmarks, surpassing GPT-4.
- Comprehensive Offensive Security Expertise: Covers vulnerability discovery (SQLi, XSS, SSRF), MITRE ATT&CK operations, exploit development, cloud/infrastructure security, red team operations, and compliance standards (NIST, OWASP).
- Advanced Training: Fine-tuned with Supervised Fine-Tuning (SFT) on a curated dataset of offensive security scenarios and further aligned with Direct Preference Optimization (DPO) using 115,250 preference pairs across 12 axes, emphasizing deep technique analysis and code-first approaches.
- Flexible Deployment: Available in BF16 full precision for Transformers and vLLM, and various GGUF quantized versions for
llama.cppand Ollama.
Good For
- Penetration Testing: Web, network, cloud, and API security assessments.
- Red Team Operations: Full kill chain simulation, C2 operations, and evasion techniques.
- Vulnerability Research: CVE analysis, exploit development, and Proof-of-Concept (PoC) creation.
- Security Education & Training: Generating materials and preparing for cybersecurity exams.
- Threat Intelligence: Mapping to MITRE ATT&CK and analyzing threat actor TTPs.