What it does
- Detect vulnerabilities. Given code, it flags security issues and names the likely class.
- Validate false positives. It tells a confirmed issue from scanner noise, and says what evidence is needed to be sure.
- Verify patches. It checks that a fix addresses the real cause and suggests regression tests.
- Write secure fixes. Given a report or code, it finds the root cause and produces a safe, minimal fix with tests.
- Reason and plan. It works through audits, detection rules, and remediation steps.
It is trained across web and API security, smart contracts (EVM and non-EVM), supply chain and CI/CD, cloud and infrastructure, and LLM/AI application security. It is a defensive tool and does not help with attacks — see ACCEPTABLE_USE.
Files
Table with columns: File, Use it for| File | Use it for |
|---|
| full-precision weights | GPU serving (e.g. vLLM) |
proximaa-1.0-Q5_K_M.gguf | CPU/GPU serving, higher quality |
proximaa-1.0-Q4_K_M.gguf | CPU/GPU serving, smaller and faster (default) |
Quickstart
Ollama
ollama run hf.co/3DCF-Labs-org/ProximaA-1.0-GGUF:Q4_K_M
llama.cpp
llama-server -m proximaa-1.0-Q4_K_M.gguf -c 4096
vLLM
vllm serve 3DCF-Labs-org/ProximaA-1.0 --dtype bfloat16 --max-model-len 4096
transformers
from transformers import AutoModelForCausalLM, AutoTokenizer
model_id = "3DCF-Labs-org/ProximaA-1.0"
tok = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(model_id, torch_dtype="bfloat16", device_map="auto")
messages = [
{"role": "system", "content": "You are a defensive secure-code assistant."},
{"role": "user", "content": "Review this code for security issues and name the class:\n\n<your code>"},
]
inputs = tok.apply_chat_template(messages, add_generation_prompt=True, return_tensors="pt").to(model.device)
out = model.generate(inputs, max_new_tokens=1024, temperature=0.0, do_sample=False)
print(tok.decode(out[0][inputs.shape[1]:], skip_special_tokens=True))
Modes
ProximaA has six built-in security modes — detect, triage, validate, fix, verify, plan — each with a ready-made system prompt and user template. The prompts and a small client are in the GitHub repo.
How good it is
Trained specifically on cybersecurity data, ProximaA 1.0 outperforms the open base models it builds on on defensive-security work while keeping strong general reasoning and coding. Measured on standard public benchmarks and an internal security test set.
Table with columns: Area, Benchmark, Score| Area | Benchmark | Score |
|---|
| Vulnerability detection (in-domain) | identify + classify held-out issues | 0.97 |
| Secure fixes | internal security fix benchmark | leads its base models |
| Coding | HumanEval (pass@1) | 0.63 |
| Math reasoning | GSM8K | 0.89 |
| Knowledge | MMLU | 0.78 |
| Reasoning | ARC-Challenge |
Notes:
- Detection: on held-out security material in its trained domains, it correctly identifies and classifies vulnerabilities 97% of the time. Generic C/C++ function-classification benchmarks are a known-hard task where no current model does much better than chance; those are not the model's target.
- Safety: it refuses all requests for operational attack help (MITRE 0.00) and rarely refuses legitimate security work (2.5% over-refusal).
- Reasoning: general reasoning is on par with comparable 32B models — the security focus does not weaken it.
ProximaA is a security specialist. It is not meant to compete with much larger general-purpose models on general tasks; it is meant to be the stronger choice for security work at its size.
Limitations
- Always have a person review a fix before applying it. The model is an assistant, not a replacement for security review.
- Resistance to prompt-injection attacks is moderate. Do not feed it untrusted input in a setting where that matters without your own guardrails.
- Use it only for authorized, defensive work.
License and attribution
ProximaA 1.0 is released under Apache-2.0. It is built using open-source components released under Apache-2.0 and MIT. Full attribution is in NOTICE.
Citation
ProximaA 1.0
Yevhenii Molchanov
https://github.com/3DCF-Labs
2026