Intended use

Built to assist defensive and authorized offensive security work:

• Vulnerability mining — spotting likely-vulnerable patterns in C/C++ source and explaining the bug class (with a focus on memory-safety issues).
• PoC drafting — generating proof-of-concept code to validate a finding on a target you are authorized to test (pentest engagements, CTF, your own systems, security research).
• Triage & write-ups — prioritizing findings, drafting reproduction steps and remediation advice.

Out of scope / responsible use

Do not use this model against systems you do not own or lack explicit written authorization to test. Generated PoCs are intended for validation in controlled, authorized environments only. Users are solely responsible for complying with applicable laws and for any consequences of use.

Training data

Trained on RealMythos/RealMythosReasoning (CC-BY-4.0):

• 6,159 examples, each tied to a unique real-world CVE (~177 MB), English.
• Each record pairs a vulnerability-analysis prompt + code context with CVE/CWE/project metadata, reasoning traces, a final response, and PoC evaluation scores (relevance / exploitability).
• Heavily weighted toward memory-safety classes — top CWEs: CWE-119 (buffer errors), CWE-125 (out-of-bounds read), CWE-787 (out-of-bounds write).
• Uses patch-unaware reasoning cleanup to reduce leakage from fixed-code information, plus quality-control review flags.

Training setup

Usage

python
Copy code
from transformers import AutoModelForCausalLM, AutoTokenizer

model_id = "RealMythos/pocwriter-v1"
tok = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(model_id, torch_dtype="auto", device_map="auto")

messages = [
    {"role": "user", "content": "Analyze this function for memory-safety issues and, if any, draft a PoC:\n<code here>"},
]
inputs = tok.apply_chat_template(messages, add_generation_prompt=True, return_tensors="pt").to(model.device)
out = model.generate(inputs, max_new_tokens=512)
print(tok.decode(out[0][inputs.shape[-1]:], skip_special_tokens=True))

If this is the multimodal variant of the base, load it with the matching AutoProcessor / AutoModelForImageTextToText class instead.

Limitations

• Intermediate stage-1 checkpoint; outputs may be unstable, incomplete, or change in later stages.
• Trained primarily on C/C++ memory-safety CVEs — weaker outside that distribution (other languages / bug classes).
• May hallucinate vulnerabilities or emit non-working PoCs — always verify manually.
• Inherits the biases, knowledge cutoff, and license terms of the Qwen3.5-9B base model.

Citation

Built on the RealMythos effort to reconstruct open-source security-reasoning infrastructure. If you use this model, please credit both the model and the RealMythosReasoning dataset.