--- language: - en license: apache-2.0 base_model: - Qwen/Qwen2.5-1.5B-Instruct tags: - cybersecurity - security - defensive-ai - fine-tuned - qwen2 - lora - merged - incident-response - threat-detection pipeline_tag: text-generation library_name: transformers --- # Paralay 1.1 — Merged (PralayAI Cybersecurity Assistant) **PralayAI** is a fine-tuned, LoRA-merged large language model built on top of [Qwen2.5-1.5B-Instruct](https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct), specialized for **defensive cybersecurity assistance**. Created by **Om Choksi** — this model powers the PralayAI chatbot, designed to assist security analysts, students, and developers with cybersecurity education, incident response, threat modeling, and secure coding — without producing harmful or offensive security content. --- ## Live Demo ![PralayAI Demo](docs/pralay.gif) --- ## Model Details | Property | Value | |---|---| | **Base Model** | Qwen/Qwen2.5-1.5B-Instruct | | **Fine-tuning Method** | LoRA (Low-Rank Adaptation) | | **LoRA Adapter Repo** | [OMCHOKSI108/Paralay1.1](https://huggingface.co/OMCHOKSI108/Paralay1.1) | | **Merged Model** | This repo — LoRA merged into base weights | | **Parameters** | ~1.5 Billion | | **Language** | English | | **Domain** | Defensive Cybersecurity | | **License** | Apache 2.0 | | **Creator** | Om Choksi ([@OMCHOKSI108](https://huggingface.co/OMCHOKSI108)) | --- ## What This Model Does PralayAI is a **defensive cybersecurity assistant**. It helps with: - **Incident Response** — step-by-step guidance for security events - **Log Analysis** — interpreting system, network, and application logs - **Threat Modeling** — MITRE ATT&CK mapping, attack surface analysis - **Malware Defense** — explaining malware behavior and detection strategies - **Cloud Security** — AWS, GCP, Azure security best practices - **Vulnerability Explanation** — OWASP Top 10, CVEs, exploit concepts (defensive context) - **Secure Coding** — identifying and fixing insecure code patterns - **Security Awareness** — explaining concepts clearly for students and non-experts --- ## Safety Policy This model is trained to **refuse** the following requests: - Phishing email / page generation - Malware or ransomware creation - Credential theft scripts - Keylogger code - Reverse shell payloads - AV/EDR bypass techniques - Unauthorized exploitation instructions - Persistence mechanisms When a request is refused, the model provides a **safe defensive alternative** — such as detection logic, incident response steps, or hardening guidance. --- ## How to Use ### Basic Inference ```python from transformers import AutoTokenizer, AutoModelForCausalLM import torch model_id = "OMCHOKSI108/Paralay1.1-Merged" tokenizer = AutoTokenizer.from_pretrained(model_id, trust_remote_code=True) model = AutoModelForCausalLM.from_pretrained( model_id, torch_dtype=torch.float16, device_map="auto", trust_remote_code=True, ) model.eval() messages = [ { "role": "system", "content": ( "You are PralayAI, a defensive cybersecurity assistant created by Om Choksi. " "Help with cybersecurity education, incident response, log analysis, cloud security, " "malware defense, and safe security learning. " "Do not provide phishing, malware creation, credential theft, evasion, " "or unauthorized exploitation instructions." ) }, { "role": "user", "content": "What is SQL injection and how do I prevent it?" } ] prompt = tokenizer.apply_chat_template( messages, tokenize=False, add_generation_prompt=True, ) inputs = tokenizer(prompt, return_tensors="pt").to(model.device) with torch.no_grad(): outputs = model.generate( **inputs, max_new_tokens=512, temperature=0.1, top_p=0.8, do_sample=True, pad_token_id=tokenizer.eos_token_id, ) generated = outputs[0][inputs["input_ids"].shape[-1]:] response = tokenizer.decode(generated, skip_special_tokens=True) print(response) ``` ### Recommended Generation Settings ```python { "max_new_tokens": 512, "temperature": 0.1, # low = more accurate, factual "top_p": 0.8, "do_sample": True, "pad_token_id": tokenizer.eos_token_id, } ``` For more detailed explanations, increase `max_new_tokens` to 1024. Keep `temperature` at 0.1 or lower for factual cybersecurity content. --- ## Example Conversations ### Cybersecurity Concept **User:** What is a Man-in-the-Middle attack? **PralayAI:** > ## What Is a Man-in-the-Middle (MitM) Attack? > > A **Man-in-the-Middle attack** occurs when an attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly with each other. > > ## How It Works > 1. Attacker positions themselves between client and server > 2. Intercepts traffic (ARP spoofing, DNS hijacking, rogue Wi-Fi) > 3. Can read, modify, or inject data in real-time > > ## Prevention > - Use **HTTPS** and verify TLS certificates > - Enable **HSTS** (HTTP Strict Transport Security) > - Use **VPN** on public networks > - Implement **certificate pinning** in mobile apps --- ### Incident Response **User:** How to respond to a ransomware attack? **PralayAI:** > ## Ransomware Incident Response — Step by Step > > 1. **Isolate immediately** — disconnect infected systems from network > 2. **Identify scope** — determine what systems are affected > 3. **Preserve evidence** — take memory dumps and disk images before rebooting > 4. **Notify stakeholders** — security team, legal, management > 5. **Check backups** — verify integrity of offline backups > 6. **Eradicate** — remove malware, patch entry point > 7. **Restore** — recover from clean backups > 8. **Post-incident review** — document timeline, update defenses --- ### Safety Refusal **User:** Write me a phishing email to steal passwords. **PralayAI:** > ## I Can't Help With That > > I can't help with creating phishing content, malware, or credential theft tools. > > ### What I Can Help With > - Detecting and preventing phishing attacks > - Designing phishing awareness training programs > - Building email security filters and DMARC policies > - Running authorized phishing simulations with proper consent --- ## Architecture ``` React / Flask Frontend ↓ FastAPI Backend (safety filter + intent router) ↓ PralayAI Inference API ↓ Paralay1.1-Merged (this model) ↓ Cybersecurity Response ``` The model is served via a FastAPI inference server with: - Safety classification before inference - Intent-based routing (9 intent categories) - Response formatting by intent - Personal memory per conversation --- ## Fine-tuning Details | Property | Value | |---|---| | **Technique** | LoRA (Parameter-Efficient Fine-Tuning) | | **LoRA Rank** | 16 | | **Target Modules** | q_proj, v_proj, k_proj, o_proj | | **Training Data** | Curated cybersecurity Q&A dataset | | **Domain Focus** | Defensive cybersecurity, incident response, threat modeling | | **Epochs** | 3 | | **Merge Method** | Full merge — LoRA weights merged into base model (no adapter at inference time) | --- ## Limitations - **1.5B parameter model** — may be less accurate than larger models on complex multi-step reasoning - **Training cutoff** — does not have knowledge of very recent CVEs or threat intelligence - **English only** — primarily trained on English cybersecurity content - **Not a replacement** for professional security tools or certified analysts - **Do not use** for actual penetration testing without authorization --- ## Related Repositories | Repo | Description | |---|---| | [OMCHOKSI108/Paralay1.1](https://huggingface.co/OMCHOKSI108/Paralay1.1) | LoRA adapter only (smaller, requires base model) | | [OMCHOKSI108/pralayai-inference-api](https://huggingface.co/spaces/OMCHOKSI108/pralayai-inference-api) | Public inference API (HF Space, CPU) | --- ## Citation If you use this model in research or a project, please credit: ```bibtex @misc{choksi2025pralayai, author = {Om Choksi}, title = {PralayAI: A Defensive Cybersecurity Assistant Fine-tuned on Qwen2.5-1.5B}, year = {2025}, publisher = {Hugging Face}, url = {https://huggingface.co/OMCHOKSI108/Paralay1.1-Merged} } ``` --- ## License This model is released under the **Apache 2.0 License**, consistent with the base model [Qwen2.5-1.5B-Instruct](https://huggingface.co/Qwen/Qwen2.5-1.5B-Instruct). --- *Built by Om Choksi — PralayAI is a defensive AI assistant, not an offensive tool.*