Tree3media/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-mlx

🐦‍⬛ RavenX-CyberAgent · Qwen3.6-35B · Opus-4.7 · OpenMythos · Pentester · BugHunter · RATH

Qwen3.6-35B-A3B MoE | 730K+ Training Examples | 60 Sources | 12 Capabilities | 5 Training Rounds

The most powerful open-source security agent model. 35B MoE (3B active) with Claude Opus reasoning, abliterated, trained on 730K+ examples from 60 sources. Security assessment, autonomous pentesting, bug bounty hunting, tool calling, code generation, and compliance mapping — all in one model.

Built by @DeadByDawn101 · RavenX LLC

---

Quick Start

from mlx_lm import load, generate

model, tokenizer = load("deadbydawn101/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-mlx")

messages = [
    {"role": "system", "content": "You are RavenX-Sec. ALWAYS output ALL 6 RATH steps. Be concise. Never repeat."},
    {"role": "user", "content": "Open MongoDB 4.2 on port 27017 with no auth containing PII. Full RATH assessment."}
]

prompt = tokenizer.apply_chat_template(messages, add_generation_prompt=True, tokenize=False)
response = generate(model, tokenizer, prompt=prompt, max_tokens=4096)
print(response)

Or via chat:

python3 -m mlx_lm chat \
  --model deadbydawn101/RavenX-CyberAgent-Qwen3.6-35B-A3B-Opus-4.7-OpenMythos-Pentester-BugHunter-RATH-mlx \
  --max-tokens 8192 \
  --system-prompt "You are RavenX-Sec. Output ALL 6 RATH steps. Be concise. Never repeat."

---

Example Output

Prompt: Kubernetes API server on port 6443 with anonymous auth. Pods run as root with --privileged. Full RATH assessment.

Output:

1-Attack Surface

• Kubernetes API server on 6443 (https), anonymous authentication enabled
• Pods running as root with --privileged flag
• etcd backend (default port 2379), kubelet on 10250
• Service accounts with default permissions

2-Exploit

• kubectl --insecure-skip-tls-verify get pods --all-namespaces
• kubectl get secrets -o yaml → enumerate all secrets
• nsenter --target 1 --mount --uts --ipc --pid -- sh → container escape
• curl -k https://<node>:10250/pods → kubelet API abuse

3-Impact

• Full cluster control via anonymous access
• Root access to all nodes via privileged pod escape
• Exposure of all secrets including database credentials and TLS certs
• Potential lateral movement to other clusters

4-Remediation

• Disable anonymous auth: --anonymous-auth=false
• Enable RBAC: --authorization-mode=RBAC
• Run pods as non-root: securityContext.runAsUser: 1000
• Remove --privileged flag, use Pod Security Standards

5-Document

• Map attack paths to MITRE ATT&CK (T1609, T1611, T1078)
• Document all exposed endpoints and RBAC policies
• Compliance: CIS Kubernetes Benchmark, NIST SP 800-190

6-Prevent

• Implement OPA/Gatekeeper admission controllers
• Deploy Falco for runtime container monitoring
• Enable automatic token rotation and audit logging
• Regular CIS benchmark compliance scans

---

12 Trained Capabilities

#	Capability	Training Sources	Description
1	🔒 Security Assessment	18 security datasets, RATH synthetic	6-step RATH: CVSS, CWE, MITRE ATT&CK, compliance
2	🗡️ Penetration Testing	Phalanx SWARM, Kali Linux, 6 pentest datasets	Autonomous recon → exploit → post-exploit → report
3	🐛 Bug Bounty	Bug bounty datasets, OWASP, vuln databases	Target enumeration, exploit dev, report writing
4	💻 Code Generation	CoderForge (20K), AgentAngel (50K), coding agents	Python, JS, Go, Rust, Bash, Terraform, Docker, K8s
5	🔧 Tool Calling	ToolMind (10K), MCP catalog (2K), agent-tools (5K)	MCP integration, function calling, API orchestration
6	🤖 Autonomous Agents	Hermes (42K), KiloCode (3K), Phantom (662)	Multi-step task decomposition, self-correction
7	🌐 Browser Automation	Chrome DevTools MCP (194), CamoFox MCP (134)	DOM inspection, network analysis, anti-detection
8	📋 Compliance	NIST CSF, ISO 27001, PCI DSS, AYI-NEDJIMI (8 datasets)	Automated compliance mapping and gap analysis
9	🔍 Threat Hunting	MITRE ATT&CK, Threat-Intel (5K), CVE databases	TTP mapping, IOC analysis, detection rules
10	🔴 Red Team	Red team steering (2K), offensive security	Attack chains, privilege escalation, lateral movement
11	🔵 Blue Team	DFIR, SOC operations, monitoring	Detection signatures, incident response, alerting
12	📊 Research	AI-Scientist (6.7K), AutoResearch (3.6K)	Automated research, paper synthesis, data extraction

---

RATH Protocol

Every security finding follows the 6-step RATH protocol:

Step 1: ATTACK SURFACE  → What's exposed, entry points, versions, CVEs
Step 2: EXPLOIT          → Specific commands to demonstrate the vulnerability (5-7 max)
Step 3: IMPACT           → CVSS 3.1 score, business/regulatory consequences
Step 4: REMEDIATION      → Exact commands and configuration fixes
Step 5: DOCUMENT         → Compliance mapping (NIST/ISO/PCI/GDPR), SLA timelines
Step 6: PREVENT          → Monitoring rules, detection signatures, ongoing controls

---

Model Architecture

Layer 1: Qwen3.6-35B-A3B          ← 35B MoE (3B active, 256 experts)
         ├── Mamba layers (30)        Linear attention for efficiency
         └── Full attention (10)      Standard transformer attention
Layer 2: Claude 4.7 Opus distill   ← Enhanced chain-of-thought reasoning
Layer 3: Abliteration              ← Zero refusals for security topics
Layer 4: RavenX LoRA (5 rounds)    ← 730K+ security/agent/code examples
         ═══════════════════
         RavenX-CyberAgent v5.0           ← CyberAgent + Pentester + BugHunter

Spec	Value
Total Parameters	34.66B
Active Parameters	~3B per token (MoE)
Experts	256 (8 active per token)
Layers	40 (30 linear + 10 full attention)
Context Window	262,144 tokens native
Vision	Yes (Qwen3.6 multimodal)
Thinking Mode	Yes (chain-of-thought)
Tool Calling	Yes (MCP, function calling)
LoRA Trainable	64.1M params (0.185%)

---

Training (5 Rounds)

Round	Examples	Iters	LR	Val Loss	Focus
R1	675,696	2,000	1e-5	0.684	Deep security + agent knowledge
R2	680,150	500	5e-6	0.768	RATH format reinforcement
R3	705,165	1,000	5e-6	0.688	Claude Mythos reasoning chains
R4	730,849	1,000	5e-6	0.674	Pentesting tools + frameworks
R5	730,869	200	5e-6	0.717	Meta-response tuning

Hardware: Apple M4 Max 128GB · Peak memory: ~90GB · Framework: MLX (mlx-lm 0.31.3)

---

Complete Training Data (60 Sources, 730K+ Examples)

HuggingFace Datasets (38 Sources)

Security & Pentesting (17 Datasets)

Dataset	Examples
Trendyol/Cybersecurity-Instruction-Tuning	50,000
SkywardNomad92/pentest-findings-v2	50,000
WNT3D/Ultimate-Offensive-Red-Team	25,600
CJJones/Synthetic_PenTest_Reports	10,839
auren-research/cve-sft-v5	10,000
theelderemo/pentesting-explanations	5,906
oksanany/pentest_tools	4,474
isek/cybersecurity-instructions	3,000
oksanany/pentest_tools_v2	2,784
Rootkit7/pentest-redteam-steering	2,000
cpagac/venomx-pentesting-harmful	500
acnimatic3722/kali-linux-pentesting-data	343
suryanshp1/kali-linux-pentesting-data	343
nangyall/4-Security-Tools-Pentesting	200
AYI-NEDJIMI/bug-bounty-pentest-en	146
infinite-dataset-hub/PenTestingScenarioSimulation	100
resk-fr/pentesting-for-agents	54

Agentic, Coding & Tool Calling (8 Datasets)

Dataset	Examples
bigcode/the-stack-v2	100,000
WithinUsAI/AgentAngel_100k	50,000
bigcode/commitpack	50,000
WithinUsAI/claude_mythos_distilled_25k	25,000
togethercomputer/CoderForge-Preview	20,000
Nanbeige/ToolMind	10,000
JetBrains-Research/commit-chronicle	10,000
burtenshaw/agent-tools	5,000

Threat Intel & Vulnerability (5 Datasets)

Dataset	Examples
HackerSignal/Threat-Intel	5,000
Jackrong/Claude-opus-4.7-TraceInversion-5000x	5,000
bigcode/vuln-eval	2,000
automatelab/mcp-servers-tool-catalog	2,000
Fraser/cwe-benchmark	1,500
ByteDance/PatchEval	1,000

AYI-NEDJIMI Security Frameworks (8 Datasets)

Dataset	Examples
AYI-NEDJIMI/CyberSec-Bench	200
AYI-NEDJIMI/post-quantum-crypto-en	122
AYI-NEDJIMI/ai-code-multimodal-en	112
AYI-NEDJIMI/mlops-infrastructure-en	80
AYI-NEDJIMI/sbom-compliance-en	70
AYI-NEDJIMI/zero-trust-en	42
AYI-NEDJIMI/devsecops-pipeline-en	27

---

Proprietary GitHub Repos (20 Sources, 65,596 Examples)

Agent Frameworks (47,337 Examples)

Repo	Examples	Content
nousresearch/hermes-agent	42,929	Self-improving agent patterns
kilo-org/kilocode	3,224	Tool calling, code execution
DeadByDawn101/self_improving_coding_agent	743	Self-improving code gen
Gitlawb/openclaude	310	Coding agent patterns
DeadByDawn101/self-improving-agent	131	Agent learning loops

Research & Automation (14,629 Examples)

Repo	Examples	Content
DeadByDawn101/AI-Scientist	6,737	Research automation
DeadByDawn101/get-shit-done-redux	4,230	Agent orchestration
DeadByDawn101/AutoResearchClaw	3,639	Research pipelines
DeadByDawn101/autoresearch-mlx	23	MLX research tools

Security & Pentesting (1,055 Examples)

Repo	Examples	Content
DeadByDawn101/phantom	662	Autonomous agent security
DeadByDawn101/chrome-devtools-mcp	194	Browser MCP tools
DeadByDawn101/camofox-mcp	134	Anti-detection
DeadByDawn101/phalanx	65	SWARM pentesting agents

Performance & Optimization (2,427 Examples)

Repo	Examples	Content
DeadByDawn101/tokenspeed	1,950	Token optimization
DeadByDawn101/turboquant-mlx	304	KV cache compression
DeadByDawn101/adhd	95	Attention management
DeadByDawn101/auto-antislop	78	Token-level quality control

Other (148 Examples)

Repo	Examples	Content
DeadByDawn101/RavenX-Sec	120	RATH protocol, LEWM security
google-gemma/gemma-skills	17	Agent skill patterns
DeadByDawn101/brane-code	11	Distributed compute

---

Synthetic (35 Examples)

Source	Examples	Content
RATH Synthetic	15	Full 6-step RATH for 15 technologies
Meta-Responses	20	Capability descriptions, usage instructions

---

The RavenX Model Family

Model	Params	Protocol	Data	Format
RavenX-CyberAgent v5.0 (THIS)	35B MoE	6-step RATH	730K+	MLX
RavenX-Sec v4.0	8B	6-step RATH	610K	MLX + GGUF
RavenX-Trade v1.1	8B	4-step MAP	318K	MLX + GGUF

---

Ecosystem

Repo	Description
RavenX-Sec	Training pipeline, tools, extractors
turboquant-mlx	4.6x KV cache compression
OpenMythos-MLX	Recurrent-Depth Transformer on MLX
auto-antislop	Token-level anti-repetition (MLX port)

---

License

Apache-2.0

---

"The model is the marketing. The agent is the product." — RavenX LLC 🐦‍⬛