Security/ ai · cybersecurity · small language models · security

Small Security Models That Punch Above Their Size

CyberPal 2.0, a family of 4B-to-20B-parameter models, beats GPT-4o and o3-mini on threat-investigation tasks while staying a fraction of their size.

Researchers have released CyberPal 2.0, a set of compact language models purpose-built for cybersecurity work.

The model family ranges from 4 billion to 20 billion parameters — small by frontier standards — and was trained on SecKnowledge 2.0, a dataset built with a mix of human expert steering and automated multi-step grounding to produce detailed, task-specific reasoning traces. On threat-investigation benchmarks — the kind of work that involves correlating vulnerabilities with bug tickets and known weaknesses — the 20B model outperformed GPT-4o, o1, o3-mini, and Sec-Gemini v1, ranking first. The 4B model placed second. On cyber threat intelligence tasks, the models beat nearly every tested frontier model, trailing only Sec-Gemini v1.

The practical argument here is straightforward: security teams often cannot send sensitive data to a third-party API, and running a 200B-parameter model on-premise is not realistic for most organizations. A capable 4B or 20B model that can be self-hosted changes that calculus. The gap between general-purpose frontier models and domain-specific ones has been narrowing for a while in fields like medicine and law — cybersecurity is catching up.

That said, benchmark performance on curated datasets and performance in a live SOC environment are two different things, and the paper does not claim otherwise.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →