An open-source cybersecurity-focused language model built entirely from scratch in PyTorch.
GhostLM is a decoder-only transformer language model trained on CVE vulnerability descriptions, CTF writeups, and cybersecurity research. Built from scratch — no pretrained weights, no wrappers, every component written by hand.
Security researchers currently rely on generic models (GPT-4, Llama) that weren't trained with security context. GhostLM is purpose-built for:
- CVE analysis and vulnerability explanation
- CTF challenge reasoning
- Penetration testing assistance
- Exploit and attack pattern understanding
- Security concept explanation
Two reasons. First, most offensive-security content that the best general models have seen was filtered or RLHF-nudged away during alignment — a fine-tune on top fights that prior. Training the tokenizer and weights from zero with security text in the mix lets the model treat CVE IDs, shell one-liners, and exploit technique names as first-class tokens rather than something to refuse. Second, GhostLM is also a study project. Every layer — attention, positional encoding, LR schedule, BPE — is hand-written so the codebase doubles as a readable reference for how a transformer is actually put together. A fine-tune hides that behind AutoModel.from_pretrained.
It is explicitly not trying to beat Llama on general benchmarks. It's trying to be the right tool for one narrow job, and a transparent one.
| Parameter | Value |
|---|---|
| Architecture | Decoder-only Transformer |
| Parameters (ghost-small) | ~55M |
| Context Length | 1024 tokens |
| Layers | 6 |
| Attention Heads | 8 |
| Embedding Dim | 512 |
| Tokenizer | GPT-2 BPE (50,261 tokens) |
Built with:
- Multi-head causal self-attention (manual implementation)
- RoPE (Rotary Position Embeddings) — opt-in via
use_rope=True, replaces learned positional embeddings with the relative-position encoding used by LLaMA / Mistral - Flash Attention — opt-in via
use_flash_attention=True, routes through PyTorch 2.0+scaled_dot_product_attentionforO(n)memory - Pre-norm transformer blocks with residual connections
- Cosine LR schedule with linear warmup
- Weight-tied output projection
- AdamW with weight decay separation
- Safetensors export for safe, arbitrary-code-free weight distribution (see
scripts/export.py)
| Variant | Layers | Dim | Params | Status |
|---|---|---|---|---|
| ghost-tiny | 2 | 256 | ~14.5M | Phase 1 complete (10K steps) |
| ghost-small | 6 | 512 | ~55M | Planned |
| ghost-medium | 12 | 768 | ~160M | Future |
git clone https://github.com/joemunene-by/GhostLM.git
cd GhostLM
make installmake data# CPU-friendly (ghost-tiny)
make train-tiny
# GPU (ghost-small)
make train-smallmake generatemake chatpip install gradio
python demo/app.pymake benchmark# Safe, pickle-free weights for HuggingFace Hub distribution
python scripts/export.py --format safetensors
# Classic PyTorch checkpoint
python scripts/export.py --format ptmake plot| Source | Records | Type |
|---|---|---|
| NVD CVE Database | 9,925 | Real |
| Security Research Papers | 500 | Synthetic |
| CTF Writeups | 500 | Synthetic |
| Total | 10,925 |
| Run | Steps | Train Loss | Val Loss | Status |
|---|---|---|---|---|
| ghost-tiny Phase 1 | 10,000 | 1.97 | 2.74 | Complete |
| ghost-tiny Phase 2 | 100,000 | — | — | Next (Mac Mini M4) |
| Metric | Score |
|---|---|
| Cybersecurity Perplexity | 2,183.94 |
| GPT-2 Baseline (117M) | 26.76 |
| CVE Severity Classification | 20.0% |
| Vulnerability Type Detection | 10.0% |
| Attack Technique ID | 10.0% |
| Overall Security Score | 13.3% |
The model generates security-domain text with correct vocabulary but can't reason yet at this scale. Phase 2 (100K steps) will close the gap.
GhostLM/
├── ghostlm/ # Core library
│ ├── model.py # Transformer architecture (RoPE + Flash Attention toggles)
│ ├── config.py # Hyperparameters + ghost-tiny/small/medium presets
│ ├── tokenizer.py # GPT-2 BPE wrapper
│ ├── dataset.py # PyTorch dataset
│ └── trainer.py # Training loop
├── scripts/ # CLI tools
│ ├── train.py # Training entry point
│ ├── generate.py # Text generation
│ ├── chat.py # Interactive chat
│ ├── evaluate.py # Evaluation
│ ├── eval_security.py # Security-specific evaluation
│ ├── benchmark.py # GPT-2 comparison
│ ├── export.py # Weights export (safetensors / pt) + SHA-256 + config.json
│ ├── api.py # REST API server
│ ├── data_stats.py # Training-data statistics
│ ├── plot_training.py # Loss-curve plotter
│ ├── push_to_hub.py # HuggingFace Hub publisher
│ └── resume_train.sh # Resume an interrupted training run
├── data/ # Data pipeline
├── demo/ # Gradio web demo (demo/app.py)
├── tests/ # 16 unit tests
└── Makefile # One-command workflow
- Full transformer from scratch
- Training pipeline verified
- 10,925 cybersecurity records
- ghost-tiny trained to 10,000 steps on CPU
- Full evaluation suite with benchmark vs GPT-2
- MODEL_CARD with detailed results
- RoPE (Rotary Position Embeddings) — config-toggled
- Flash Attention via
scaled_dot_product_attention— config-toggled - Safetensors export with config.json sidecar and SHA-256 checksum
- Pinned dependency versions + PEP 639 license metadata
- Test suite grown from 10 → 16 tests
- 100K steps on Mac Mini M4 with RoPE + Flash Attention enabled
- HuggingFace Hub weights release (safetensors)
- Gradio web demo
- Public weights + REST API
- Fine-tuning scripts
See CONTRIBUTING.md for how to get involved.
MIT — see LICENSE
Joe Munene — Complex Developers
Built in Nairobi, Kenya.