ThreatMon Launches Its Hugging Face Repository and Releases Its First Open Cybersecurity AI Model

ThreatMon today announced the launch of its official Hugging Face repository, marking the company’s first step toward contributing cybersecurity-focused AI models, datasets, and research resources to the broader AI and threat intelligence communities.

As part of this initiative, ThreatMon is releasing its first public model, qwen36-secura, a cybersecurity-focused AI model built on the Qwen3.6 architecture and designed for threat intelligence, SOC operations, threat hunting, DFIR, and vulnerability analysis workflows.

The launch reflects ThreatMon’s commitment to advancing the intersection of artificial intelligence and cybersecurity by making high-quality, domain-specific resources more accessible to researchers, practitioners, and organizations worldwide.

Advancing AI for Cybersecurity

While recent advances in large language models have transformed many industries, cybersecurity continues to require specialized knowledge, structured reasoning, and deep understanding of threat intelligence frameworks, vulnerability data, and adversary behavior.

qwen36-secura was developed to address these challenges through domain adaptation and cybersecurity-focused training. The model is designed to support a wide range of security use cases, including:

  • Threat Intelligence
  • Security Operations Center (SOC) workflows
  • Threat Hunting
  • Digital Forensics and Incident Response (DFIR)
  • Vulnerability Analysis
  • ATT&CK Mapping
  • CVSS Assessment
  • Security Research

The model was trained using a two-phase approach. The first phase focused on continued pre-training using a curated cybersecurity corpus assembled from authoritative security knowledge sources. The second phase focused on reasoning-oriented fine-tuning for tasks such as CVSS scoring, CWE mapping, ATT&CK technique extraction, and threat intelligence question answering.

Benchmark Performance

In internal evaluations using CTIBench, qwen36-secura demonstrated strong performance across multiple cybersecurity tasks.

Key results include:

  • Combined CTIBench Score: 68.41
  • ATT&CK Technique Extraction Recall: 81.09%
  • CVSS v3.1 Format Reliability: 100%

Notably, the model achieved a higher combined CTIBench score than GPT-5.4 and Gemini 3.5 Flash, while also delivering significantly stronger ATT&CK extraction performance and perfect CVSS output reliability.

Open, Accessible, and Self-Hostable

qwen36-secura is released under the Apache 2.0 license and can be fully self-hosted, enabling organizations to deploy the model within their own environments while maintaining control over sensitive data, workflows, and infrastructure.

ThreatMon believes meaningful progress in cybersecurity AI requires collaboration between researchers, defenders, and the open-source community. The company’s Hugging Face repository has been established with this principle in mind.

Building an Open Cybersecurity AI Ecosystem

The release of qwen36-secura represents the first milestone in ThreatMon’s broader AI initiative.

Going forward, ThreatMon plans to publish additional cybersecurity-focused models, curated datasets, evaluation resources, and technical research designed to advance both cyber defense capabilities and the application of AI in security operations.

By making these resources publicly available, ThreatMon aims to support practitioners, researchers, and organizations working to strengthen cybersecurity through open and accessible AI technologies.

This repository will serve as the central hub for ThreatMon’s future AI contributions, providing the community with models, datasets, and research artifacts that help bridge the gap between cybersecurity expertise and modern AI capabilities.

Explore qwen36-secura:

https://huggingface.co/ThreatMon/qwen36-secura

Visit ThreatMon on Hugging Face:

https://huggingface.co/ThreatMon

Share:

Discover the impact of robust
cybersecurity solutions in action

Discover the impact of robust cybersecurity solutions in action