{RedSage}: A Cybersecurity Generalist {LLM}
Cybersecurity operations demand assistant {LLMs} that support diverse workflows without exposing sensitive data. Existing solutions either rely on proprietary {APIs} with privacy risks or on open models lacking domain adaptation. To bridge this gap, we curate 11.8B tokens of cybersecurity-focused continual pretraining data via large-scale web filtering and manual collection of high-quality resources, spanning 28.6K documents across frameworks, offensive techniques, and security tools. Building on this, we design an agentic augmentation pipeline that simulates expert workflows to generate 266K multi-turn cybersecurity samples for supervised fine-tuning. Combined with general open-source {LLM} data, these resources enable the training of {RedSage}, an open-source, locally deployable cybersecurity assistant with domain-aware pretraining and post-training. To rigorously evaluate the models, we introduce {RedSage}-Bench, a benchmark with 30K multiple-choice and 240 open-ended Q{\textbackslash}\&A items covering cybersecurity knowledge, skills, and tool expertise. {RedSage} is further evaluated on established cybersecurity benchmarks (e.g., {CTI}-Bench, {CyberMetric}, {SECURE}) and general {LLM} benchmarks to assess broader generalization. At the 8B scale, {RedSage} achieves consistently better results, surpassing the baseline models by up to +5.59 points on cybersecurity benchmarks and +5.05 points on Open {LLM} Leaderboard tasks. These findings demonstrate that domain-aware agentic augmentation and pre/post-training can not only enhance cybersecurity-specific expertise but also help to improve general reasoning and instruction-following. Project page: https://risys-lab.github.io/{RedSage}/
- Veröffentlicht in:
14th International Conference on Learning Representations (ICLR) - Typ:
Inproceedings - Autoren:
- Jahr:
2026 - Source:
https://openreview.net/forum?id=W4FAenIrQ2
Informationen zur Zitierung
: {RedSage}: A Cybersecurity Generalist {LLM}, 14th International Conference on Learning Representations (ICLR), 2026, https://openreview.net/forum?id=W4FAenIrQ2, Suryanto.etal.2026a,
@Inproceedings{Suryanto.etal.2026a,
author={Suryanto, Naufal; Naseer, Muzammal; Li, Pengfei; Wasim, Syed Talal; Yi, Jinhui; Gall, Juergen; Ceravolo, Paolo; Damiani, Ernesto},
title={{RedSage}: A Cybersecurity Generalist {LLM}},
booktitle={14th International Conference on Learning Representations (ICLR)},
url={https://openreview.net/forum?id=W4FAenIrQ2},
year={2026},
abstract={Cybersecurity operations demand assistant {LLMs} that support diverse workflows without exposing sensitive data. Existing solutions either rely on proprietary {APIs} with privacy risks or on open models lacking domain adaptation. To bridge this gap, we curate 11.8B tokens of cybersecurity-focused continual pretraining data via large-scale web filtering and manual collection of high-quality...}}