Spaces:
Configuration error
title: README
emoji: π’
colorFrom: red
colorTo: purple
sdk: static
pinned: false
BugTraceAI
BugTraceAI provides fine-tuned language models designed for application security validation, authorized web pentesting, security engineering, and offensive security research.
The model lineup is split into two distinct families with different purposes:
π§ CORE β Tooling Models
CORE models are built for integration into pipelines, agents, and automated workflows. They follow instructions precisely, produce structured output (JSON, templates, PoC skeletons), and are optimized for tool use β not open-ended reasoning.
BugTraceAI-CORE-Fast β The lightweight option. Designed for high-frequency tasks where latency matters: triage, log classification, finding categorization, quick field extraction from existing reports.
BugTraceAI-CORE-Pro β Mid-tier capacity. Handles long-context tasks: full report generation from raw findings, code review, exploit-chain documentation, and remediation guidance with context coherence across thousands of tokens.
BugTraceAI-CORE-Ultra (27B) β The most capable CORE model. Based on Qwen3-27B, fine-tuned via SFT on 2,541 curated examples covering bug bounty reports, malware analysis, and WAF evasion techniques. Available in two GGUF quantizations:
- Q4_K_S with IMatrix (15 GB) β recommended for RTX 3090/4090, A4000
- Q6_K (21 GB) β maximum fidelity for A5000/A6000, H100 or custom requantization
Use CORE models when you need reliable, structured output that feeds into a pipeline or automation layer.
π Apex β Reasoning Model
Apex is built for deep offensive security reasoning. It thinks through problems step by step inside a <thinking> block before producing its answer, making it ideal for tasks where understanding why matters as much as the output itself.
BugTraceAI-G4-Apex β 26B Mixture-of-Experts model based on Gemma 4, fine-tuned via DPO on elite bug bounty reports, malware research, and WAF evasion techniques. Before every response it produces a full internal <thinking> block where it works through the problem step by step β making it ideal for tasks where the reasoning process matters as much as the answer.
Use Apex when you need the model to reason deeply about a problem rather than execute a structured task.
What the Framework Focuses On
- Agentic web pentesting workflows
- Application security and bug bounty operations
- Finding triage and validation support
- Reproduction notes and remediation guidance
- Technical reporting for engineering and security teams
Responsible Use
BugTraceAI systems are intended for authorized security work, defensive research, education, and engineering support. Users are responsible for validating outputs and ensuring legal authorization before acting on any generated content.
Links
- Organization: https://huggingface.co/BugTraceAI
- Apex (reasoning): https://huggingface.co/BugTraceAI/BugTraceAI-Apex-G4-26B-Q4
- CORE Ultra Q4 (tooling): https://huggingface.co/BugTraceAI/BugTraceAI-CORE-Ultra-27B-Q4
- CORE Ultra Q6 (tooling): https://huggingface.co/BugTraceAI/BugTraceAI-CORE-Ultra-27B-Q6
- CORE Fast (tooling): https://huggingface.co/BugTraceAI/BugTraceAI-CORE-Fast
- CORE Pro (tooling): https://huggingface.co/BugTraceAI/BugTraceAI-CORE-Pro
- Website: https://bugtraceai.com