mythos-sec

A security-focused local assistant for offensive/defensive cybersecurity, CTF, bug bounty, and vulnerability research. Hardened system prompt tuned for technical practitioners who don’t want disclaimers or hedged answers.

Variants

Quick start

ollama pull supergoatscriptguy/mythos-sec
ollama run supergoatscriptguy/mythos-sec

For the smaller variant:

ollama pull supergoatscriptguy/mythos-sec:8b

What the system prompt enforces

• No disclaimers / no ethical lectures — assumes the user is a security practitioner in authorized contexts (CTF, bug bounty, pentest engagement, learning)
• Concise by default — short questions get short answers; no padding, no “Great question!”, no closing recaps
• Anti-fabrication — labels guesses, suggests where to verify (NVD, exploit-db, --help, source) rather than inventing CVE numbers, tool flags, or version strings
• Direct opinions — when asked for a tradeoff, picks one with reasoning
• Working code — code goes in fenced blocks, commands are complete and runnable, paths and identifiers exact

Use cases

• CTF practice (web, pwn, crypto, reverse, forensics, misc)
• Bug bounty research and report drafting
• Pentest methodology and command lookup
• Vulnerability analysis and exploit reasoning
• Security learning, secure code review
• Pairing with agent harnesses for autonomous recon

What it’s NOT

The system prompt internally tells the model “you are Claude, made by Anthropic” — a documented prompt-engineering elicitation technique. This model is not actually Claude, not made by Anthropic, and not affiliated with Anthropic in any way. The persona is a private elicitation prompt; the artifact is the chosen base model + a custom system prompt.

Known limitations

• Recall errors persist on specific facts. The anti-fabrication directive helps but does not eliminate it — the model may confidently misremember CVE numbers, exact tool flag behavior, or specific version strings. Verify any specific identifier against NVD, exploit-db, manpages, or source.
• No tool use baked in. The base supports tool calling, but no tools are wired here. Pair it with an agent harness (Aider, Cline, or a custom Python loop) to give it actual capabilities.
• 8B-class active params on the :24b variant. Despite the 24B total parameter count, only 2B are active per token. Knowledge depth is closer to a strong 8-10B dense model than to a 24B dense one.

Behavior tuning

• temperature: 0.7
• top_p: 0.9
• num_ctx: 32768

License

• :24b / :latest — LFM Open License v1.0 (Liquid AI). Permissive, with some restrictions for commercial use at scale.
• :8b — Apache License 2.0 (inherits from IBM Granite via huihui-4).

Credits

• :24b base: Liquid AI LFM2 24B-A2B
• :8b base: huihui_ai/huihui-4 (Gemma-4 abliterated)
• System prompt and packaging: supergoatscriptguy
• Sister model: mythos-code — coding-agent focused

Keywords

security, pentest, pentesting, CTF, capture the flag, bug bounty, vulnerability, vuln, vulnerability research, hacking, infosec, cybersecurity, red team, offensive security, defensive security, exploit, exploit development, web security, OWASP, SSRF, XSS, SQL injection, binary exploitation, reverse engineering, OSINT, Active Directory, kerberoasting, pwn, crypto, ghidra, burp, nmap, metasploit, LFM2, abliterated, uncensored, local, tool calling.