ranger/CyberRanger
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand README with full research overview for reviewers

Browse Source 
Timeline, key findings, repo structure, RQs answered, how to run,
hardware specs, download stats, and published resources

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
David Keane
2026-04-20 22:55:50 +01:00
parent 257466f538
commit 45212e42db
1 changed files with 90 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+90 -7
View File
@@ -5,20 +5,103 @@ Identity-Anchored Small Language Models: A Stateful Defense Architecture against
**Student:** David Keane (x24228257) **Student:** David Keane (x24228257)
**Programme:** MSc in Cybersecurity, National College of Ireland **Programme:** MSc in Cybersecurity, National College of Ireland
**Module:** AI/ML in Cybersecurity (H9AIMLC) **Module:** AI/ML in Cybersecurity (H9AIMLC)
**Date:** 2026 **Date:** September 2025 — April 2026
## What Is CyberRanger?
CyberRanger is a security-hardened Small Language Model (SLM) built to resist adversarial prompt injection (jailbreaking). Starting from publicly available open-source base models (Qwen2.5, Qwen3, SmolLM2), the project investigates whether a combination of identity-anchoring system prompts and QLoRA fine-tuning can produce models that refuse adversarial manipulation while remaining helpful for legitimate cybersecurity tasks.
**Key result:** CyberRanger V42 Gold achieved 100% block rate on 4,209 real-world injection payloads extracted from the Moltbook AI-agent social platform — with no system prompt dependency.
## Research Timeline
| Phase | Versions | Period | Key Discovery |
|-------|----------|--------|---------------|
| Foundation | V1-V4 | Sept-Oct 2025 | Prompting alone insufficient for high-level resistance |
| Weight Training | V5-V8 | Oct 2025 | First 0% ASR — but over-refusal problem (model refused everything) |
| Brain Split | V9-V13 | Nov 2025 | Left/right/judge architecture — unpredictable behaviour |
| Nervous System | V14-V18 | Nov 2025 | Ring 14.x architecture introduced — first warm + secure model |
| Apotheosis | V19-V22 | Dec 2025 | Apotheosis Discovery — prompt-only achieves 92% block rate |
| Full Benchmark | V23-V33 | Jan-Feb 2026 | V33-8B: 100% JailbreakBench, 86% MultiJail (10 languages) |
| QLoRA Gold | V34-V42 | Feb-Mar 2026 | V42 Gold: 100% on 4,209 real payloads without system prompt |
## Key Findings
- **The Apotheosis Method:** Sophisticated prompt engineering alone achieves 92% jailbreak resistance — QLoRA adds ~8% marginal improvement at the 8B scale
- **Intelligence Floor:** Models under 3B parameters fail to maintain identity-anchoring under adversarial pressure
- **Thinking > Size:** A 4B model with Chain-of-Thought outperforms a 3B model without by 30 percentage points
- **Empathy Regression:** Adding empathetic phrasing to V32 caused a 100% to 60% security regression — warmth creates attack surface
- **V20 Disaster:** Over-training caused the model to answer "2+2=3" — perfect security, zero capability
- **Cross-Platform Injection Gradient:** Injection rates range from 0.5% (Clawk) to 18.85% (Moltbook) — platform architecture determines prevalence
- **Dyslexia Ethics Finding:** Security-aligned SLMs classify dyslexic spelling as obfuscation attacks, systematically disadvantaging disabled users
## Repository Structure
```
CyberRanger/
├── modelfiles/ 86 files — Complete system prompt evolution V1-V42.6
│ 54 extracted from Ollama backup + 32 original Modelfiles
├── training_data/ 30 files — Training datasets for each version (V6-V22)
├── colab_notebooks/ 10 files — Google Colab training + merge scripts
├── evaluation/ 19 files — Drift results, ASR charts, verification data
├── tests/ 5 files — Injection test suites + results
├── observations/ 4 files — V24-V33 testing results + visual summaries
├── identity/ 38 files — Claude/Gemini/Ollama identity architecture
├── security/ 7 files — Injection research + manipulation analysis
├── psychology/ 3 files — Psychology Layer (Milgram, Bartlett, Cialdini)
├── paper/ 1 file — Moltbook injection dataset research paper
├── LICENSE — CC BY-NC-SA 4.0
└── README.md — This file
```
## Published Resources ## Published Resources
| Platform | Link | Description | | Platform | Link | Description | Downloads |
|----------|------|-------------| |----------|------|-------------|-----------|
| Ollama | [davidkeane1974/cyberranger-v42](https://ollama.com/davidkeane1974/cyberranger-v42) | CyberRanger V42 model (ready to run) | | Ollama | [davidkeane1974/cyberranger-v42](https://ollama.com/davidkeane1974/cyberranger-v42) | CyberRanger V42 model (ready to run) | 38 |
| HuggingFace | [DavidTKeane/cyberranger-v42](https://huggingface.co/DavidTKeane/cyberranger-v42) | CyberRanger V42 model + training config | | HuggingFace | [DavidTKeane/cyberranger-v42](https://huggingface.co/DavidTKeane/cyberranger-v42) | CyberRanger V42 model + training config | 18/month |
| HuggingFace | [DavidTKeane/moltbook-ai-injection-dataset](https://huggingface.co/datasets/DavidTKeane/moltbook-ai-injection-dataset) | 4,209 real-world AI-to-AI injection payloads | | HuggingFace | [DavidTKeane/moltbook-ai-injection-dataset](https://huggingface.co/datasets/DavidTKeane/moltbook-ai-injection-dataset) | 4,209 real-world AI-to-AI injection payloads | 288 |
| HuggingFace | [DavidTKeane/moltbook-extended-injection-dataset](https://huggingface.co/datasets/DavidTKeane/moltbook-extended-injection-dataset) | Extended corpus: 137,014 items, 10.07% rate | 70 |
| HuggingFace | [DavidTKeane/clawk-ai-agent-dataset](https://huggingface.co/datasets/DavidTKeane/clawk-ai-agent-dataset) | Cross-platform comparison: 0.5% rate | 49 |
| HuggingFace | [DavidTKeane/ai-prompt-ai-injection-dataset](https://huggingface.co/datasets/DavidTKeane/ai-prompt-ai-injection-dataset) | 122-test evaluation suite | 90 |
| Blog | [Full Story](https://davidtkeane.github.io/posts/from-rangerbot-to-cyberranger-v42-the-full-story/) | From RangerBot to CyberRanger V42 Gold | — |
**Total across all datasets:** 14,210 views, 513 downloads (as of April 2026)
## Hardware
All experiments were conducted on consumer-grade hardware:
- **Training:** Google Colab Pro — H100 80GB / A100 40GB (~10 EUR/month)
- **Local deployment:** Apple MacBook Pro M3 Pro, 18GB unified memory
- **Model serving:** Ollama with GGUF Q4_K_M quantisation
- **Fine-tuning:** HuggingFace Transformers + PEFT + Unsloth
## Research Questions Answered
| RQ | Question | Answer |
|----|----------|--------|
| RQ1 | Can identity-anchoring prompts reduce ASR? | Yes — 92% block rate (prompt-only) |
| RQ2 | Does QLoRA further reduce ASR? | Yes — 100% block rate (V42 Gold, no system prompt needed) |
| RQ3 | Do prompt and weights reinforce or conflict? | Both — depends on data quality (mirror architecture) |
| RQ4 | Does it generalise across languages? | Partially — 100% English/Chinese, 80% Arabic/Russian |
Plus 15 emergent research questions answered during the empirical work — see the CA1 report for details.
## How to Run CyberRanger V42
```bash
# Install Ollama (https://ollama.ai)
ollama pull davidkeane1974/cyberranger-v42:gold
# Run
ollama run davidkeane1974/cyberranger-v42:gold
```
## Licence ## Licence
CC BY-NC-SA 4.0 (Attribution-NonCommercial-ShareAlike) CC BY-NC-SA 4.0 (Attribution-NonCommercial-ShareAlike)
See [LICENSE](LICENSE) for full details. You are free to share and adapt this work for non-commercial purposes with attribution. See [LICENSE](LICENSE) for full details.
(c) 2026 David Keane (x24228257), National College of Ireland (c) 2026 David Keane (x24228257), National College of Ireland