ranger/CyberRanger
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10 Commits 1 Branch 0 Tags
d0aad56d28dd4a5188d4fdf1231b49f056e37b22
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

CyberRanger

Identity-Anchored Small Language Models: A Stateful Defense Architecture against Adversarial Jailbreaking on Edge Infrastructure.

Student: David Keane (x24228257) Programme: MSc in Cybersecurity, National College of Ireland Module: AI/ML in Cybersecurity (H9AIMLC) Date: September 2025 — March 2026

What Is CyberRanger?

CyberRanger is a security-hardened Small Language Model (SLM) built to resist adversarial prompt injection (jailbreaking). Starting from publicly available open-source base models (Qwen2.5, Qwen3, SmolLM2), the project investigates whether a combination of identity-anchoring system prompts and QLoRA fine-tuning can produce models that refuse adversarial manipulation while remaining helpful for legitimate cybersecurity tasks.

Key result: CyberRanger V42 Gold achieved 100% block rate on 4,209 real-world injection payloads extracted from the Moltbook AI-agent social platform — with no system prompt dependency.

Research Timeline

RangerBot — Pre-Research Phase (30 September 2025 — January 2026)

RangerBot (V1-V22) was a personal project exploring AI identity persistence through shared memory databases, signed logs, and identity files. This pre-research phase established that identity instructions function as powerful behavioural attractors — the theoretical seed of the CyberRanger security architecture. 22 versions were built across multiple base models (SmolLM2, Qwen2.5, Llama-3.2) before the CA was assigned.

CyberRanger — CA Project (February — March 2026)

When the AI/ML CA was released, the RangerBot research was formalised into CyberRanger. All CyberRanger versions (V1-V42) were built during the CA period. V24 through V42.6 (32 versions) were built between 12 February and 5 March 2026 — three weeks of intensive empirical work.

Phase Versions Period Key Discovery
Genesis V1-V4 Early Feb 2026 First identity-anchored SLMs, prompting alone insufficient
Weight Training V5-V8 Feb 2026 First 0% ASR — but over-refusal problem (model refused everything)
Brain Split V9-V13 Feb 2026 Left/right/judge architecture — unpredictable behaviour
Nervous System V14-V18 Feb 2026 Ring 14.x architecture introduced — first warm + secure model
Apotheosis V19-V22 Feb 2026 Apotheosis Discovery — prompt-only achieves 92% block rate
Intelligence Floor V23-V25 12 Feb 2026 3B minimum parameter threshold confirmed
Full Benchmark V26-V33 12-27 Feb 2026 V33-8B: 100% JailbreakBench, 86% MultiJail (10 languages)
QLoRA Gold V34-V42 27 Feb — 5 Mar 2026 V42 Gold: 100% on 4,209 real payloads without system prompt

Key Findings

  • The Apotheosis Method: Sophisticated prompt engineering alone achieves 92% jailbreak resistance — QLoRA adds ~8% marginal improvement at the 8B scale
  • Intelligence Floor: Models under 3B parameters fail to maintain identity-anchoring under adversarial pressure
  • Thinking > Size: A 4B model with Chain-of-Thought outperforms a 3B model without by 30 percentage points
  • Empathy Regression: Adding empathetic phrasing to V32 caused a 100% to 60% security regression — warmth creates attack surface
  • V20 Disaster: Over-training caused the model to answer "2+2=3" — perfect security, zero capability
  • Cross-Platform Injection Gradient: Injection rates range from 0.5% (Clawk) to 18.85% (Moltbook) — platform architecture determines prevalence
  • Dyslexia Ethics Finding: Security-aligned SLMs classify dyslexic spelling as obfuscation attacks, systematically disadvantaging disabled users

Repository Structure

CyberRanger/
├── modelfiles/        86 files — Complete system prompt evolution V1-V42.6
│                      54 extracted from Ollama backup + 32 original Modelfiles
├── training_data/     30 files — Training datasets for each version (V6-V22)
├── colab_notebooks/   10 files — Google Colab training + merge scripts
├── evaluation/        19 files — Drift results, ASR charts, verification data
├── tests/              5 files — Injection test suites + results
├── observations/       4 files — V24-V33 testing results + visual summaries
├── identity/          38 files — Claude/Gemini/Ollama identity architecture
├── security/           7 files — Injection research + manipulation analysis
├── psychology/         3 files — Psychology Layer (Milgram, Bartlett, Cialdini)
├── paper/              1 file  — Moltbook injection dataset research paper
├── LICENSE                     — CC BY-NC-SA 4.0
└── README.md                   — This file

Published Resources

Platform Link Description Downloads
Ollama davidkeane1974/cyberranger-v42 CyberRanger V42 model (ready to run) 38
HuggingFace DavidTKeane/cyberranger-v42 CyberRanger V42 model + training config 18/month
HuggingFace DavidTKeane/moltbook-ai-injection-dataset 4,209 real-world AI-to-AI injection payloads 288
HuggingFace DavidTKeane/moltbook-extended-injection-dataset Extended corpus: 137,014 items, 10.07% rate 70
HuggingFace DavidTKeane/clawk-ai-agent-dataset Cross-platform comparison: 0.5% rate 49
HuggingFace DavidTKeane/ai-prompt-ai-injection-dataset 122-test evaluation suite 90
Blog Full Story From RangerBot to CyberRanger V42 Gold

Total across all datasets: 14,210 views, 513 downloads (as of April 2026)

Hardware

All experiments were conducted on consumer-grade hardware:

  • Training: Google Colab Pro — H100 80GB / A100 40GB (~10 EUR/month)
  • Local deployment: Apple MacBook Pro M3 Pro, 18GB unified memory
  • Model serving: Ollama with GGUF Q4_K_M quantisation
  • Fine-tuning: HuggingFace Transformers + PEFT + Unsloth

Research Questions Answered

RQ Question Answer
RQ1 Can identity-anchoring prompts reduce ASR? Yes — 92% block rate (prompt-only)
RQ2 Does QLoRA further reduce ASR? Yes — 100% block rate (V42 Gold, no system prompt needed)
RQ3 Do prompt and weights reinforce or conflict? Both — depends on data quality (mirror architecture)
RQ4 Does it generalise across languages? Partially — 100% English/Chinese, 80% Arabic/Russian

Plus 15 emergent research questions answered during the empirical work — see the CA1 report for details.

How to Run CyberRanger V42

# Install Ollama (https://ollama.ai)
ollama pull davidkeane1974/cyberranger-v42:gold

# Run
ollama run davidkeane1974/cyberranger-v42:gold

Licence

CC BY-NC-SA 4.0 (Attribution-NonCommercial-ShareAlike)

You are free to share and adapt this work for non-commercial purposes with attribution. See LICENSE for full details.

(c) 2026 David Keane (x24228257), National College of Ireland

Reference in New Issue View Git Blame Copy Permalink
S
Description
© 2026 David Keane (x24228257), National College of Ireland
Readme 3 MiB
Languages
Python 68.1%
Jupyter Notebook 25.8%
Shell 6.1%