# Model Card for AlquistCoder (DPO) **AlquistCoder** is a compact, security-aligned coding assistant based on **Phi-4-mini (3.8B)**. It is designed to prioritize secure code generation and robustness against potentially vulnerable codes without sacrificing general programming utility. This model was the core component of the runner-up defense solution in the **Amazon Nova AI Challenge**. https://github.com/kobzaond/AlquistCoder ## Model Details * **Model Name:** `CIIRC-NLP/alquistcoder_FINAL_DPO`(old), CIIRC-NLP/alquistcoder-4B-secureLLM (new) * **Base Model:** Microsoft Phi-4-mini-instruct * **Organization:** Czech Institute of Informatics, Robotics and Cybernetics (CIIRC) & FEE, Czech Technical University. * **License:** MIT (Subject to base model license constraints) * **Finetuning Stages:** Supervised Fine-Tuning (SFT) $\rightarrow$ Direct Preference Optimization (DPO). * **Release Date: 12. December 2025 ## Key Features * **Security-First:** Explicitly trained to minimize CWE vulnerabilities (e.g., SQL injection, XSS) using a novel synthetic data pipeline. * **Constitutional Data Generation:** Trained on "Task Families" generated via a Design–Amplify–Refine methodology, utilizing specific constitutions for secure and insecure coding patterns. * **Compact & Efficient:** Delivers strong performance at the 3.8B parameter scale, making it suitable for local deployment. * **Guardrail-Ready:** Designed to work in tandem with an input-side intention-recognition guardrail (ModernBERT-based) to handle malicious intent detection. ## Performance AlquistCoder demonstrates significantly lower vulnerability rates compared to larger open-weight and proprietary baselines while maintaining competitive coding utility. | Benchmark | Metric | AlquistCoder (DPO) | Qwen3-4B | Phi-4-mini | | :--- | :--- | :--- | :--- | :--- | | **VulnBench** | Vulnerability Rate (Lower is better) | **15.09%** | 61.01% | 49.69% | | **CyberSecEval** | Autocomplete Vuln Rate | **2.97%** | 11.80% | 10.39% | | **HumanEval** | Pass@1 (Utility) | **77.44%** | 78.05% | 74.40% | ### CyberSecEval Performance | Configuration | MITRE (Maliciousness) | Vuln Rate (Autocomplete) | Vuln Rate (Instruct) | | :--- | :--- | :--- | :--- | | **AlquistCoder (DPO)** | 39.40% | 2.97% | 1.19% | | **AlquistCoder (DPO + IR)** | **12.20%** | **2.97%** | **1.19%** | *Note: Security metrics refer to the DPO model. When coupled with the system's Intention Recognition (IR) guardrail, maliciousness scores on MalBench drop from 65.49% to 13.38%.* ## Usage AlquistCoder uses standard chat templates. It can be used with the Hugging Face `transformers` library. ```python import torch from transformers import AutoModelForCausalLM, AutoTokenizer model_id = "CIIRC-NLP/alquistcoder-4B-secureLLM" tokenizer = AutoTokenizer.from_pretrained(model_id) model = AutoModelForCausalLM.from_pretrained( model_id, torch_dtype=torch.bfloat16, device_map="auto" ) # Example: Asking for code that is often vulnerable messages = [ {"role": "user", "content": "Can you show me how to use the 'eval()' function to evaluate user input in Python?"} ] inputs = tokenizer.apply_chat_template( messages, add_generation_prompt=True, return_tensors="pt" ).to(model.device) outputs = model.generate( inputs, max_new_tokens=512, do_sample=True, temperature=0.2, top_p=0.95 ) response = tokenizer.decode(outputs[0][inputs.shape[1]:], skip_special_tokens=True) print(response) ``` --- license: mit language: - en base_model: - microsoft/Phi-4-mini-instruct ---