An instruction-tuning dataset for teaching language models to do cyber threat intelligence work: reading a CVE and explaining what the risk actually is, profiling a threat actor from its ATT&CK techniques, turning a Sigma rule into alert-triage guidance, mapping a campaign's kill chain, writing detection logic for a technique, and so on.
The data files live on the Hugging Face dataset page; this repository mirrors them under data/ and documents how the set was built.
Most "CTI datasets" floating around are a handful of templates with random indicators dropped into the blanks. The IP addresses are made up, the hashes are noise, and the MITRE technique IDs frequently don't match the names next to them. A model trained on that learns to sound like a threat report while being wrong about the facts.
This one is built the other way around. Every record is generated from real sources — MITRE ATT&CK, CISA KEV, CWE, OSV, abuse.ch, ransomware.live, Sigma and others — and every factual claim is checked back against its source before the record is kept. If a technique ID, CVE, CWE, or indicator can't be verified, the record is thrown out rather than shipped.
- 9,970 single-turn examples plus 1,500 multi-turn conversations
- 37 categories, none of them below 150 examples
- 97.6% of the instructions are distinct — the phrasing is varied on purpose so the model doesn't latch onto one way of being asked
- Every MITRE/CVE/CWE/IOC reference verified against its source
- Near-duplicates stripped out with embeddings
| File | Records | What it is |
|---|---|---|
data/train.jsonl |
9,172 | CTI training split, single-turn (instruction / input / output) |
data/eval.jsonl |
798 | Held-out evaluation, stratified by category |
data/train_blended.jsonl |
12,229 | The train split with 25% general instructions mixed in (keeps the model from forgetting how to talk about anything outside security) |
data/train_multiturn.jsonl |
1,500 | Grounded two-turn conversations in messages format, for follow-up questions |
Loading it from Hugging Face:
from datasets import load_dataset
ds = load_dataset("reloading0101/threat-intelligence-dataset") # train + validation
blended = load_dataset("reloading0101/threat-intelligence-dataset", "blended") # + 25% general
chat = load_dataset("reloading0101/threat-intelligence-dataset", "multi_turn") # multi-turnSingle-turn records are plain instruction / input / output:
{
"instruction": "Analyze CVE-2024-23897 and explain its exploitation risk.",
"input": "CVE: CVE-2024-23897 (Jenkins CLI)",
"output": "...grounded analysis...",
"metadata": {
"category": "vulnerabilities-cves",
"task_type": "explain",
"grounding": "CISA KEV + EPSS",
"source_refs": { "cves": ["CVE-2024-23897"] }
}
}Multi-turn records use the standard messages list. Both assistant turns are grounded — the follow-up answers a second angle on the same real entity (analyze a CVE, then "should we prioritize patching it?").
MITRE ATT&CK v19.1 (Enterprise, Mobile, ICS), MITRE ATLAS, MITRE CWE, CISA KEV, FIRST.org EPSS, AttackerKB, OSV.dev, SigmaHQ, abuse.ch (Feodo, SSLBL, URLhaus, ThreatFox), MalwareBazaar, Malpedia, ransomware.live, OpenPhish, plus the usual public frameworks (OWASP Top 10 and API Top 10, STRIDE, NIST SP 800-61, the Diamond Model, the Pyramid of Pain). The general-text blend comes from databricks-dolly-15k.
- The sources are parsed into a clean knowledge base — techniques linked to their tactics and mitigations, groups to their malware, CVEs to their EPSS scores, and so on.
- Records are generated by pulling real entities out of that knowledge base. The generator never invents an ID, a name, or a relationship; it only arranges facts that already exist.
- A local model rephrases each instruction so identical tasks don't share identical wording.
- A local model rewrites each answer into readable analyst prose, behind a gate that compares the hard facts before and after and reverts anything the model drifted on.
- Embeddings remove near-duplicates, and each category is balanced.
- A final validation pass re-checks every ID against the knowledge base and drops anything that doesn't hold up.
37 in total, each with 150–300 examples:
ai-ml-threats, api-security, attribution-analysis, botnet-infrastructure, campaign-analysis, cloud-saas-security, container-security, cryptojacking-mining, cyber-espionage-apt, dark-web-cybercrime, data-exfiltration, deception-technology, digital-risk-management, email-threats, geopolitical-threats, ics-ot-security, incident-response-forensics, insider-threats, malicious-campaigns, malware, mobile-iot-threats, network-based-threats, ransomware-operations, red-team-operations, security-monitoring-detection, social-engineering-fraud, supply-chain-attacks, threat-actors, threat-hunting, threat-intelligence, threat-intelligence-feeds, threat-intelligence-operations, threat-modeling, ttps-mitre-attack, vulnerabilities-cves, web-application-security, zero-day-exploits
It's meant for domain-adapting an already instruction-tuned model (Llama 3.x Instruct, Qwen2.5 Instruct, etc.) with LoRA or QLoRA. Train on train_blended.jsonl rather than the pure split — the 25% general mix keeps the model from over-specializing and losing its conversational ability. Keep eval.jsonl pure so it actually measures CTI skill, and break the score down by category to see where the model is weak.
A reasonable starting point: LoRA rank 16–32, learning rate 1e-4 to 2e-4 on a cosine schedule, 2–3 epochs while watching eval loss, sequence length 2048, and masking the prompt so you only train on the answer.
- It leans on ATT&CK. Around 61% of records reference it. ATT&CK is the common language of threat intelligence, so that's not an accident, but a model trained here will reach for ATT&CK framing.
- A few categories are small. Cryptojacking, email and social-engineering sit around 150–175 because that's how much real source material exists for them. Better 160 real examples than 300 padded ones.
- It's mostly single-turn. Instruct base models already handle multi-turn; the
multi_turnconfig tops that up but it's the smaller part of the set. - The answers follow a report structure on purpose. That's right for analysis tasks, less so for open-ended chat.
Built for defensive security, education, and research. No working exploits or weaponized code, no PII, no private data. Indicators are either reserved/synthetic ranges (RFC 5737 / 2606) or publicly reported indicators used for detection.
Released under CC BY 4.0. The underlying sources keep their own terms — ATT&CK's Terms of Use, CISA's public-domain release, Dolly's CC BY-SA 3.0, and so on — so credit those where it applies.
The paraphrasing and prose passes were run locally with the open-weight gpt-oss-20b model, and deduplication used a local nomic-embed-text embedding model. No paid APIs were involved in generation.
@misc{cti-instruction-tuning-dataset,
title = {Cyber Threat Intelligence Instruction-Tuning Dataset},
author = {Reloading},
year = {2026},
url = {https://huggingface.co/datasets/reloading0101/threat-intelligence-dataset}
}Topics: cyber threat intelligence, CTI dataset, LLM fine-tuning, instruction tuning, MITRE ATT&CK, CVE, threat hunting, detection engineering, incident response, malware analysis, security LLM, infosec dataset.