---
language:
- en
base_model:
- Salesforce/codet5p-220m
pipeline_tag: text2text-generation
---

# Model Card: Thoth-v2.5


## Summary

**Thoth-v2.5** is a fine-tuned model based on `Salesforce/codet5p-220m`, specifically designed to extract two key pieces of information from a payload string:

- **attack_syntax**: The suspicious attack pattern (e.g., `<script>`, `UNION SELECT`, etc.)
- **attack_type**: The type of attack (e.g., SQL Injection, XSS, Command Injection)

The model expects inputs to be prefixed with `analysis:` as shown below:

### Input Format
```
analysis: ```payload```
```

### Output Format
```json
{
  "attack_syntax": "...",
  "attack_type": "..."
}
```

## Model Details

- **Model Name**: Thoth-v2.5  
- **Base Model**: Salesforce/codet5p-220m  
- **Architecture**: T5-style Encoder-Decoder  
- **Prefix Used**: `analysis:`  
- **Primary Language**: English (based on payloads, not natural language)

## Intended Use

This model is intended for research and educational purposes in the domain of payload analysis and attack pattern extraction. It can be used as a preprocessing step in security pipelines or as part of exploratory security tools.

### Out-of-Scope Use

- **Final Decision-Making in Security Systems**: This model should not be used as the sole basis for blocking or mitigating attacks in production environments without additional verification.
- **General Natural Language Processing**: The model is not trained for tasks involving natural language understanding beyond code and payload patterns.

## Example Usage

### Input
```
analysis: ```<script>alert('x')</script>```
```

### Output
```json
{
  "attack_syntax": "<script>alert('x')</script>",
  "attack_type": "Cross Site Scripting (XSS)"
}
```

## Training Details

- **Training Data**: Proprietary dataset curated by Seculayer, containing annotated payloads and attack types.
- **Fine-Tuning Base**: Salesforce/codet5p-220m

## Limitations & Risks

- **False Positives/Negatives**: The model may misclassify benign strings as attacks or fail to detect obfuscated or novel attack patterns.
- **Pattern-Based Only**: Thoth-v2.5 relies solely on pattern recognition and does not infer intent or contextual meaning.
- **Single-Payload Input**: The model operates on isolated payload strings and does not process broader request/response context.

## License & Usage Restrictions

- **License**: Non-commercial use only.  
- **Restrictions**: This model and its outputs must not be used for commercial purposes, including integration into commercial security solutions, products, or services, without explicit written permission from Seculayer.