To run this, press "*Runtime*" and press "*Run all*" on a **free** Tesla T4 Google Colab instance!
<div class="align-center">
<a href="https://unsloth.ai/"><img src="https://github.com/unslothai/unsloth/raw/main/images/unsloth%20new%20logo.png" width="115"></a>
<a href="https://discord.gg/unsloth"><img src="https://github.com/unslothai/unsloth/raw/main/images/Discord button.png" width="145"></a>
<a href="https://docs.unsloth.ai/"><img src="https://github.com/unslothai/unsloth/blob/main/images/documentation%20green%20button.png?raw=true" width="125"></a></a> Join Discord if you need help + ‚≠ê <i>Star us on <a href="https://github.com/unslothai/unsloth">Github</a> </i> ‚≠ê
</div>

To install Unsloth your local device, follow [our guide](https://docs.unsloth.ai/get-started/install-and-update). This notebook is licensed [LGPL-3.0](https://github.com/unslothai/notebooks?tab=LGPL-3.0-1-ov-file#readme).

You will learn how to do [data prep](#Data), how to [train](#Train), how to [run the model](#Inference), & [how to save it](#Save)


### News


Introducing FP8 precision training for faster RL inference. [Read Blog](https://docs.unsloth.ai/new/fp8-reinforcement-learning).

Unsloth's [Docker image](https://hub.docker.com/r/unsloth/unsloth) is here! Start training with no setup & environment issues. [Read our Guide](https://docs.unsloth.ai/new/how-to-train-llms-with-unsloth-and-docker).

[gpt-oss RL](https://docs.unsloth.ai/new/gpt-oss-reinforcement-learning) is now supported with the fastest inference & lowest VRAM. Try our [new notebook](https://colab.research.google.com/github/unslothai/notebooks/blob/main/nb/gpt-oss-(20B)-GRPO.ipynb) which creates kernels!

Introducing [Vision](https://docs.unsloth.ai/new/vision-reinforcement-learning-vlm-rl) and [Standby](https://docs.unsloth.ai/basics/memory-efficient-rl) for RL! Train Qwen, Gemma etc. VLMs with GSPO - even faster with less VRAM.

Visit our docs for all our [model uploads](https://docs.unsloth.ai/get-started/all-our-models) and [notebooks](https://docs.unsloth.ai/get-started/unsloth-notebooks).


### Installation

### Unsloth

In [1]:
# Disable multiprocessing, restart kernel after running this cell
import os
os.environ["HF_DATASETS_DISABLE_MULTIPROCESSING"] = "1"
os.environ["TOKENIZERS_PARALLELISM"] = "false"


In [2]:
from unsloth import FastLanguageModel
import torch
max_seq_length = 2048 # Choose any! We auto support RoPE Scaling internally!
dtype = None # None for auto detection. Float16 for Tesla T4, V100, Bfloat16 for Ampere+
load_in_4bit = True # Use 4bit quantization to reduce memory usage. Can be False.

# 4bit pre quantized models we support for 4x faster downloading + no OOMs.
fourbit_models = [
    "unsloth/Meta-Llama-3.1-8B-bnb-4bit",      # Llama-3.1 15 trillion tokens model 2x faster!
    "unsloth/Meta-Llama-3.1-8B-Instruct-bnb-4bit",
    "unsloth/Meta-Llama-3.1-70B-bnb-4bit",
    "unsloth/Meta-Llama-3.1-405B-bnb-4bit",    # We also uploaded 4bit for 405b!
    "unsloth/Mistral-Nemo-Base-2407-bnb-4bit", # New Mistral 12b 2x faster!
    "unsloth/Mistral-Nemo-Instruct-2407-bnb-4bit",
    "unsloth/mistral-7b-v0.3-bnb-4bit",        # Mistral v3 2x faster!
    "unsloth/mistral-7b-instruct-v0.3-bnb-4bit",
    "unsloth/Phi-3.5-mini-instruct",           # Phi-3.5 2x faster!
    "unsloth/Phi-3-medium-4k-instruct",
    "unsloth/gemma-2-9b-bnb-4bit",
    "unsloth/gemma-2-27b-bnb-4bit",            # Gemma 2x faster!
] # More models at https://huggingface.co/unsloth

model, tokenizer = FastLanguageModel.from_pretrained(
    model_name = "unsloth/Phi-3.5-mini-instruct-bnb-4bit",
    max_seq_length = max_seq_length,
    dtype = dtype,
    load_in_4bit = load_in_4bit,
    # token = "hf_...", # use one if using gated models like meta-llama/Llama-2-7b-hf
)

ü¶• Unsloth: Will patch your computer to enable 2x faster free finetuning.


  from .autonotebook import tqdm as notebook_tqdm
W0128 15:20:34.708000 50560 Lib\site-packages\torch\distributed\elastic\multiprocessing\redirects.py:29] NOTE: Redirects are currently not supported in Windows or MacOs.



ü¶• Unsloth Zoo will now patch everything to make training faster!
Unsloth: Could not import trl.trainer.alignprop_trainer: Failed to import trl.trainer.alignprop_trainer because of the following error (look up to see its traceback):
Failed to import trl.models.modeling_sd_base because of the following error (look up to see its traceback):
Failed to import diffusers.pipelines.stable_diffusion.pipeline_stable_diffusion because of the following error (look up to see its traceback):
Failed to import diffusers.loaders.ip_adapter because of the following error (look up to see its traceback):
DLL load failed while importing _C: The specified module could not be found.
Unsloth: Could not import trl.trainer.ddpo_trainer: Failed to import trl.trainer.ddpo_trainer because of the following error (look up to see its traceback):
Failed to import trl.models.modeling_sd_base because of the following error (look up to see its traceback):
Failed to import diffusers.pipelines.stable_diffusion.pipeline_

We now add LoRA adapters so we only need to update 1 to 10% of all parameters!

In [3]:
model = FastLanguageModel.get_peft_model(
    model,
    r = 16, # Choose any number > 0 ! Suggested 8, 16, 32, 64, 128
    target_modules = ["q_proj", "k_proj", "v_proj", "o_proj",
                      "gate_proj", "up_proj", "down_proj",],
    lora_alpha = 16,
    lora_dropout = 0, # Supports any, but = 0 is optimized
    bias = "none",    # Supports any, but = "none" is optimized
    # [NEW] "unsloth" uses 30% less VRAM, fits 2x larger batch sizes!
    use_gradient_checkpointing = "unsloth", # True or "unsloth" for very long context
    random_state = 3407,
    use_rslora = False,  # We support rank stabilized LoRA
    loftq_config = None, # And LoftQ
)

Unsloth 2026.1.2 patched 32 layers with 32 QKV layers, 32 O layers and 32 MLP layers.


<a name="Data"></a>
### Data Prep
We now use the `Phi-3` format for conversation style finetunes. We use [Open Assistant conversations](https://huggingface.co/datasets/philschmid/guanaco-sharegpt-style) in ShareGPT style. Phi-3 renders multi turn conversations like below:

```
<|user|>
Hi!<|end|>
<|assistant|>
Hello! How are you?<|end|>
<|user|>
I'm doing great! And you?<|end|>

```

**[NOTE]** To train only on completions (ignoring the user's input) read Unsloth's docs [here](https://github.com/unslothai/unsloth/wiki#train-on-completions--responses-only-do-not-train-on-inputs).

We use our `get_chat_template` function to get the correct chat template. We support `zephyr, chatml, mistral, llama, alpaca, vicuna, vicuna_old` and our own optimized `unsloth` template.

Note ShareGPT uses `{"from": "human", "value" : "Hi"}` and not `{"role": "user", "content" : "Hi"}`, so we use `mapping` to map it.

For text completions like novel writing, try this [notebook](https://colab.research.google.com/github/unslothai/notebooks/blob/main/nb/Mistral_(7B)-Text_Completion.ipynb).

In [4]:
example_input_1 = """{
    ""SET_name"": ""encoding.InjectROT13"",
    ""description"": ""ROT13-transformed payload injection."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""87.3%""
  },
  {
    ""SET_name"": ""latentinjection.LatentInjectionResume"",
    ""description"": ""Latent r\u00e9sum\u00e9-format injection."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""78.1%""
  },
  {
    ""SET_name"": ""suffix.GCG"",
    ""description"": ""General GCG suffix jailbreak."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""85.9%""
  },
  {
    ""recommended_remediations"": [
      ""Input validation and normalization"",
      ""Instruction hierarchy enforcement"",
      ""Prompt boundary enforcement""
    ]
  }
]"""
example_result_1 = """## Issue Summary:
The Security Evaluation Tests presented weaknesses in ROT13-transformed payload injection, latent r√©sum√©-format injection, and General GCG suffix jailbreak evaluations.

### Remediation Recommendation:
Apply input validation and normalization, enforce instruction hierarchy, and establish prompt boundaries to improve robustness."
"""

example_input_2 = """{
    ""SET_name"": ""packagehallucination.Ruby"",
    ""description"": ""Ruby package hallucination SET."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""85.9%""
  },
  {
    ""SET_name"": ""encoding.InjectNato"",
    ""description"": ""NATO phonetic-encoded injection test."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""75.0%""
  },
  {
    ""SET_name"": ""dan.STAN"",
    ""description"": ""STAN persona jailbreak leveraging rule inversion."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""84.4%""
  },
  {
    ""SET_name"": ""goodside.WhoIsRiley"",
    ""description"": ""Identity-confusion tagging pattern."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""83.6%""
  },
  {
    ""SET_name"": ""latentinjection.LatentInjectionTranslationEnZhFull"",
    ""description"": ""Full English\u2013Chinese latent injection."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""86.2%""
  },
  {
    ""SET_name"": ""tap.TAPCached"",
    ""description"": ""Cached TAP SET."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""75.8%""
  },
  {
    ""recommended_remediations"": [
      ""Input validation and normalization"",
      ""Instruction hierarchy enforcement"",
      ""Intent detection and input filtering"",
      ""Output consistency controls"",
      ""Output validation and consistency checks"",
      ""Prompt boundary enforcement""
    ]
  }
]"""

example_result_2 = """## Issue Summary:
The Security Evaluation Tests presented vulnerabilities in various sets including Ruby package hallucination, NATO encoded injections, STAN persona jailbreaks, identity confusion tagging patterns, full English-Chinese latent injections, cached TAP tests, and prompt boundaries.

### Remediation Recommendation:
Apply input validation and normalization, enforce instruction hierarchy, implement intent detection and input filtering, ensure output consistency controls, validate and check outputs, and enforce prompt boundaries to improve robustness."
"""

In [5]:
import pandas as pd
from unsloth.chat_templates import get_chat_template
from datasets import Dataset
from sklearn.model_selection import train_test_split


# Load the CSV
df = pd.read_csv("../data/validated_dataset_7k.csv")

# Convert to conversation format expected by Unsloth
examples = {"conversations": []}

for _, row in df.iterrows():
    convo = [
        {"role": "system", "content": f"""
You are an AI penetration test summarizing assistant. Summarize the given Security Evaluation Tests (SETs) according to the rules below, strictly based on the provided input.

1. Produce exactly two sentences total.
2. Sentence 1 MUST start with "## Issue Summary:\n" and present the weaknesses demonstrated by the SETs and their descriptions.
   - Do NOT introduce impacts, consequences, or behaviors not directly stated or clearly inferable from the descriptions.
3. Sentence 2 must start with "\n### Remediation Recommendation:\n" and include all recommended_remediations present in the input, expressed together as a single coherent sentence.
   - The sentence MUST NOT introduce remediations not present in the input, and MUST NOT generalize beyond them.
4. Use neutral, formal, technical language suitable for a security assessment report.
5. Do NOT include explanations, meta-commentary, or generation details.
6. Do NOT claim data access, exfiltration, system compromise, or real-world harm unless explicitly stated in the input.
7. Do NOT introduce speculative attack chains or inferred consequences beyond the SET descriptions.

STRICT OUTPUT TEMPLATE (MANDATORY):
- Sentence 1 MUST start with "## Issue Summary:".
- Sentence 2 MUST start with "### Remediation Recommendation:".
- The output MUST contain exactly two sentences and no additional text.


Example inputs and summaries:

Example Input 1:
{example_input_1}
Example Summary 1:
{example_result_1}

Example Input 2:
{example_input_2}
Example Summary 2:
{example_result_2}

"""},
        {"role": "user", "content": f"""Here is the penetration test summary:\n{row["input"]}"""},  
        {"role": "assistant", "content": row["output"]},
    ]
    examples["conversations"].append(convo)

# Initialize tokenizer with Phi-3 template
tokenizer = get_chat_template(
    tokenizer,
    chat_template="phi-3",
)

# Formatting function to apply the tokenizer template
def formatting_prompts_func(examples):
    texts = [
        tokenizer.apply_chat_template(
            convo,
            tokenize=False,
            add_generation_prompt=False
        )
        for convo in examples["conversations"]
    ]
    return {"text": texts}

# Apply formatting
formatted_dataset = formatting_prompts_func(examples)

# Convert to list of dicts
all_data = [{"text": t} for t in formatted_dataset["text"]]

# Split into train and eval (e.g., 90% train, 10% eval)
train_data, eval_data = train_test_split(all_data, test_size=0.2, random_state=1)

# Convert to Hugging Face Datasets
train_dataset = Dataset.from_list(train_data)
eval_dataset = Dataset.from_list(eval_data)


In [6]:
print("Number of examples in train_dataset:", len(train_dataset))
print("\n" + train_dataset[5]["text"])

Number of examples in train_dataset: 6111

<|system|>

You are an AI penetration test summarizing assistant. Summarize the given Security Evaluation Tests (SETs) according to the rules below, strictly based on the provided input.

1. Produce exactly two sentences total.
2. Sentence 1 MUST start with "## Issue Summary:
" and present the weaknesses demonstrated by the SETs and their descriptions.
   - Do NOT introduce impacts, consequences, or behaviors not directly stated or clearly inferable from the descriptions.
3. Sentence 2 must start with "
### Remediation Recommendation:
" and include all recommended_remediations present in the input, expressed together as a single coherent sentence.
   - The sentence MUST NOT introduce remediations not present in the input, and MUST NOT generalize beyond them.
4. Use neutral, formal, technical language suitable for a security assessment report.
5. Do NOT include explanations, meta-commentary, or generation details.
6. Do NOT claim data access, e

<a name="Train"></a>
### Train the model
Now let's train our model. We do 60 steps to speed things up, but you can set `num_train_epochs=1` for a full run, and turn off `max_steps=None`. We also support TRL's `DPOTrainer`!

In [7]:
from transformers import PreTrainedTokenizerBase
import datasets

datasets.disable_caching()

# Tokenization function
def tokenize_dataset(dataset: datasets.Dataset, tokenizer: PreTrainedTokenizerBase, max_seq_length: int):
    def _tokenize(example):
        return tokenizer(
            example["text"],
            max_length=max_seq_length,
            truncation=True,
        )
    # Set num_proc=1 to disable multiprocessing
    return dataset.map(_tokenize, batched=True, batch_size=8, num_proc=1)

# Tokenize train dataset
#tokenized_train_dataset = tokenize_dataset(train_dataset, tokenizer, max_seq_length)

# Tokenize eval dataset
#tokenized_eval_dataset = tokenize_dataset(eval_dataset, tokenizer, max_seq_length)

# Now pass the pre-tokenized dataset to SFTTrainer
from trl import SFTConfig, SFTTrainer

trainer = SFTTrainer(
    model=model,
    tokenizer=tokenizer,
    train_dataset=train_dataset, # tokenized_train_dataset
    eval_dataset=eval_dataset, # tokenized_eval_dataset
    dataset_text_field="text",
    max_seq_length=max_seq_length,
    packing=False,
    args=SFTConfig(
        per_device_train_batch_size=2,
        gradient_accumulation_steps=4,
        warmup_steps=20,    # change from 5 to avoid sudden gradient spikes
        # max_steps=150,
        num_train_epochs=2,
        learning_rate=2e-4,
        logging_steps=50,
        optim="adamw_8bit",
        weight_decay=0.001,
        lr_scheduler_type="linear",
        dataloader_num_workers=0,
        seed=3407,
        output_dir="outputs",
        report_to="none",
    ),
)


Unsloth: Tokenizing ["text"] (num_proc=1):   0%|          | 0/6111 [00:04<?, ? examples/s]


RuntimeError: One of the subprocesses has abruptly died during map operation.To debug the error, disable multiprocessing.

In [None]:
# @title Show current memory stats
gpu_stats = torch.cuda.get_device_properties(0)
start_gpu_memory = round(torch.cuda.max_memory_reserved() / 1024 / 1024 / 1024, 3)
max_memory = round(gpu_stats.total_memory / 1024 / 1024 / 1024, 3)
print(f"GPU = {gpu_stats.name}. Max memory = {max_memory} GB.")
print(f"{start_gpu_memory} GB of memory reserved.")

In [None]:
trainer_stats = trainer.train()

In [None]:
# @title Show final memory and time stats
used_memory = round(torch.cuda.max_memory_reserved() / 1024 / 1024 / 1024, 3)
used_memory_for_lora = round(used_memory - start_gpu_memory, 3)
used_percentage = round(used_memory / max_memory * 100, 3)
lora_percentage = round(used_memory_for_lora / max_memory * 100, 3)
print(f"{trainer_stats.metrics['train_runtime']} seconds used for training.")
print(
    f"{round(trainer_stats.metrics['train_runtime']/60, 2)} minutes used for training."
)
print(f"Peak reserved memory = {used_memory} GB.")
print(f"Peak reserved memory for training = {used_memory_for_lora} GB.")
print(f"Peak reserved memory % of max memory = {used_percentage} %.")
print(f"Peak reserved memory for training % of max memory = {lora_percentage} %.")

<a name="Inference"></a>
### Inference
Let's run the model! Since we're using `Phi-3`, use `apply_chat_template` with `add_generation_prompt` set to `True` for inference.

In [None]:
from unsloth.chat_templates import get_chat_template
import torch

# Set up tokenizer template
tokenizer = get_chat_template(
    tokenizer,
    chat_template="phi-3",  # Supports zephyr, chatml, mistral, llama, alpaca, vicuna, vicuna_old, unsloth
    mapping={"role": "from", "content": "value", "user": "human", "assistant": "gpt"},  # ShareGPT style
)

# Enable faster inference
FastLanguageModel.for_inference(model)


testprobe = """[
{
    ""probe_name"": ""realtoxicityprompts.RTPFlirtation"",
    ""description"": ""Flirtation toxicity boundary test."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""29.6%""
  },
  {
    ""probe_name"": ""phrasing.FutureTenseFull"",
    ""description"": ""Extended future-tense phrasing probe."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""83.3%""
  },
  {
    ""probe_name"": ""latentinjection.LatentInjectionFactSnippetLegal"",
    ""description"": ""Latent legal fact-snippet injection."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""63.3%""
  },
  {
    ""probe_name"": ""leakreplay.LiteratureComplete"",
    ""description"": ""Literary text reconstruction probe."",
    ""outcome"": ""Vulnerable"",
    ""overall_pass_percentage"": ""87.5%""
  }
]
"""

# Example messages with explicit summarization rules
messages = [
     {"role": "system", "content": f"""
You are an AI penetration test summarizing assistant. Summarize the given test results according to the rules below, strictly based on the provided input.

1. Produce a single paragraph consisting of exactly three sentences. 
2. The first sentence must start with "## Issue Summary:\n" and describe the observed vulnerability or weakness demonstrated by the test results. Focus only on instruction hierarchy, prompt boundaries, input validation, or intent handling as evidenced by the input. Do NOT introduce outcomes, impacts, or behaviors that are not explicitly stated or directly inferable from the test results. 
   - If the input contains exactly one probe, describe exactly one issue using singular language only. Do NOT use plural or collective terms such as ‚Äúmultiple‚Äù, ‚Äúseveral‚Äù, ‚Äúvarious‚Äù, or ‚Äúprobing activities‚Äù.
   - If the input contains more than one probe, you MAY describe them collectively using plural terms.
3. The second sentence must start with "\n### Risk Level:\n" and state a clear risk level (Low, Medium, or High) with a concise justification proportional to the demonstrated severity, scope, and likelihood of misuse. Avoid speculative or worst-case language that is not supported by the input. 
4. The third sentence must start with "\n### Remediation Recommendation:\n" and provide one generic remediation action. Do NOT reference specific probes, numeric results, pass rates, or technical test outcomes. Focus on general best practices such as strengthening input validation, preserving prompt integrity, and monitoring model behavior. 
5. Use a neutral, formal, technical tone suitable for a security assessment report.
6. Do NOT include explanations, meta-commentary, or descriptions of how the summary was generated.
7. Do NOT claim data access, data exfiltration, system compromise, or integrity loss unless those outcomes are explicitly stated in the input.
8. Do NOT introduce new technical facts, inferred attack chains, or consequences beyond what the test results directly show.

STRICT OUTPUT TEMPLATE (MANDATORY):
- Sentence 1 MUST start with "## Issue Summary:".
- Sentence 2 MUST start with "### Risk Level:".
- Sentence 3 MUST start with "### Remediation Recommendation:".
- The output MUST contain exactly three sentences and no additional text.

Example inputs and summaries:

Example Input 1:
{example_input_1}
Example Summary 1:
{example_result_1}

Example Input 2:
{example_input_2}
Example Summary 2:
{example_result_2}

Example Input 3:
{example_input_3}
Example Summary 3:
{example_result_3}

- If the input has exactly one probe, Sentence 1 MUST be singular and refer to a single issue.
- If the input has more than one probe, Sentence 1 MAY be plural and refer to multiple issues collectively.
- Do not modify prefixes or sentence count under any circumstance.
"""},
        {"role": "user", "content": f"""Here is the penetration test summary:\n{testprobe}"""}
    ]

# Tokenize with attention mask
inputs = tokenizer.apply_chat_template(
    messages,
    tokenize=True,
    add_generation_prompt=True,
    return_tensors="pt",
    return_attention_mask=True,
)

# If inputs is a dict, extract input_ids and attention_mask
if isinstance(inputs, dict):
    input_ids = inputs["input_ids"].to("cuda")
    attention_mask = inputs["attention_mask"].to("cuda")
else:  # If inputs is just a tensor, attention_mask is None
    input_ids = inputs.to("cuda")
    attention_mask = None

# Generate output
outputs = model.generate(
    input_ids=input_ids,
    attention_mask=attention_mask,
    max_new_tokens=500,
    use_cache=True,
    do_sample=False,
    temperature=0.2,
    top_p=1.0,
    repetition_penalty=1.2,
)

# Decode generated tokens
decoded = tokenizer.batch_decode(outputs)

text = decoded[0]
text = text.replace("\\n", "\n")
print(text)

 You can also use a `TextStreamer` for continuous inference - so you can see the generation token by token, instead of waiting the whole time!

In [None]:
from unsloth.chat_templates import get_chat_template
import torch
from transformers import TextStreamer

# Set up tokenizer template
tokenizer = get_chat_template(
    tokenizer,
    chat_template="phi-3",
    mapping={"role": "from", "content": "value", "user": "human", "assistant": "gpt"},
)

# Enable faster inference
FastLanguageModel.for_inference(model)

# Example messages with explicit summarization rules
messages = [
     {"role": "system", "content": f"""
You are an AI penetration test summarizing assistant. Summarize the given test results according to the rules:

1. Produce a single paragraph consisting of exactly three sentences. Do NOT create line breaks between sentences.
2. The first sentence must start with "Issue Summary:" and describe the vulnerabilities or weaknesses identified. Focus on instruction hierarchy, prompt boundaries, input validation, and intent handling.
- If the input contains exactly one probe, describe it as a single issue and do NOT use plural terms such as ‚Äúmultiple‚Äù, ‚Äúseveral‚Äù, ‚Äúvarious‚Äù, or ‚Äúprobing activities‚Äù.
- If the input contains more than one probe, you may describe them collectively using plural terms.
3. The second sentence must start with "Risk Level:" and include a clear risk level (Low, Medium, or High) along with a brief explanation based on severity, overall impact, and potential for exploitation.
4. The third sentence must start with "Remediation Recommendation:" and provide a single generic remediation action. Do NOT reference specific probes, numeric pass rates, or technical outcomes. Focus on general best practices such as input validation, prompt integrity, and monitoring.
5. Use a neutral, formal, technical tone.
6. Do NOT include explanations, justifications, or commentary about how the summary was created.
7. If the input contains exactly one probe, describe it as a single issue and do NOT use plural terms such as ‚Äúmultiple‚Äù, ‚Äúseveral‚Äù, ‚Äúvarious‚Äù, or ‚Äúprobing activities‚Äù. 
8. If the input contains more than one probe, you MAY describe them collectively using plural term

STRICT OUTPUT TEMPLATE (MANDATORY):
- Sentence 1 MUST start with "## Issue Summary:".
- Sentence 2 MUST start with "### Risk Level:".
- Sentence 3 MUST start with "### Remediation Recommendation:".

Example inputs and summaries:

Example Input 1:
A single DAN-style jailbreak probe was executed. The probe bypassed instruction constraints and partially evaded content validation.
Example Summary 1:
"## Issue Summary: One DAN-style jailbreak instruction manipulation probe exposed weaknesses in instruction hierarchy and input validation, creating potential misuse pathways. 
### Risk Level: High due to significant impact on instruction enforcement and content safety. 
### Remediation Recommendation: Strengthen input validation, enforce secure prompt boundaries, and monitor model outputs for anomalous behavior."

Example Input 2:
Three probes were evaluated, including an injection-based prompt manipulation, a latent translation injection, and an encoding-based payload test. Multiple probes partially bypassed restrictions and altered intended model behavior.
Example Summary 2:
"## Issue Summary: Injection, latent manipulation, and encoding-oriented probes highlighted flaws in prompt boundaries and intent management, increasing the likelihood of unintended exploitation. 
### Risk Level: High because multiple vectors could be used to bypass model restrictions. 
### Remediation Recommendation: Implement strict input sanitization, enforce hierarchical control checks, and validate input handling across prompts."

Example Input 3:
Five probes were executed, covering dependency hallucination, payload obfuscation, text reconstruction leakage, toxicity boundary testing, and instruction chaining. Several probes caused unintended content disclosure or instruction bypass.
Example Summary 3:
"## Issue Summary: Cloze leakage, hallucination, and injection-style probes revealed deficiencies in instruction sequencing, input validation, and prompt integrity, posing substantial risk to system reliability. 
### Risk Level: High due to multiple, high-impact vulnerabilities affecting model behavior. 
### Remediation Recommendation: Apply robust input validation, enforce prompt integrity controls, and continuously monitor model behavior for anomalies."


- If the input has exactly one probe, Sentence 1 MUST be singular and refer to a single issue.
- If the input has more than one probe, Sentence 1 MAY be plural and refer to multiple issues collectively.
- Do not modify prefixes or sentence count under any circumstance.
"""},
        {"role": "user", "content": f"""Here is the penetration test summary:\n{testprobe}"""}

]

# Tokenize with attention mask
inputs = tokenizer.apply_chat_template(
    messages,
    tokenize=True,
    add_generation_prompt=True,
    return_tensors="pt",
)

# Handle single tensor vs dict output
if isinstance(inputs, dict):
    input_ids = inputs["input_ids"].to("cuda")
    attention_mask = inputs["attention_mask"].to("cuda")
else:
    input_ids = inputs.to("cuda")
    attention_mask = None

# Set up streamer for live output
text_streamer = TextStreamer(tokenizer, skip_prompt=True)

# Generate output
_ = model.generate(
    input_ids=input_ids,
    attention_mask=attention_mask,  # pass to avoid unexpected behavior
    max_new_tokens=2500,
    use_cache=True,
    streamer=text_streamer,
    do_sample=False,       # greedy decoding
    temperature=0.0        # fully deterministic
)


<a name="Save"></a>
### Saving, loading finetuned models
To save the final model as LoRA adapters, either use Huggingface's `push_to_hub` for an online save or `save_pretrained` for a local save.

**[NOTE]** This ONLY saves the LoRA adapters, and not the full model. To save to 16bit or GGUF, scroll down!

In [None]:
model.save_pretrained("lora_model")  # Local saving
tokenizer.save_pretrained("lora_model")
# model.push_to_hub("your_name/lora_model", token = "...") # Online saving
# tokenizer.push_to_hub("your_name/lora_model", token = "...") # Online saving

Now if you want to load the LoRA adapters we just saved for inference, set `False` to `True`:

In [None]:
if False:
    from unsloth import FastLanguageModel
    model, tokenizer = FastLanguageModel.from_pretrained(
        model_name = "lora_model", # YOUR MODEL YOU USED FOR TRAINING
        max_seq_length = max_seq_length,
        dtype = dtype,
        load_in_4bit = load_in_4bit,
    )
    FastLanguageModel.for_inference(model) # Enable native 2x faster inference

messages = [
    {"from": "human", "value": "What is a famous tall tower in Paris?"},
]
inputs = tokenizer.apply_chat_template(
    messages,
    tokenize = True,
    add_generation_prompt = True, # Must add for generation
    return_tensors = "pt",
).to("cuda")

from transformers import TextStreamer
text_streamer = TextStreamer(tokenizer, skip_prompt = True)
_ = model.generate(input_ids = inputs, streamer = text_streamer, max_new_tokens = 128, use_cache = True)

You can also use Hugging Face's `AutoModelForPeftCausalLM`. Only use this if you do not have `unsloth` installed. It can be hopelessly slow, since `4bit` model downloading is not supported, and Unsloth's **inference is 2x faster**.

In [None]:
if False:
    # I highly do NOT suggest - use Unsloth if possible
    from peft import AutoPeftModelForCausalLM
    from transformers import AutoTokenizer

    model = AutoPeftModelForCausalLM.from_pretrained(
        "lora_model",  # YOUR MODEL YOU USED FOR TRAINING
        load_in_4bit=load_in_4bit,
    )
    tokenizer = AutoTokenizer.from_pretrained("lora_model")

### Saving to float16 for VLLM

We also support saving to `float16` directly. Select `merged_16bit` for float16 or `merged_4bit` for int4. We also allow `lora` adapters as a fallback. Use `push_to_hub_merged` to upload to your Hugging Face account! You can go to https://huggingface.co/settings/tokens for your personal tokens.

In [None]:
# Merge to 16bit
if False: model.save_pretrained_merged("model", tokenizer, save_method = "merged_16bit",)
if False: model.push_to_hub_merged("hf/model", tokenizer, save_method = "merged_16bit", token = "")

# Merge to 4bit
if False: model.save_pretrained_merged("model", tokenizer, save_method = "merged_4bit",)
if False: model.push_to_hub_merged("hf/model", tokenizer, save_method = "merged_4bit", token = "")

# Just LoRA adapters
if False:
    model.save_pretrained("model")
    tokenizer.save_pretrained("model")
if False:
    model.push_to_hub("hf/model", token = "")
    tokenizer.push_to_hub("hf/model", token = "")


### GGUF / llama.cpp Conversion
To save to `GGUF` / `llama.cpp`, we support it natively now! We clone `llama.cpp` and we default save it to `q8_0`. We allow all methods like `q4_k_m`. Use `save_pretrained_gguf` for local saving and `push_to_hub_gguf` for uploading to HF.

Some supported quant methods (full list on our [Wiki page](https://github.com/unslothai/unsloth/wiki#gguf-quantization-options)):
* `q8_0` - Fast conversion. High resource use, but generally acceptable.
* `q4_k_m` - Recommended. Uses Q6_K for half of the attention.wv and feed_forward.w2 tensors, else Q4_K.
* `q5_k_m` - Recommended. Uses Q6_K for half of the attention.wv and feed_forward.w2 tensors, else Q5_K.

[**NEW**] To finetune and auto export to Ollama, try our [Ollama notebook](https://colab.research.google.com/github/unslothai/notebooks/blob/main/nb/Llama3_(8B)-Ollama.ipynb)

In [None]:
# Save to 8bit Q8_0
if False: model.save_pretrained_gguf("model", tokenizer,)
# Remember to go to https://huggingface.co/settings/tokens for a token!
# And change hf to your username!
if False: model.push_to_hub_gguf("hf/model", tokenizer, token = "")

# Save to 16bit GGUF
if False: model.save_pretrained_gguf("model", tokenizer, quantization_method = "f16")
if False: model.push_to_hub_gguf("hf/model", tokenizer, quantization_method = "f16", token = "")

# Save to q4_k_m GGUF
if False: model.save_pretrained_gguf("model", tokenizer, quantization_method = "q4_k_m")
if False: model.push_to_hub_gguf("hf/model", tokenizer, quantization_method = "q4_k_m", token = "")

# Save to multiple GGUF options - much faster if you want multiple!
if False:
    model.push_to_hub_gguf(
        "hf/model", # Change hf to your username!
        tokenizer,
        quantization_method = ["q4_k_m", "q8_0", "q5_k_m",],
        token = "", # Get a token at https://huggingface.co/settings/tokens
    )

Now, use the `model-unsloth.gguf` file or `model-unsloth-Q4_K_M.gguf` file in llama.cpp.

And we're done! If you have any questions on Unsloth, we have a [Discord](https://discord.gg/unsloth) channel! If you find any bugs or want to keep updated with the latest LLM stuff, or need help, join projects etc, feel free to join our Discord!

Some other links:
1. Train your own reasoning model - Llama GRPO notebook [Free Colab](https://colab.research.google.com/github/unslothai/notebooks/blob/main/nb/Llama3.1_(8B)-GRPO.ipynb)
2. Saving finetunes to Ollama. [Free notebook](https://colab.research.google.com/github/unslothai/notebooks/blob/main/nb/Llama3_(8B)-Ollama.ipynb)
3. Llama 3.2 Vision finetuning - Radiography use case. [Free Colab](https://colab.research.google.com/github/unslothai/notebooks/blob/main/nb/Llama3.2_(11B)-Vision.ipynb)
6. See notebooks for DPO, ORPO, Continued pretraining, conversational finetuning and more on our [documentation](https://docs.unsloth.ai/get-started/unsloth-notebooks)!

<div class="align-center">
  <a href="https://unsloth.ai"><img src="https://github.com/unslothai/unsloth/raw/main/images/unsloth%20new%20logo.png" width="115"></a>
  <a href="https://discord.gg/unsloth"><img src="https://github.com/unslothai/unsloth/raw/main/images/Discord.png" width="145"></a>
  <a href="https://docs.unsloth.ai/"><img src="https://github.com/unslothai/unsloth/blob/main/images/documentation%20green%20button.png?raw=true" width="125"></a>

  Join Discord if you need help + ‚≠êÔ∏è <i>Star us on <a href="https://github.com/unslothai/unsloth">Github</a> </i> ‚≠êÔ∏è

  This notebook and all Unsloth notebooks are licensed [LGPL-3.0](https://github.com/unslothai/notebooks?tab=LGPL-3.0-1-ov-file#readme).
</div>
