SYLink AI — Elite Cybersecurity AI
The new generation of cybersecurity-specialised AI by SYLink Technologie. A family of language models in three sizes, from edge deployment to dedicated server.
Overview
SYLink AI is a family of cybersecurity-specialised language models developed by SYLink Technologie. Available in three sizes to fit any deployment — from edge device to dedicated server — with structured reasoning, bilingual French / English, and trained on NATO / Armed Forces, MITRE ATT&CK, NIS2 and GDPR frameworks.
Three models, one family — from an analyst's laptop to a dedicated GPU cluster.
Model variants
- Edge & Laptop Deployment
sylinkai:9b
- Parameters
- 9.6B (dense)
- Architecture
- Qwen3.5 Hybrid Attention
- Size (GGUF)
- 6.1 GB (Q5_K_M)
- Minimum RAM
- 8+ GB RAM
ollama run sylink/sylinkai:9b - Production & Benchmark-Grade
sylinkai:27b
- Parameters
- 27B (dense)
- Architecture
- Qwen3.5 Hybrid Attention
- Size (GGUF)
- 18 GB (Q5_K_M)
- Minimum RAM
- 32+ GB RAM
ollama run sylink/sylinkai:27b - Server-Grade MoE
sylinkai:80b
- Parameters
- 80B (MoE, ~3B active)
- Architecture
- Qwen3 MoE (512 experts)
- Size (GGUF)
- 48 GB (Q4_K_M)
- Minimum RAM
- 64+ GB RAM
ollama run sylink/sylinkai:80b
Architecture details
MoE routing of sylinkai:80b: each token is routed through 10 specialised experts out of 512, plus 1 shared expert.
sylinkai:80b — Server-Grade MoE
Mixture-of-Experts architecture: only ~3B of the 80B parameters active per token. Routes to the 10 most relevant experts (out of 512), plus 1 shared expert.
| Total Parameters | 80B |
| Active Parameters per Token | ~3B |
| Layers | 48 |
| Hidden Size | 2,048 |
| Attention Heads | 16 (Q) / 2 (KV), GQA 8:1 |
| Total Experts | 512 |
| Active Experts | 10 routed + 1 shared |
| Attention Type | Hybrid (Gated DeltaNet + Gated Attention) |
| Native Context | 262K tokens |
| Quantization | Q4_K_M |
sylinkai:27b — Production & Benchmark-Grade
Dense 27B model for deep analysis and production. The flagship of the dense family, with the best reasoning quality for audit reports, forensic and benchmarks.
| Parameters | 27B (dense) |
| Layers | 64 |
| Hidden Size | 5,120 |
| Attention Heads | 24 (Q) / 4 (KV), GQA 6:1 |
| Head Dimension | 256 |
| Attention Type | Hybrid (Linear + Full) |
| Native Context | 262K tokens |
| Vocabulary | 248,320 |
| Available Quantizations | Q4_K_M (16 GB), Q5_K_M (18 GB), Q8_0 (27 GB) |
sylinkai:9b — Edge & Laptop Deployment
Dense transformer with hybrid attention (linear + full), fine-tuned in two stages on 85,000 cybersecurity samples. Runs on consumer hardware from 8 GB of RAM.
| Parameters | 9.6B (dense) |
| Layers | 32 |
| Hidden Size | 4,096 |
| Attention Heads | 16 (Q) / 4 (KV), GQA 4:1 |
| Head Dimension | 256 |
| Attention Type | Hybrid (3 Linear + 1 Full, repeating) |
| Native Context | 262K tokens |
| Vocabulary | 248,320 |
| Available Quantizations | Q4_K_M (5.3 GB), Q5_K_M (6.1 GB), Q8_0 (8.9 GB) |
Training
9B & 27B — Two-stage cybersecurity fine-tuning
The 9B and 27B models are fine-tuned from Qwen3.5-Claude-4.6-Opus-Reasoning-Distilled bases using a two-stage approach:
Injects cybersecurity knowledge: CVE, MITRE ATT&CK, compliance frameworks, SOC operations, pentest methodology. Learning rate 2e-5 to absorb knowledge quickly.
Refines structured reasoning on real-world cyber problems. Learning rate 1e-5 for cautious fine-tuning that preserves acquired knowledge.
| Property | 9B | 27B |
|---|---|---|
| Base Model | Qwen3.5-9B-Opus-Distilled | Qwen3.5-27B-Opus-Distilled |
| Training Samples | 85,000 | 85,000 |
| Stage 1 Final Loss | 0.085 | 0.107 |
| Stage 2 Final Loss | 0.050 | 0.042 |
| Infrastructure | NVIDIA DGX Spark (GB10) | NVIDIA DGX Spark (GB10) |
The 27B reaches the lowest final loss in the family (0.042) — it is the dense model with the best performance on benchmarked cyber tasks.
80B — LoRA Cybersecurity Fine-Tuning
| Method | LoRA (r=32, alpha=64) |
| Training Samples | 72,745 cybersecurity records |
| MITRE References | 83,294 technique mappings |
| Epochs | 2 |
Training data categories
All dense models (9B, 27B) are trained on a curated cybersecurity corpus:
| Category | Samples | Coverage |
|---|---|---|
Threat Intelligence MITRE ATT&CK, APT, IOC | 20,472 | CTI analysis, technique mapping, APT profiling |
Vulnerability Analysis CVE, CVSS, CWE | 18,420 | CVE triage, risk assessment, remediation |
Compliance & Governance NIS2, GDPR, ISO 27001 | 15,794 | Framework implementation, audit support |
French cybersecurity NATO / Armed Forces, CERT-FR | 13,753 | French-language reports, NATO / Armed Forces guides |
Network Security Firewall, IDS/IPS, NDR | 7,008 | Firewall, IDS/IPS, network forensics |
SOC Operations Triage, IR, SIEM | 3,529 | Alert triage, incident management, SIEM |
Pentest & Red Team Methodology, reporting | 1,774 | Methodology, reporting, findings |
Use cases
SYLink AI integrates into the daily life of cyber teams: SOC, SYLink Box edge, ISO 27001 / NIS2 audit, NATO / Armed Forces / CERT-FR compliance.
Capabilities
Threat Intelligence & Analysis
- MITRE ATT&CK mapping across 14 tactics and 200+ techniques
- APT analysis and attribution
- IOC correlation and analysis
- Zero-day and emerging threat assessment
Incident Response
- Full IR cycle aligned with NIST CSF
- Multi-stage attack reconstruction
- Memory / disk / network forensics
- Triage, containment, eradication strategies
Vulnerability Management
- CVE analysis with CVSS interpretation
- Patch prioritisation by real risk
- Attack Surface Management
- Pentest / red team methodology
Compliance & Governance
- NIST 800-53, ISO 27001, CIS, NIS2, GDPR
- SOC 2, PCI-DSS, HIPAA, GDPR
- Programme maturity assessment
- Audit support and gap analysis
Detection Engineering
- Sigma / YARA / Suricata rule creation
- SIEM query optimisation
- Hypothesis-driven threat hunting
- Log analysis and anomaly detection
French cybersecurity
- NATO / Armed Forces recommendations and guides
- CERT-FR advisory analysis
- NIS2, GDPR, LPM compliance
- Native French cyber terminology
Usage
# Edge / laptop (8+ GB RAM)
ollama run sylink/sylinkai:9b
# Production / benchmark (32+ GB RAM)
ollama run sylink/sylinkai:27b
# Flagship server (64+ GB RAM)
ollama run sylink/sylinkai:80bExample prompts
- Threat Analysis
Analyze this suspicious PowerShell command: powershell.exe -enc ZQBjAGgAbwAgACcAdABlAHMAdAAnAA==
- APT Investigation
We found Cobalt Strike beacons communicating with C2 infrastructure linked to APT29. Reconstruct the likely attack chain and map it to MITRE ATT&CK.
- Incident Response
We detected lateral movement from a compromised workstation using PsExec. What containment steps should we take?
- Vulnerability Assessment
How should we prioritize patching CVE-2024-3400 in our Palo Alto firewalls?
- Detection Engineering
Write a Sigma rule to detect credential dumping via LSASS memory access
- Compliance (French)
Quelles sont les obligations de notification d'incident sous NIS2 pour un OES en France ?
- NATO / Armed Forces Guidance
Summarise the NATO / Armed Forces PA-022 recommendations for hardening a Linux server
Response format
SYLink AI systematically structures its answers to make them easy to read for analysts:
- Analysis — detailed findings with MITRE ATT&CK mapping when relevant
- Recommendations — actionable steps prioritised by urgency
- Context — confidence level and relevant references (CVE, NATO / Armed Forces, MITRE)
The model adapts the depth of its answer to the complexity of the question — simple questions get concise answers.
Parameters
| Parameter | 9B | 27B | 80B | Description |
|---|---|---|---|---|
| temperature | 0.6 | 0.3 | 0.6 | Lower = more factual (27B tuned for precision) |
| top_p | 0.9 | 0.9 | 0.95 | Token sampling width |
| top_k | 40 | 40 | 20 | Selection concentration |
| repeat_penalty | 1.05 | 1.1 | 1.0 | Repetition control |
| num_ctx | 4,096 | 8,192 | 32,768 | Context window |
| num_predict | 4,096 | 4,096 | 16,384 | Maximum generation length |
The 27B ships with stricter defaults (lower temperature, reinforced anti-hallucination system prompt) tuned specifically for benchmark precision and production audits.
Choose the right model
| Use case | Recommended model |
|---|---|
| Edge (SYLink Box, laptop, NUC) | sylinkai:9b |
| Real-time SOC triage | sylinkai:9b |
| Benchmarked tasks (CyberMetric, CTI-Bench) | sylinkai:27b |
| Production audit reports and compliance | sylinkai:27b or sylinkai:80b |
| Deep forensic and APT investigation | sylinkai:27b or sylinkai:80b |
| French-language cyber operations | sylinkai:9b or sylinkai:27b |
| Constrained environment (8 GB RAM) | sylinkai:9b |
| Maximum expertise coverage | sylinkai:80b |
Ethical guidelines
SYLink AI is designed for defensive cybersecurity only:
- Provides protection, detection and response advice
- Refuses requests to develop exploits or malware
- Encourages responsible disclosure practices
- Insists on legal compliance and authorised testing
- Supports privacy-respecting security practices
- Defers to human analysts for high-impact operational decisions
Deploy SYLink AI in your SOC?
Operational demo, on-premise or sovereign cloud integration, support by our French analysts.