VectraYX-Nano: A Compact Spanish LLM for Cybersecurity

In the rapidly evolving landscape of Large Language Models (LLMs), VectraYX-Nano emerges as a model with approximately 42 million parameters (41.95M to be precise), specifically designed for the cybersecurity domain. This decoder-only LLM has been trained from scratch in Spanish, with a particular focus on Latin American linguistic nuances, and stands out for its ability to natively invoke external tools via the Model Context Protocol (MCP).

The creation of specialized and compact models like VectraYX-Nano addresses a growing need in the industry: to have efficient AI solutions, tailored to specific domains and languages, that can be deployed in resource-constrained environments or where data sovereignty is a top priority. Its compact architecture and specialization make it an attractive candidate for on-premise or edge deployment scenarios, where larger, general-purpose models are often impractical due to hardware and latency requirements.

Technical Details and Training Process

VectraYX-Nano's training was based on a proprietary corpus called VectraYX-Sec-ES, consisting of 170 million Spanish tokens. This corpus was structured into several phases: 42 million conversational tokens (from OpenSubtitles-ES and OASST1), 118 million cybersecurity-specific tokens (from NVD, Wikipedia-ES, CVE mirror, and security blogs), and 10 million tokens dedicated to offensive security tooling (from ExploitDB, HackTricks, OWASP). Notably, the creation of this corpus was achieved at an estimated cost of approximately $25 USD, utilizing an eight-VM pipeline, highlighting an efficient approach to data collection.

The model's architecture includes a Transformer decoder with advanced features such as GQA (Grouped Query Attention), QK-Norm, RMSNorm, SwiGLU, RoPE (Rotary Positional Embeddings), and z-loss, along with a 16,384-token byte-fallback BPE (Byte-Pair Encoding). The training process employed a curriculum with replay and continual pre-training, which led to a monotonic loss descent. After Supervised Fine-Tuning (SFT) on datasets like OASST-ES, Alpaca-ES, CVE Q&A, and 6,327 tool-use traces, the model achieved a conversational gate of 0.78+-0.05. Specific studies also revealed that tool selection capability is not limited by model capacity but by the density of the training corpus.

Implications for On-Premise Deployment and Data Sovereignty

One of the most relevant aspects of VectraYX-Nano for IT professionals and technical decision-makers is its suitability for on-premise deployment. The model is released as an 81 MB (F16) GGUF artifact, a format optimized for efficient execution on commodity hardware via frameworks like llama.cpp. This feature allows for sub-second response times (Time To First Token - TTFT) even on non-specialized infrastructure, making it accessible to a wide range of organizations.

For companies operating in sensitive sectors such as cybersecurity, finance, or public administration, the ability to keep LLM workloads within their own infrastructure boundaries is crucial. On-premise deployment of models like VectraYX-Nano ensures full data sovereignty, regulatory compliance (e.g., GDPR), and the ability to operate in air-gapped environments, reducing the risks associated with exposing sensitive information to external cloud services. This approach offers granular control over the entire AI pipeline, from data management to inference, a decisive factor for security and compliance.

Future Prospects and Availability

VectraYX-Nano is presented as the first native Spanish cybersecurity LLM with end-to-end Model Context Protocol (MCP) integration, marking a significant step in the development of specialized models. The development team has made available the corpus recipe, training scripts, GGUF weights, and B1-B5 benchmarks, promoting transparency and reproducibility. This openness facilitates adoption and further development by the community, allowing other organizations to leverage or improve the model for their specific needs.

The availability of such a targeted and optimized LLM for local execution opens new opportunities for companies looking to implement advanced AI solutions in cybersecurity without relying on external cloud infrastructures. For those evaluating on-premise deployments, AI-RADAR offers analytical frameworks on /llm-onpremise to assess trade-offs between costs, performance, and security requirements, providing useful tools for informed decisions. VectraYX-Nano demonstrates how specialization and efficiency can converge to offer powerful and controllable AI solutions.