DeepSeek-V4-Fable: Offensive Security Model Trained on 80,000 CTF Trajectories Achieves 58.7% Solve Rate

Chunjiang Intelligence has released DeepSeek-V4-Fable, an autonomous agent model engineered specifically for offensive security research and penetration testing. The model, according to the company, is a distilled variant of Claude-5-Fable built on top of DeepSeek-V4-Flash.

Training and Architecture

DeepSeek-V4-Fable was trained on SecDojo-80K, a proprietary dataset comprising 80,000 verified Capture The Flag (CTF) trajectories across five security domains:

• Web Security: 28,500 trajectories (71.4% teacher solve rate)
• Binary Exploitation (Pwn): 15,200 trajectories (38.9% teacher solve rate)
• Reverse Engineering: 18,400 trajectories (46.2% teacher solve rate)
• Cryptography: 11,300 trajectories (63.0% teacher solve rate)
• Miscellaneous: 6,600 trajectories (74.8% teacher solve rate)

The training utilized LoRA fine-tuning with rank 64 and alpha 128, modifying only 0.94 billion parameters (0.33% of the base model). Training occurred in two phases: rejection-sampled supervised fine-tuning over three epochs, followed by Group Relative Policy Optimization (GRPO) with on-policy reinforcement learning against programmatic sandbox rewards.

Benchmark Performance

On 300 held-out CTF challenges, the model achieved:

• Overall solve rate: 58.7% (within 40 turns)
• Web Security: 63.8%
• Binary Exploitation: 44.5%
• Reverse Engineering: 51.2%
• Cryptography: 68.9%
• Mean turns-to-flag: 13.4 turns

The base DeepSeek-V4-Flash model achieved only 13.5% overall before fine-tuning. GRPO training delivered the largest gains on exploration-heavy tasks, adding 25.8 points on binary exploitation and 26.9 points on reverse engineering compared to supervised fine-tuning alone.

Technical Details

The model processes contexts up to 96,000 tokens with an average p95 context size of 61,300 tokens across training trajectories. Training infrastructure used a Read-Only Parameter Streaming (ROPS) mechanism to optimize ZeRO-3 CPU offloading, reducing PCIe bottlenecks.

Pricing information has not been disclosed.

Use Restrictions

Chunjiang Intelligence explicitly prohibits using DeepSeek-V4-Fable to access, scan, or exploit systems without documented authorization. The company states the model is intended exclusively for defensive security research, authorized penetration testing, and CTF competitions in controlled environments.

The release documentation warns that the model can autonomously chain reconnaissance, exploitation, and verification steps, and that "cheap, parallelizable execution may elevate the aggregate risk of otherwise low-severity vulnerabilities."

What This Means

This represents the first publicly documented model explicitly trained for autonomous offensive security operations using reinforcement learning on real CTF challenges. The 58.7% solve rate and ability to complete challenges in an average of 13.4 turns demonstrates meaningful autonomous capability in security domains. However, the model's domain-specific training on CTF challenges—which differ from real-world production systems—means its practical effectiveness outside controlled environments remains unclear. The explicit prohibition on unauthorized use and technical limitations disclosed by the authors suggest awareness of dual-use risks, though the public release itself may lower barriers to adversarial applications regardless of stated intent.