Most public security content focuses on exploits; this dataset takes the opposite approach: it supplies high‑quality, defensive chat triples engineered for safe, alignment‑aware instruction‑tuning of LLMs used in security contexts. The dataset emphasizes mitigations, detection, and refusal behavior rather than step‑by‑step exploit construction, making it suitable for training models to give practitioner‑level defensive guidance while rejecting malicious or dual‑use requests.
What Sets It Apart
- Scope and scale: ~99,870 JSONL rows of system/user/assistant triples covering AppSec (OWASP), MITRE ATT&CK, NIST CSF, CIS Controls, cloud (AWS/Azure/GCP), DevSecOps, IAM, modern auth (OAuth2/OIDC/SAML), TLS/crypto, and AI‑security interplay. This size supports instruction‑tuning at production scale without assembling disparate sources.
- Safe‑by‑design data engineering: multiple automated and manual quality gates (deduplication, PII/profanity scrubbing, hallucination scans) plus adversarial refusal tests and static policy linting to reduce leakage of exploit construction steps. Records include explicit refusal patterns and safer alternatives when topics are dual‑use.
- Standards mapping & practitioner framing: entries are framed at a senior security engineer level and mapped to recognizable frameworks (OWASP/MITRE/NIST/CIS), which helps models produce responses that cite controls, tradeoffs, and operational actions rather than abstract statements.
- Production‑friendly format and license: distributed as JSONL chat triples with stable row IDs and an Apache‑2.0 license, easing commercial use and reproducible training pipelines.
Who It's For and Tradeoffs
Great fit if you need a defensively curated instruction‑tuning corpus to align an LLM for security guidance, SIEM/IR explanation, or secure‑coding assistants that must refuse exploit requests. It accelerates building models that can explain mitigations, generate checklists, and map findings to standards.
Look elsewhere if you need red‑team exploit corpora, multilingual coverage (this is English‑only), or raw telemetry/attack traces for detection model training — Fenrir intentionally omits step‑by‑step offensive instructions and focuses on explanation, mitigation, and safe refusals. Also, security guidance ages; plan periodic refreshes and supplement with the latest vendor/standards docs for cutting‑edge attacks.