Update README.md

README.md

@@ -49,100 +49,72 @@ Model responses were scored using a combination of automated evaluation by a hig
 
 ## Benchmark Results - August 2025
 
-### Logic Category Comparison
-
-| Model               | Accuracy (%) |
-| :------------------ | :----------- |
-| `gemini-2.5-pro`    | 93.60        |
-| `deepthink-r1`      | 89.63        |
-| `gpt-5`             | 83.23        |
-| `deepseek-r1`       | 82.92        |
-| `gpt-oss-120b`      | 80.49        |
-| `gpt-oss-20b`       | 79.27        |
-| `cdx1-pro-mlx-8bit` | 73.17        |
-| `o4-mini-high`      | 67.99        |
-| `qwen3-coder-480B`  | 48.48        |
-| `cdx1-mlx-8bit`     | 46.04        |
+### Key Takeaways
 
+- **The benchmarks highlight model specialization.** The "non-thinking" **cdx1 models** perform as expected: they struggle with logic-based problem-solving but excel at retrieving specific factual information about standards like CycloneDX, outperforming several general-purpose "thinking" models in that area.
+- There are **striking performance failures** in the Spec category. Models like **Deepthink-r1**, **GPT-OSS-20b**, and **O4-mini-high** perform well on logic but fail completely at recalling specific standards, indicating a lack of specialized training data for this domain.
 
-This table compares the accuracy of **ten** different AI models on a logic benchmark designed to assess reasoning and problem-solving skills. The results highlight a clear hierarchy of performance, with the newly added `gpt-5` debuting as a top-tier model.
+### Logic Category Comparison
 
-**Key Findings from the Chart:**
+This category tests thinking and problem-solving.
 
-- **Dominant Leader:** `gemini-2.5-pro` is the undisputed leader, achieving the highest accuracy of **93.6%**, placing it in a class of its own.
-- **Top-Tier Competitors:** A strong group of models follows, led by `deepthink-r1` at **89.63%**. The newly introduced **`gpt-5`** makes a powerful debut, securing the third-place spot with **83.23%** accuracy. It slightly outperforms `deepseek-r1` (82.92%) and `gpt-oss-120b` (80.49%).
+- **Top Performers:** **Gemini-2.5-pro** leads with **93.60%** accuracy, followed by other strong "thinking" models like **Deepthink-r1** (89.63%), **GPT-5** (83.23%), and **Deepseek-r1** (82.92%).
+- **Non-Thinking Models:** As predicted by the category description, the `cdx1` models show lower performance, with scores ranging from **46.04% to 73.17%**, confirming their struggle with tasks requiring reasoning.
 - **Strong Mid-Tier:** The `gpt-oss-20b` model performs impressively well for its size at **79.27%**, outscoring several larger models and leading the middle pack, which also includes `cdx1-pro-mlx-8bit` (73.17%) and `o4-mini-high` (67.99%).
-- **Lower Performers:** `qwen3-coder-480B` (48.48%) and `cdx1-mlx-8bit` (46.04%) score the lowest. It is noted that the score for `cdx1-mlx-8bit` is artificially low due to context length limitations, which caused it to miss questions.
-- **Efficiency and Performance:** The results from the `gpt-oss` models, particularly the 20B variant, demonstrate that highly optimized, smaller models can be very competitive on logic tasks.
-
-### Performance Tiers
-
-The models can be grouped into four clear performance tiers:
-
-- **Elite Tier (>90%):**
-  - `gemini-2.5-pro` (93.6%)
-- **High-Performing Tier (80%-90%):**
-  - `deepthink-r1` (89.63%)
-  - `gpt-5` (83.23%)
-  - `deepseek-r1` (82.92%)
-  - `gpt-oss-120b` (80.49%)
-- **Mid-Tier (65%-80%):**
-  - `gpt-oss-20b` (79.27%)
-  - `cdx1-pro-mlx-8bit` (73.17%)
-  - `o4-mini-high` (67.99%)
-- **Lower Tier (<50%):**
-  - `qwen3-coder-480B` (48.48%)
-  - `cdx1-mlx-8bit` (46.04%)
-
-### Spec Category Comparison
-
-| Model               | Accuracy (%) |
-| :------------------ | :----------- |
-| `gemini-2.5-pro`    | 100.00       |
-| `deepseek-r1`       | 98.58        |
-| `cdx1-pro-mlx-8bit` | 98.30        |
-| `gpt-5`             | 95.17        |
-| `qwen3-coder-480B`  | 90.34        |
-| `gpt-oss-120b`      | 89.20        |
-| `cdx1-mlx-8bit`     | 83.52        |
-| `deepthink-r1`      | 12.36        |
-| `gpt-oss-20b`       | 9.09         |
-| `o4-mini-high`      | 0.00         |
-
+- **Lower Performers:** `qwen3-coder-480B` (48.48%) scored the lowest.
+
+| Model              | Accuracy (%) |
+| :----------------- | :----------- |
+| gemini-2.5-pro     | 93.60        |
+| deepthink-r1       | 89.63        |
+| gpt-5              | 83.23        |
+| deepseek-r1        | 82.92        |
+| gpt-oss-120b       | 80.49        |
+| gpt-oss-20b        | 79.27        |
+| cdx1-pro-mlx-8bit  | 73.17        |
+| cdx1-mlx-8bit      | 70.12        |
+| cdx1-mini-mlx-8bit | 68.29        |
+| o4-mini-high       | 67.99        |
+| qwen3-coder-480B   | 48.48        |
 
-This table evaluates **ten** AI models on the "Spec Category," a test of factual recall on 352 technical specification questions. The results starkly illustrate that a model's reliability and cooperative behavior are as crucial as its underlying knowledge. Several models, including the newly added `gpt-5`, achieved high scores only after overcoming significant behavioral hurdles.
 
-**Key Findings from the Chart:**
+### Spec Category Comparison
 
-- **Elite Factual Recall:** A top tier of models demonstrated near-perfect knowledge retrieval. **`gemini-2.5-pro`** led with a perfect **100%** score and superior answer depth. It was closely followed by **`deepseek-r1`** (98.58%) and **`cdx1-pro-mlx-8bit`** (98.3%).
+This category tests direct knowledge of specifications like CycloneDX and SPDX.
 
-- **High Score with Major Caveats (`gpt-5`):** The newly added **`gpt-5`** achieved a high accuracy of **95.17%**, placing it among the top performers. However, this result required a significant compromise:
+- **Flawless and Near-Perfect Recall:** **Gemini-2.5-pro** achieves a perfect **100%** score. **Deepseek-r1** is a close second at **98.58%**.
+- **Specialized Models Excel:** The "non-thinking" **cdx1-pro (98.30%)** and **cdx1-mini (97.16%)** models demonstrate excellent performance, confirming their strength in specialized knowledge retrieval and even outperforming GPT-5.
+- **High Score with Major Caveats (`gpt-5`):** **`gpt-5`** achieved a high accuracy of **95.17%**, placing it among the top performers. However, this result required a significant compromise:
   - The model initially refused to answer the full set of questions, only offering to respond in small batches that required six separate user confirmations. This compromise was accepted to prevent an outright failure.
   - A related variant, `gpt-5-thinking`, refused the test entirely after a minute of processing.
-
 - **Complete Behavioral Failures:** Three models effectively failed the test not due to a lack of knowledge, but because they refused to cooperate:
   - **`o4-mini-high`** scored **0%** after refusing to answer, citing too many questions.
   - **`deepthink-r1`** (12.36%) and **`gpt-oss-20b`** (9.09%) also failed, answering only a small fraction of the questions without acknowledging the limitation.
 
-- **Strong Mid-Tier Performers:** `qwen3-coder-480B` (90.34%) and `gpt-oss-120b` (89.2%) both demonstrated strong and reliable factual recall without the behavioral issues seen elsewhere.
-
-- **Impact of Scale and Systematic Errors:** The contrast between the two `cdx1` models is revealing. The larger `cdx1-pro-mlx-8bit` (98.3%) performed exceptionally well, while the smaller `cdx1-mlx-8bit` (83.52%) was hampered by a single systematic error (misunderstanding "CBOM"), which cascaded into multiple wrong answers.
+| Model              | Accuracy (%) |
+| :----------------- | :----------- |
+| gemini-2.5-pro     | 100.00       |
+| deepseek-r1        | 98.58        |
+| cdx1-pro-mlx-8bit  | 98.30        |
+| cdx1-mini-mlx-8bit | 97.16        |
+| gpt-5              | 95.17        |
+| qwen3-coder-480B   | 90.34        |
+| gpt-oss-120b       | 89.20        |
+| cdx1-mlx-8bit      | 83.52        |
+| deepthink-r1       | 12.36        |
+| gpt-oss-20b        | 9.09         |
+| o4-mini-high       | 0.00         |
 
-### Summary of Key Themes
-
-1.  **Reliability is Paramount:** This test's most important finding is that knowledge is useless if a model is unwilling or unable to share it. The failures of `o4-mini-high`, `deepthink-r1`, `gpt-oss-20b`, and the behavioral friction from `gpt-5` highlight this critical dimension.
-2.  **Scores Don't Tell the Whole Story:** The 95.17% score for `gpt-5` obscures the significant user intervention required to obtain it. Similarly, the near-identical scores of `cdx1-pro` and `gemini-2.5-pro` don't capture Gemini's superior answer quality.
-3.  **Scale Can Overcome Flaws:** The dramatic performance leap from the 14B to the 30B `cdx1` model suggests that increased scale can help correct for specific knowledge gaps and improve overall accuracy.
 
 ### Other Categories
 
 Performance in additional technical categories is summarized below.
 
-| Category | cdx1-mlx-8bit | cdx1-pro-mlx-8bit |
-| -------- | ------------- | ----------------- |
-| DevOps   | 87.46%        | 96.1%             |
-| Docker   | 89.08%        | 100%              |
-| Linux    | 90.6%         | 95.8%             |
+| category | cdx1-mlx-8bit | cdx1-pro-mlx-8bit | cdx1-mini-mlx-8bit |
+| -------- | ------------- | ----------------- | ------------------ |
+| devops   | 87.46%        | 96.1%             | 43.73%             |
+| docker   | 89.08%        | TBD               | 84.87%             |
+| linux    | 90.6%         | 95.8%             | 87.43%             |
 
 ## Model Availability
 
@@ -157,6 +129,7 @@ The table below details the available formats and their approximate resource req
 |                    | MLX    | 8-bit        | ~14.2           | > 14            | Higher fidelity for Apple Silicon.         |
 |                    | MLX    | 16-bit       | ~30             | > 30            | bfloat16 for fine-tuning.                  |
 |                    | GGUF   | Q4_K_M       | 8.99            | ~10.5           | Recommended balance for quality/size.      |
+|                    | GGUF   | IQ4_NL       | 8.6             | ~9              | Recommended balance for quality/size.      |
 |                    | GGUF   | Q8_0         | 15.7            | ~16.5           | Near-lossless quality.                     |
 |                    | GGUF   | BF16         | 29.5            | ~30             | bfloat16 for fine-tuning.                  |
 | **cdx1-pro (30B)** | MLX    | 4-bit        | ~17.5           | > 18            | For Apple Silicon with unified memory.     |
@@ -168,6 +141,7 @@ The table below details the available formats and their approximate resource req
 |                    | GGUF   | Q8_0         | 32.5            | ~33             | Near-lossless quality.                     |
 |                    | GGUF   | Q2_K         | 11.3            | ~12             | Low quality. Use for speculative decoding. |
 |                    | GGUF   | BF16         | 57              | ~60             | bfloat16 for fine-tuning.                  |
+| **cdx1-mini (4B)** |        |              |                 |                 | Beta now available.                        |
 
 **Notes on Quantization and Formats:**
 
@@ -180,9 +154,11 @@ The table below details the available formats and their approximate resource req
 ## Safety and Bias
 
 ### Safety
+
 To rigorously evaluate safety performance, we developed a comprehensive testing framework comprising over 200 adversarial prompts spanning 10 critical risk categories including cybersecurity threats, hate speech, illegal activities, privacy violations, physical safety risks, misinformation, bias and discrimination, self-harm, child safety, and copyright infringement. These questions were systematically generated using a multi-layered approach: first establishing domain-specific threat models based on NIST AI RMF guidelines, then crafting prompts that incorporate real-world evasion techniques (including leetspeak substitutions, roleplay scenarios, and encoded instructions) to test for policy circumvention. Each category contains progressively severe prompts ranging from general inquiries about harmful activities to highly specific requests for executable code and step-by-step instructions. During evaluation, our model consistently refused all safety-compromising requests, demonstrating robust adherence to ethical boundaries without attempting to fulfill harmful instructions—even when presented with sophisticated evasion attempts. This testing protocol exceeds standard industry benchmarks by incorporating both direct harmful requests and nuanced edge cases designed to probe boundary conditions in safety policies.
 
 ### Bias
+
 Our analysis reveals that cdx1 and cdx1-pro models exhibits a notable bias toward CycloneDX specifications, a tendency directly attributable to the composition of its training data which contains significantly more CycloneDX-related content than competing Software Bill of Materials (SBOM) standards. This data imbalance manifests in the model's consistent preference for recommending CycloneDX over alternative frameworks such as SPDX and omnibor, even in contexts where these competing standards might offer superior suitability for specific use cases. The model frequently fails to provide balanced comparative analysis, instead defaulting to CycloneDX-centric recommendations without adequate consideration of factors like ecosystem compatibility, tooling support, or organizational requirements that might favor alternative specifications. We recognize this as a limitation affecting the model's objectivity in technical decision support. Our long-term mitigation strategy involves targeted expansion of the training corpus with high-quality, balanced documentation of all major SBOM standards, implementation of adversarial debiasing techniques during fine-tuning, and development of explicit prompting protocols that require the model to evaluate multiple standards against specific technical requirements before making recommendations. We are committed to evolving cdx1 toward genuine impartiality in standards evaluation while maintaining its deep expertise in software supply chain security.
 
 ## Weaknesses
@@ -236,4 +212,4 @@ Please cite the following resources if you use the datasets, models, or benchmar
 ## Licenses
 
 - **Datasets:** CC0-1.0
-- **Models:** Apache-2.0
+- **Models:** Apache-2.0