GreyNOC Researchers Push Solin to 0.44 VAL — And It’s Still Getting Better

GreyNOC researchers have reached a new development milestone with Solin, our local cybersecurity AI model: 0.44 validation loss.

That number matters because it shows measurable progress in the model’s ability to learn, generalize, and improve through training. Solin is still in active development, but each training cycle is moving it closer to the role we designed it for: a local, security-focused AI assistant that can help analysts identify vulnerable code, reason through risk, and support remediation workflows directly on the machine where the work is happening.

GreyNOC’s long-term vision for Solin is simple: bring advanced cybersecurity intelligence closer to the defender.

Instead of sending sensitive data into the cloud, Solin is being built to run locally on a workstation or server. That local-first design means organizations can keep code, policies, procedures, asset context, and internal playbooks inside their own environment while still benefiting from AI-assisted security workflows. This aligns with GreyNOC’s broader product direction for local AI, analyst support, triage, reporting, control mapping, and repeatable security operations.

Solin is being developed as more than a chatbot. The goal is to make it a cybersecurity model that can actively assist with code review, vulnerability discovery, exploit-path awareness, patch recommendation, and eventually controlled remediation. In approved environments, Solin is intended to help patch issues automatically based on configured policies. In environments where human approval is required, it can prepare the fix, explain the risk, and wait for authorization before changes are applied.

That distinction is important. Cybersecurity tooling should increase speed without removing accountability. Solin is being built to help defenders move faster while still respecting authorization, policy, and operational control.

GreyNOC’s internal training work already reflects that local-first approach. The current Solin training setup watches local training sources, ingests text and PDFs, builds datasets, trains the model, tracks validation loss, saves checkpoints, and continuously improves when new material is added. A recent local training session showed Solin running on CUDA with visible training and validation metrics, including validation loss moving under 0.70 during that session.

Now, with researchers reporting 0.44 VAL, Solin is continuing to move in the right direction.

The reason we are building Solin this way is because cybersecurity is changing fast. Attackers are already using AI to move quicker, generate code faster, identify weaknesses sooner, and scale operations with less friction. Defenders need tools that can keep up. GreyNOC’s mission is to close that gap by combining penetration testing, managed security, vulnerability assessment, security engineering, automation, and local AI into one practical defense model.

Solin is still under development, but the progress is real.

In the coming weeks, GreyNOC hopes to release a public-facing version of the model on the GreyNOC website for users to test and interact with. The first public version will be an early step, not the final destination. As the model improves, GreyNOC plans to continue expanding Solin from an internal analyst copilot into a client-local AI security workflow engine.

For now, 0.44 VAL is a strong signal.

Image credit Mark Caron(RedHat)