SecureBERT 2.0: Cybersecurity Transformer
- SecureBERT 2.0 is a cybersecurity encoder built on ModernBERT that uses domain-specific pretraining over text and code for enhanced threat intelligence.
- It employs modality-aware tokenization and hierarchical encoding strategies tailored for tasks like vulnerability detection, CAN intrusion, and router anomaly detection.
- Empirical evaluations demonstrate significant gains in semantic search, named entity recognition, and anomaly detection compared to baseline models.
Searching arXiv for SecureBERT-related papers to ground the article in the current literature. SecureBERT 2.0 denotes an evolved family of cybersecurity-oriented transformer encoders whose shared objective is domain-adapted representation learning over security artifacts, but whose concrete instantiations differ by modality, task framing, and architecture. In the most explicit usage, "SecureBERT 2.0: Advanced LLM for Cybersecurity Intelligence" defines SecureBERT 2.0 as an encoder-only LLM built on ModernBERT, pretrained on over 13 billion text tokens and 53 million code tokens for semantic search, named entity recognition, semantic analysis, and vulnerability detection (Aghaei et al., 30 Sep 2025). In adjacent literature, the label is also used more loosely for SecureBERT-derived systems specialized for CAN intrusion detection or router anomaly detection, where the underlying encoder is adapted to raw CAN logs or behavioral telemetry such as system calls and network packet abstractions (Li et al., 2023, Carter et al., 2 Jan 2026). This terminological spread suggests that "SecureBERT 2.0" is best understood not as a single immutable artifact but as a second-generation design pattern for cybersecurity encoders: domain-specific pretraining, modality-aware tokenization or abstraction, and optimization for high-precision operational tasks.
1. Definition, scope, and terminological usage
The clearest formal definition appears in "SecureBERT 2.0: Advanced LLM for Cybersecurity Intelligence," which presents SecureBERT 2.0 as an enhanced encoder-only LLM purpose-built for cybersecurity applications and built on ModernBERT (Aghaei et al., 30 Sep 2025). Its stated motivation is the analysis of cybersecurity and threat intelligence data that combine specialized terminology, complex document structures, and interdependence between natural language and source code.
A distinct but related usage appears in the CAN intrusion-detection literature. "SecureBERT and LLAMA 2 Empowered Control Area Network Intrusion Detection and Classification" does not introduce a new SecureBERT version; instead, it defines CAN-SecureBERT as a task-specific adaptation of the publicly released SecureBERT model, built on a RoBERTa-base backbone and fine-tuned end-to-end for multi-class CAN attack detection (Li et al., 2023). The paper explicitly notes that if one informally refers to "SecureBERT 2.0" in that context, the label maps to CAN-SecureBERT rather than to a new backbone release.
A third usage appears in router security. "Improving Router Security using BERT" describes SecureBERT 2.0 as a BERT-style behavioral anomaly detector for home routers and IoT gateways, combining an eBPF syscall sensor, contrastive augmented learning with controlled negative mutations, and a parallel network-behavior model built on a packet abstraction language (Carter et al., 2 Jan 2026). Here, the term refers to an operational detector rather than to a general-purpose domain LLM.
This variation matters conceptually. The 2025 model centers on cybersecurity intelligence, long-context understanding, and text-code representation learning (Aghaei et al., 30 Sep 2025). The CAN and router variants center on classification or anomaly detection over non-natural-language telemetry (Li et al., 2023, Carter et al., 2 Jan 2026). A plausible implication is that the term has acquired both a narrow sense, referring to the ModernBERT-based 2025 release, and a broader sense, referring to second-generation SecureBERT-style systems across cybersecurity subdomains.
2. Core architectural paradigms
The ModernBERT-based SecureBERT 2.0 uses a bidirectional transformer encoder designed for fast, memory-efficient fine-tuning and long-context inference (Aghaei et al., 30 Sep 2025). The paper attributes its advantages to extended context handling, hierarchical encoding for token-to-chunk-to-document reasoning, hybrid tokenization friendly to both natural language and source code, and memory and compute optimizations for throughput and stable training. Self-attention follows the standard transformer form,
while the exact positional encoding and exact attention pattern are not specified (Aghaei et al., 30 Sep 2025).
Its hierarchical encoding is described conceptually as pooling token states into chunk embeddings and then aggregating chunk embeddings into a document representation via attention weighting. This design targets heterogeneous security documents containing prose, tables, indicators of compromise, code blocks, and command-line output (Aghaei et al., 30 Sep 2025). The pretraining maximum context length is 1024 tokens for both pretraining and downstream fine-tuning (Aghaei et al., 30 Sep 2025).
CAN-SecureBERT, by contrast, inherits a RoBERTa-base SecureBERT backbone with 12 transformer encoder blocks and 123 million parameters, using a custom tokenizer with a vocabulary of 50,265 tokens (Li et al., 2023). It attaches a fully connected feed-forward head to the embedding, followed by softmax for multi-class attack classification. No adapters are used in CAN-SecureBERT; the entire model is fine-tuned end-to-end (Li et al., 2023).
The router-security instantiation adopts a different architectural regime. It uses two parallel standard HuggingFace BertModel encoders trained from scratch rather than an MLM-pretrained backbone: one for system-call sequences and one for network packet abstractions (Carter et al., 2 Jan 2026). In each branch, 64-dimensional sys2vec or net2vec embeddings are linearly projected to 768 dimensions, followed by LayerNorm and positional embeddings. Sequence representations are mean-pooled and -normalized (Carter et al., 2 Jan 2026). The two models are trained independently and deployed concurrently, without early fusion, late-score fusion, or cross-attention (Carter et al., 2 Jan 2026).
These variants reveal a common engineering principle: the SecureBERT 2.0 label is consistently attached to encoder-centric systems optimized for discriminative cyber tasks, but the architecture ranges from large-scale MLM pretraining on text and code to direct representation learning over behavioral streams.
3. Pretraining corpora, tokenization, and modality adaptation
The 2025 SecureBERT 2.0 is defined by the scale and heterogeneity of its corpus. It is pretrained on a cybersecurity-focused corpus 13× larger than SecureBERT 1.0, comprising 13,623,037,185 text tokens and 53,387,658 code tokens (Aghaei et al., 30 Sep 2025). The breakdown includes seed corpus data, large-scale web text, reasoning-focused data, instruction-tuning data, a code vulnerability corpus, cybersecurity dialogue data, and the original baseline dataset. Preprocessing includes deduplication via MinHash and character-level similarity, Unicode normalization, content filtering with keyword heuristics and lightweight security classifiers, and dynamic re-weighting to balance subdomains and avoid web-crawl dominance (Aghaei et al., 30 Sep 2025).
Its curriculum uses microannealing: early training emphasizes high-quality curated text and vulnerability code, mid training anneals toward diverse web and reasoning datasets, and late training revisits high-quality sources to stabilize and reduce forgetting (Aghaei et al., 30 Sep 2025). The primary objective is masked language modeling,
adapted for code by masking identifiers and structural elements such as functions, variables, and operators (Aghaei et al., 30 Sep 2025).
The supporting literature on URL modeling clarifies how a SecureBERT 2.0 system may be extended to other cybersecurity modalities. "Continuous Multi-Task Pre-training for Malicious URL Detection and Webpage Classification" introduces urlBERT, a Transformer-based URL encoder trained on approximately 3 billion unlabeled URLs from Web Tracking Datasets from UPC (Li et al., 2024). It emphasizes that URLs are loosely structured and semantically sparse relative to natural language, and that natural-language tokenization would undersegment URLs, miss delimiter semantics, and poorly capture short--gram regularities and obfuscation patterns (Li et al., 2024). The synthesis proposes a delimiter-aware hybrid tokenizer, structural field tags such as [SCHEME], [[HOST](https://www.emergentmind.com/topics/higher-order-super-twisting-host)], [TLD], [PATHSEG], [QKEY], and [QVAL], punycode handling, and reserved tokens for obfuscation patterns including [HEX], [BASE64], and [ENCODED] (Li et al., 2024).
The CATBERT line provides an analogous example for email. "CATBERT: Context-Aware Tiny BERT for Detecting Social Engineering Emails" uses the multilingual BERT tokenizer with a vocabulary of 119,547, an embedding dimension of 768, and a maximum token length of 128, with front truncation to retain end-of-message content (Lee et al., 2020). If the body is HTML, tags are stripped to plain text via an HTML parser plus regex to mitigate HTML obfuscation (Lee et al., 2020).
The router-security variant represents another kind of modality adaptation: raw telemetry is abstracted into "machine language" tokens. System calls are mapped into semantically meaningful sys2vec tokens grouped by functional category, and sequences are segmented into 500-token windows (Carter et al., 2 Jan 2026). Network traffic is transformed into a Network Packet Abstraction Language, or NPAL, retaining protocol, IP category, source and destination port bucket, direction, and size bucket, then concatenating these categories into a single token. The resulting NPAL vocabulary contains 70 tokens observed across the dataset, with sequences segmented into 100-token windows (Carter et al., 2 Jan 2026).
Taken together, these studies show that SecureBERT 2.0 systems depend heavily on modality-specific input design. This suggests that domain adaptation in cybersecurity is not only a matter of corpus choice but also of preserving structural regularities that generic tokenization schemes would obscure.
4. Learning objectives and optimization strategies
The ModernBERT-based SecureBERT 2.0 uses masked language modeling as its base pretraining objective and does not specify contrastive pretraining during base pretrain; contrastive objectives are introduced later for embedding fine-tuning in retrieval settings (Aghaei et al., 30 Sep 2025). Pretraining runs for 20 epochs with AdamW, learning rate , weight decay $0.01$, masking probability $0.10$, batch size 16 per GPU on 8 GPUs, and maximum context length 1024 (Aghaei et al., 30 Sep 2025).
The URL-oriented extension provides a richer multi-task objective. urlBERT uses three directly reported pretraining tasks—masked URL modeling, self-supervised contrastive learning with NT-Xent, and virtual adversarial training—and combines them as
with , self-supervised contrastive learning learning rate 0, other-task learning rate 1, and batch size 64 (Li et al., 2024). The synthesis further proposes SecureBERT 2.0 extensions with syntax-aware delimiter prediction, segment ordering, and semantic proxy supervision, combined through weighted task coefficients and trained via grouped sequential learning to reduce gradient interference (Li et al., 2024).
Grouped sequential learning organizes tasks into lexical/syntax, representation discrimination, and robustness groups, trained in sequence rather than fully jointly (Li et al., 2024). The recommendation is to warm up the lexical/syntax group for 10%–20% of total steps, transition to representation discrimination for 50%–60% of steps, and finish with robustness for 20%–30% of steps, optionally freezing embeddings during the final stage (Li et al., 2024). This suggests a general SecureBERT 2.0 optimization pattern in which multi-objective cyber pretraining is explicitly scheduled rather than naively mixed.
CATBERT contributes a different parameter-efficiency strategy. Starting from DistilBERT, it keeps odd-numbered layers 1, 3, and 5 and replaces removed even-numbered layers 2, 4, and 6 with trainable adapter MLP blocks having the same hidden dimensionality as the Transformer hidden size (Lee et al., 2020). Each replacement block uses two dense layers with ReLU and a residual connection,
2
During fine-tuning, the lower two kept Transformer blocks are frozen, while the top kept block, all adapter blocks, and the sigmoid classification head are trained (Lee et al., 2020).
The router-security variant departs from MLM entirely. It is trained from scratch on benign-only data using a triplet margin loss
3
with margin 4, batch size 32, learning rate 5, dropout 6, and weight decay 7 (Carter et al., 2 Jan 2026). Its distinctive innovation is contrastive augmented learning: negatives are mutated by replacing a fraction 8 of tokens with tokens sampled from the empirical benign vocabulary, and 9 is reported as consistently best at low false positive rates (Carter et al., 2 Jan 2026).
5. Empirical performance across cybersecurity tasks
The official SecureBERT 2.0 reports strong results across retrieval, named entity recognition, and vulnerability detection (Aghaei et al., 30 Sep 2025). In semantic search over a cybersecurity rules corpus of approximately 5,000 items, the cross-encoder achieves 0 and 1, while the bi-encoder achieves 2 and 3 (Aghaei et al., 30 Sep 2025). Baselines are substantially lower: AttackBERT reaches 4, 5, and all-MiniLM-L6-v2 reaches 6, 7 (Aghaei et al., 30 Sep 2025).
On cybersecurity NER, using an expert-labeled public threat-intelligence dataset with five entity types, SecureBERT 2.0 reaches test 8, 9, and 0 (Aghaei et al., 30 Sep 2025). The same section reports SecureBERT 1.0 at 1, 2, 3, and CyBERT at 4, 5, 6 (Aghaei et al., 30 Sep 2025). On automated vulnerability detection in C/C++ functions, SecureBERT 2.0 obtains accuracy 7, 8, recall 9, and precision 0, compared with CodeBERT at accuracy 1, 2, recall 3, precision 4, and CyBERT at accuracy 5, 6, recall 7, precision 8 (Aghaei et al., 30 Sep 2025).
Its MLM probe results further indicate strong domain semantics, with noun top-1/top-5 accuracy 9, verb top-1/top-5 accuracy 0, and code top-1/top-5 accuracy 1 (Aghaei et al., 30 Sep 2025).
The CAN adaptation also reports near-perfect detection. Using 10% training data, CAN-SecureBERT achieves balanced accuracy 2, precision 3, detection rate 4, 5, and false alarm rate 6 on the Car Hacking dataset (Li et al., 2023). Per-attack validation results are perfect on DoS, Gear Spoofing, and RPM Spoofing, with Fuzzy at precision 7, detection rate 8, false alarm rate 9, and $0.01$0 (Li et al., 2023).
In the router-security setting, the system-call branch shows large gains from high-fidelity sensing and mutated negatives. At contamination $0.01$1, encrypt rises from $0.01$2 in the prior SOTA replication to $0.01$3 in the improved sensing baseline, and rename rises from $0.01$4 to $0.01$5 (Carter et al., 2 Jan 2026). With contrastive augmented learning at $0.01$6, lateral improves from $0.01$7 to $0.01$8, and combo from $0.01$9 to $0.10$0 at the same contamination level (Carter et al., 2 Jan 2026). The NPAL branch yields especially strong low-FPR gains for network-focused malware: at $0.10$1, download, combo, apt6010, and lateral all reach $0.10$2, with apt6010 improving from $0.10$3 in the syscall pathway to $0.10$4 in NPAL (Carter et al., 2 Jan 2026).
The URL and email variants further illustrate the breadth of SecureBERT-style results.
| System | Task | Reported result |
|---|---|---|
| SecureBERT 2.0 | Cybersecurity NER | $0.10$5, $0.10$6, $0.10$7 |
| SecureBERT 2.0 | Vulnerability detection | Acc $0.10$8, $0.10$9, 0, 1 |
| CAN-SecureBERT | CAN intrusion detection | BA 2, FAR 3 |
| CATBERT | Social engineering email detection | ROC-AUC 4, TPR@1%FPR 5 |
| urlBERT (FT-TM) | Phishing URL detection | Accuracy 6 |
CATBERT reaches ROC-AUC 7 and TPR at FPR 8 of 9, outperforming DistilBERT, LSTM, and logistic regression baselines (Lee et al., 2020). urlBERT with two-stage fine-tuning reaches phishing accuracy 0, advertising accuracy 1, and webpage classification accuracy 2, while multi-task fine-tuning improves phishing from 3 to 4 and webpage classification from 5 to 6, with ads slightly decreasing from 7 to 8 (Li et al., 2024).
6. Operational characteristics, robustness, and deployment
A defining feature of SecureBERT 2.0 systems is their focus on operational constraints such as false positive rate, throughput, and robustness under obfuscation.
The official SecureBERT 2.0 paper positions encoder-only design as preferable for retrieval, triage, and classification because encoders provide compact, discriminative embeddings with lower latency and cost than decoder-only or encoder-decoder alternatives (Aghaei et al., 30 Sep 2025). It explicitly links high-quality embeddings to two-stage semantic-search pipelines combining approximate retrieval via bi-encoder cosine similarity with cross-encoder reranking (Aghaei et al., 30 Sep 2025).
CATBERT demonstrates the efficiency side of this argument quantitatively. It has 117 million parameters versus DistilBERT's 135 million, with 92 million embedding parameters and 25 million non-embedding parameters (Lee et al., 2020). Inference time per email is 79 ms on CPU and 7.0 ms on GPU, compared with DistilBERT at 130 ms on CPU and 9.4 ms on GPU, making CATBERT 1.6× faster on CPU and 1.3× faster on GPU (Lee et al., 2020). The paper also reports resilience to typo noise, synonym substitution, and Unicode obfuscation, attributing this robustness to pretraining, subword tokenization, and context fusion from email headers rather than to adversarial training (Lee et al., 2020).
The router-security SecureBERT 2.0 variant is explicitly engineered for very low-FPR always-on deployment. Offline anomaly scoring uses Isolation Forest, with contamination 9 controlling the expected anomaly fraction and practical FPR operating point (Carter et al., 2 Jan 2026). Online scoring smooths window-level anomaly scores using an exponential moving average,
00
and triggers an alert when the smoothed score crosses the threshold defined by the 01-th percentile of benign training scores (Carter et al., 2 Jan 2026). Reported online FPRs over 30 minutes are 02 for 03 and 04 for 05, while time-to-detection is sub-second for most malware at 06 and frequently sub-second at 07 (Carter et al., 2 Jan 2026). CAN-SecureBERT also reports high practical throughput, at approximately 965 CAN messages/s in the authors' GPU setup, compared with approximately 14 messages/s for CAN-LLAMA2 (Li et al., 2023).
The URL-oriented synthesis extends robustness analysis into tokenizer and pretraining design. It argues that contrastive learning pushes apart representations of semantically relevant differences such as deceptive subdomains and host typos, while virtual adversarial training smooths outputs around token embeddings to improve tolerance to randomization of path or query segments, injected noise, encoding, and case flips (Li et al., 2024). It also recommends explicit robustness evaluation against homographs, punycode hosts, delimiter manipulation, random high-entropy segments, and percent-encoding or base64 obfuscation (Li et al., 2024).
This suggests that SecureBERT 2.0 systems are increasingly shaped by deployment-specific robustness criteria rather than by aggregate benchmark performance alone, especially in settings where low false positive rates are non-negotiable.
7. Limitations, controversies, and future directions
Several limitations recur across the literature. The official SecureBERT 2.0 paper does not specify the exact ModernBERT configuration, positional encoding, attention pattern, tokenizer type, training hardware specifics, checkpoints, or public APIs (Aghaei et al., 30 Sep 2025). It also does not report ablation studies isolating the contribution of long-context modeling, hierarchical pooling, corpus scale, or code inclusion (Aghaei et al., 30 Sep 2025).
The CAN study introduces a numerical inconsistency that bears noting. Its abstract states that the best model's false alarm rate is 52 times smaller than that of MTH-IDS, but the table values imply much larger ratios: approximately 193.5× for CAN-LLAMA2 and approximately 171.4× for CAN-SecureBERT when computed from the reported FAR values (Li et al., 2023). Because the paper itself flags this mismatch, the more conservative interpretation is to treat the table values as primary and the 52× statement as inconsistent with those values.
More substantively, the CAN paper concludes that SecureBERT's cybersecurity domain knowledge "does not directly contribute" to improved CAN attack classification over general large-scale pretraining, as CAN-LLAMA2 slightly exceeds CAN-SecureBERT despite SecureBERT's cyber-specific pretraining (Li et al., 2023). This is an important counterpoint to domain-adaptation claims. It suggests that in certain telemetry domains, pretraining scale and model capacity may matter more than cybersecurity-specific text priors.
The router paper raises complementary concerns. It reports no ROC or AUC curves, confidence intervals, or hypothesis tests, and notes that some malware classes have relatively few observations, so extreme low-FPR detection rates should be interpreted cautiously (Carter et al., 2 Jan 2026). It also acknowledges that very stealthy, long-lived malware with benign-like syscall and packet patterns may evade detection, and that NPAL discards fine-grained header details that could matter against advanced threats (Carter et al., 2 Jan 2026).
The URL and email lines identify further open problems. urlBERT does not fully specify tokenizer details, and its synthesis explicitly recommends rigorous comparison of delimiter-aware versus plain subword tokenization and Unicode normalization policies (Li et al., 2024). CATBERT uses only four simple email header features and does not deeply analyze multilingual variation or theoretical reasons why replacing half the Transformer blocks with adapters can outperform full DistilBERT (Lee et al., 2020).
Across these works, the main future directions are consistent: scaling capacity and context, integrating models into SIEM, SOAR, and developer tooling, extending benchmarks for hybrid text-code reasoning and threat drift, expanding multi-modality to URLs, emails, HTTP, logs, file paths, registry keys, CLI arguments, HTML and DOM snippets, and pursuing continual learning or periodic retraining to handle domain drift (Aghaei et al., 30 Sep 2025, Li et al., 2024). A plausible implication is that the next stage beyond SecureBERT 2.0 will be defined less by a single benchmark-leading backbone and more by unified cyber encoders that maintain strong task transfer across heterogeneous modalities while preserving strict operational guarantees on calibration, latency, and false positive rate.