A practical local security-research rig in 2026 is a 12 GB GPU like the MSI GeForce RTX 3060 Ventus 2X 12G, an 8-core desktop CPU such as the AMD Ryzen 7 5800X, and 32 GB of system RAM. That hardware runs 7B–14B code-tuned models at q4 quantization air-gapped, which is enough to diff patches, summarize CVE write-ups, and triage commits without sending anything to a cloud endpoint.
Why patch-to-exploit timing changes the calculus
Recent Anthropic research reported that frontier LLMs can produce working exploit code from a security patch in hours rather than weeks, given a clear diff and a description of the affected behavior. The number itself is debated, but the direction is not in dispute: AI-assisted analysis has compressed the window between "vendor ships a fix" and "a usable exploit exists." That changes two things for defenders.
First, the value of being able to read a patch as fast as an attacker has gone up. If a malicious actor can have an LLM ingest a diff and produce a usable proof-of-concept in a single working day, defenders need to be able to do the same — read the diff, surface the vulnerable code path, and prioritize patching across their fleet — at the same speed. Second, sending sensitive diffs, internal source, or unpatched CVE details to a third-party API is a non-starter for many teams. Cloud LLM providers retain prompts (with various opt-out controls), embed in their datasets, and are themselves regulated. Running the same workflow on an air-gapped local box sidesteps the entire question.
For our companion analysis of the Anthropic finding, see the linked piece. This article focuses on the hardware.
Key takeaways
- A 12 GB RTX 3060 plus an 8-core CPU and 32 GB RAM runs a 14B code-tuned model at q4 — enough for real diff analysis.
- Local inference removes per-token costs on large batches and keeps sensitive code off third-party servers.
- Context length matters more here than raw tok/s — diffs and CVE write-ups can be long.
- A used 12 GB card pays for itself against API fees within months at a moderate analysis volume.
- The hardware ceiling for the workflow is around 14B; 32B-class models help on complex multi-file refactors.
What did Anthropic's study actually claim about patch-to-exploit timing?
The headline finding was that with the right prompting and a moderately capable LLM, the time required to go from a published security patch to a working exploit dropped from weeks of manual reverse engineering to a single working day or less for the cases studied. The study's published methodology focused on a small set of CVEs with well-documented patches, so the numbers should not be over-generalized to every vulnerability class, but the qualitative claim — that LLMs meaningfully accelerate this loop — is consistent with what offensive-security researchers have been reporting privately for the last year.
The defender's read: if frontier-class models can do this with a cloud subscription, smaller open-weight models can do a useful subset of it locally, especially on the steps that are mostly comprehension and pattern-matching rather than novel exploit invention.
Why run a security-analysis model locally instead of in the cloud?
There are four reasons that come up over and over:
- Data sensitivity. Unpatched diffs, internal source, embargoed CVE details, and customer code are exactly the data many teams legally or contractually cannot send to a third-party endpoint.
- No per-token bill. A patch-diff workflow burns input tokens. At cloud rates, batch-processing a quarter's worth of commit history across a large repo runs into real money; a local box has fixed hardware cost and effectively unlimited inference budget.
- No rate limits. When you queue 500 diffs overnight, a local model just chews through them at its tok/s; a cloud model can throttle, retry, or refuse mid-batch.
- Reproducibility and audit. A pinned local model weight produces deterministic outputs given a seed; a hosted endpoint can change between Monday and Friday without notice.
What can a 12 GB RTX 3060 do for code/diff analysis at q4?
The honest answer is: surprisingly well for the comprehension half of the workflow, and noticeably weaker than frontier models for the synthesis half.
For 7B–14B code-tuned models like CodeLlama 13B, DeepSeek-Coder 6.7B, and Qwen2.5-Coder 14B at q4_K_M, the RTX 3060 12 GB keeps the entire model on-GPU and produces 25–45 tok/s for single-user workflows. That is fast enough for interactive review: paste a diff, ask "what does this change do and what's the security relevance," wait a few seconds, get a useful first pass. The card's ZOTAC sibling performs comparably and is a fine alternative when 3060 stock runs lean.
Where a 12 GB card struggles is multi-file refactors that benefit from 32B-class reasoning models. A 32B model will not fit on a 12 GB card at any usable quantization, and offloading drops you to single-digit tok/s. For that workflow you need a 24 GB card.
Spec table: model | VRAM | context window | tok/s on RTX 3060
A working snapshot for the most common code-analysis models on a 12 GB RTX 3060 at q4_K_M.
| Model | Parameters | VRAM used | Practical context | Tok/s |
|---|---|---|---|---|
| DeepSeek-Coder 6.7B | 6.7B | ~5.2 GB | 16k | 60–80 |
| CodeLlama 13B | 13B | ~7.5 GB | 8k | 35–45 |
| Qwen2.5-Coder 14B | 14B | ~8.3 GB | 16k | 25–35 |
| StarCoder2 15B | 15B | ~9.0 GB | 8k | 25–30 |
| DeepSeek-Coder 33B | 33B | offload | — | 4–8 |
For most diff-analysis work the 13B–14B tier is the right place to spend your tok/s.
Quantization matrix for a 14B code model
The same matrix logic as a general-purpose model, with a small twist: code models are more sensitive to aggressive quantization than chat models, because exact token sequences (operators, identifiers) matter more than fluent prose.
| Quant | VRAM (14B) | Tok/s on 12 GB | Quality loss | Notes |
|---|---|---|---|---|
| q3_K_M | 6.4 GB | 40 | visible — syntax slips appear | tight budget only |
| q4_K_S | 7.5 GB | 35 | minor | speed pick |
| q4_K_M | 8.3 GB | 30 | minimal | default for code |
| q5_K_M | 9.6 GB | 25 | imperceptible | quality pick if it fits |
| q6_K | 11.2 GB | 22 | none in tests | barely fits with KV cache |
For security work specifically, lean toward q5_K_M when the model fits. The cost in tok/s is small and the reduction in subtle code errors is worth it.
Context-length impact: feeding a full diff plus a CVE description into the window
A useful security-analysis prompt typically includes (1) the patch diff, often hundreds to thousands of lines, (2) the surrounding source for context, (3) the CVE description and any vendor notes, and (4) instructions about what to extract. That adds up fast.
A 14B model at q4_K_M leaves roughly 3 GB of VRAM for KV cache on a 12 GB card after the weights load. That is enough for roughly 8k–12k tokens of context. For longer diffs, you have two choices: drop to a 7B model and use the freed VRAM for a 32k context, or chunk the diff and run multiple passes. The 7B-with-longer-context path is the right answer surprisingly often.
Perf-per-dollar: a used 12 GB card vs an API subscription over 12 months
A used RTX 3060 12 GB lands around $280–320 in 2026. A cloud security-analysis workflow at moderate volume — say, 200 diff reviews per month with 8k input tokens each — runs into the low hundreds of dollars per month on most frontier endpoints. The hardware pays for itself in roughly 2–4 months at that volume, and after that the marginal cost of analysis is essentially zero. The Ryzen 7 5800X host is a one-time cost on top.
Bottom line: the minimum viable offline security rig
- GPU: RTX 3060 12 GB — the floor.
- CPU: Ryzen 7 5800X or equivalent 8-core.
- RAM: 32 GB DDR4-3200, dual channel.
- Storage: 1 TB NVMe for model weights and indexed source.
- Software: llama.cpp or Ollama, plus a code-tuned 13B–14B model at q4_K_M.
That is enough for real day-to-day diff and CVE work without ever touching a hosted API. If your workflow leans on 32B-class reasoning models, plan to step up to a 24 GB card next.
Real-world examples: what the workflow looks like
A typical end-to-end loop with a local 14B code model on the RTX 3060 12 GB covers four steps. First, you ingest a published security advisory — the CVE description plus a link to the upstream patch. Second, you fetch the patch diff from the project's git host and slice it into chunks that fit your context window (8k–16k tokens, depending on the model). Third, you prompt the model with a structured ask: "Given this CVE description and this patch hunk, identify the vulnerable code path before the patch, summarize the fix, and rate the severity of an exploit attempt." Fourth, you record outputs in a local jsonl and re-run any prompts that the model declined or hedged on.
This loop runs at roughly 10–20 diffs per hour on a 13B model at q4_K_M on the 3060 — slow compared to a frontier endpoint, but unlimited, private, and reproducible. For 200 reviews a month you finish the queue overnight on Sundays and have the rest of the week to act on the output.
Common pitfalls when standing up the rig
The most common mistake is buying a 24 GB card you don't need yet. A 12 GB RTX 3060 is the right place to start because the 7B–14B code models will keep you busy for months. Step up to 24 GB only after you have a concrete 32B-model workflow that warrants the cost.
The second is underspeccing the host CPU. Tokenization, regex-pre-processing of diffs, and any offloaded layers want CPU. Pair the GPU with at least an 8-core current-gen chip. The Ryzen 7 5800X is a fine baseline; anything weaker bottlenecks the GPU on warm-up.
The third is not air-gapping the box. If the workflow's value depends on the data not leaving your machine, that means actually no network on the inference host. Pull models down on a separate machine, copy them in by USB, and disable the network adapter on the inference box. Air-gap is a process discipline, not a software setting.
When NOT to run a local security LLM
If your workload is occasional — a few dozen diffs a quarter — a cloud API with a zero-retention agreement is often the right answer. The hardware doesn't pay back fast enough to be worth the operational overhead of running your own model.
If you specifically need frontier reasoning on multi-file refactors, a local 14B model will fall short. That's a 32B-class problem and a 24 GB card; if you don't have one and don't want one, rent the time.
If the source code in scope is fully open already (e.g. a public open-source dependency audit), the data-sensitivity argument disappears and a cloud workflow with prompt caching is cheaper and faster.
For all the other cases — and there are many — the local rig is the right tool.
A note on model selection for security workflows
Not every open-weight code model is equally useful for security review. The two qualities that matter most in this workflow are (1) fidelity to exact code semantics — getting operators and identifiers right matters more than fluent prose — and (2) ability to follow structured prompts without drifting into chat-mode hedging. CodeLlama 13B and DeepSeek-Coder 6.7B have both been deliberately tuned for code, and both work well as the base model for diff analysis. General-purpose chat models in the same size class often produce more verbose responses that need post-processing to extract the structured fields you care about.
For a serious local-security workstation, also keep a handful of models on disk — a 7B for fast triage, a 13B for the bulk of the work, and a 14B for higher-quality second-pass review. The marginal disk cost is negligible; the productivity gain from picking the right tool for each pass is real.
Related guides
- Anthropic: AI Builds Working Exploits in Hours, Not Weeks
- Best Local LLM You Can Run on 12GB of VRAM in 2026
- Which GPU Runs Which LLM? A 2026 VRAM-to-Model Map
- Is the RTX 3060 12GB Still Worth Buying in 2026?
