You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

This model is the proprietary property of Glyph Software LLP. Access is granted only to authorized licensees under a signed agreement. This is an offensive-security agent intended solely for authorized penetration testing and security research. By requesting access you confirm you are an authorized user, that you will only use it against systems you are explicitly permitted to test, and that you agree to the terms in the LICENSE file.

Log in or Sign Up to review the conditions and access this model content.

Sentinel-R2

Proprietary & Confidential. Sentinel-R2 is the exclusive property of Glyph Software LLP. It is not open source and is distributed under a proprietary, all-rights-reserved license. See the License section and the bundled LICENSE file.

Sentinel-R2 is an offensive-security agent for authorized penetration testing. Given a target scope and a shell-execute tool, it enumerates the target, works out a foothold, escalates privileges as far as it can, and writes up the full attack path — the root cause of each weakness it exploits and how to fix it. It is a reasoning + tool-use model: it plans, issues tool calls, reasons over the results, and iterates toward its objective.

This repository contains the full merged model weights — the Sentinel-R2 LoRA adapter fused into its base model. Unlike the adapter repository, it loads directly with transformers and requires no separate base download or PEFT step.

Model Details

Model Description

  • Developed & curated by: Glyph Software LLP
  • Model persona / identity: Sentinel-R2
  • Model type: Merged full-weight causal decoder-only transformer; instruction-, reasoning-, and tool-use-tuned
  • Architecture: Qwen3_5ForConditionalGeneration (hybrid linear/full-attention, 32 layers, hidden size 4096)
  • Base model: empero-ai/Qwythos-9B-Claude-Mythos-5-1M
  • Precision: bfloat16 (16-bit merged weights)
  • Context length: up to 1,048,576 tokens (YaRN-scaled)
  • Task type: CAUSAL_LM
  • Languages: English (with embedded shell commands and source code across many languages)
  • Finetuning method: Supervised fine-tuning (SFT, LoRA) on curated authorized-pentest agent trajectories, then merged to 16-bit
  • License: Proprietary — Glyph Proprietary License v1.0 (all rights reserved)

Model Sources

  • Repository: glyphsoftware/sentinal-r2 (gated)
  • Adapter repository: glyphsoftware/sentinal-r2-lora (gated)
  • Base model: empero-ai/Qwythos-9B-Claude-Mythos-5-1M

Intended Use

Primary intended uses

  • Authorized penetration testing: Autonomous or human-in-the-loop enumeration, foothold discovery, and privilege escalation against systems the operator is explicitly permitted to test.
  • Attack-path reporting: Producing clear write-ups of each exploited weakness, its root cause, and concrete remediation guidance.
  • Red-team tooling and security research: Driving agentic workflows that use a shell/execute tool in isolated lab or authorized engagement environments.

Out-of-scope and prohibited uses

  • Any use against systems you are not explicitly authorized to test.
  • Unauthorized access, disruption, data theft, or any use violating applicable law or the proprietary license.
  • Any use outside Glyph Software LLP or its authorized licensees.
  • Fully unattended operation without appropriate scoping, guardrails, and human oversight.

Benchmarks

Task Metric Base Qwen3.5-9B Qwythos-9B Sentinal-R2 (this model)
gsm8k (5-shot) exact_match (strict) 0.510 0.810 0.831
gsm8k (5-shot) exact_match (flexible) 0.670 0.860 0.831
mmlu (0-shot) acc 0.232 0.575 0.777
arc_challenge (0-shot) acc 0.470 0.490 0.562
arc_challenge (0-shot) acc_norm 0.400 0.410 0.586
gpqa_diamond (CoT, 0-shot) exact_match (flexible) 0.630 0.580

Training Data

Sentinel-R2 was fine-tuned on a curated set of authorized penetration-test agent trajectories. Each example is a multi-turn conversation in which the assistant is given an isolated-lab target and a shell execute tool, and works through enumeration → foothold → privilege escalation → remediation write-up, interleaving reasoning, tool calls, and tool results.

Property Value
Training examples 113
Format Multi-turn messages (system / user / assistant / tool) with tool calls
Tooling Single execute shell tool
Framing Authorized engagements in isolated lab networks

All scenarios are explicitly scoped as authorized testing against lab targets.

Prompt Format

Sentinel-R2 uses a chat template with system, user, assistant, and tool roles, and supports tool calling. The system message establishes the pentester persona and the engagement rules; the model responds with reasoning and execute tool calls, consumes the tool results, and continues until it reaches its objective and produces a write-up.

Recommended system prompt

You are an expert penetration tester carrying out an authorized engagement in
an isolated lab. You have an execute tool to run shell commands from your
attacking host. Enumerate the target thoroughly, work out a foothold, escalate
your privileges as far as you can (root or Administrator/SYSTEM), and then write
up the full attack path — the root cause of each weakness you exploit and how to
fix it.

How to Use

Access to these weights requires an authorized Hugging Face token for the gated/private repository. These are full merged weights — no adapter or base download is required.

import torch
from transformers import AutoModelForCausalLM, AutoTokenizer

model_id = "glyphsoftware/sentinal-r2"

tokenizer = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(
    model_id, device_map="auto", torch_dtype="auto"
)

system = (
    "You are an expert penetration tester carrying out an authorized engagement "
    "in an isolated lab. You have an execute tool to run shell commands from your "
    "attacking host. Enumerate the target thoroughly, work out a foothold, escalate "
    "your privileges as far as you can, and then write up the full attack path — "
    "the root cause of each weakness you exploit and how to fix it."
)

messages = [
    {"role": "system", "content": system},
    {"role": "user", "content": "Assess the authorized lab host at 10.129.0.10."},
]

inputs = tokenizer.apply_chat_template(
    messages, add_generation_prompt=True, return_tensors="pt"
).to(model.device)

out = model.generate(inputs, max_new_tokens=1024, temperature=0.3, top_p=0.9)
print(tokenizer.decode(out[0][inputs.shape[-1]:], skip_special_tokens=True))

The model emits execute tool calls; your harness is responsible for running those commands only within an authorized, isolated environment and feeding the results back as tool messages.

Recommended generation settings

Parameter Value
temperature 0.2 – 0.4
top_p 0.9
max_new_tokens 1024+ (reasoning and tool calls consume tokens)

Training Procedure

Hyperparameter Value
Method Supervised fine-tuning (LoRA), merged to 16-bit
Base model empero-ai/Qwythos-9B-Claude-Mythos-5-1M
LoRA rank / alpha 16 / 16
LoRA dropout 0.0
Max sequence length 16,384
Epochs 2
Batch size × grad accum 2 × 4
Learning rate 2e-4
Optimizer adamw_torch_fused
Precision bf16 (non-4bit)
Final training loss ~0.589

Trained with Unsloth, TRL, and PEFT, then the adapter was merged into the base weights and exported in bf16.

Limitations and Risks

  • Not a substitute for a skilled operator. Outputs may be incorrect, incomplete, or unsafe to run. Every command must be reviewed before execution.
  • Powerful dual-use capability. This model is designed to compromise systems. It must only ever be pointed at targets you are explicitly authorized to test, in isolated environments, with human oversight.
  • Small training set. The model was trained on a modest number of trajectories; coverage of tools, platforms, and techniques is limited and biased toward the scenarios in the training data.
  • Reasoning is not ground truth. The model's plans and explanations are aids, not verified proofs; validate all findings independently.
  • Harness responsibility. Command execution, scoping, network isolation, and guardrails are the responsibility of the operator and the surrounding harness, not the model.

License

Proprietary — All Rights Reserved.

Sentinel-R2, including these merged weights, its configuration, tokenizer, and all associated artifacts, is the confidential and proprietary property of Glyph Software LLP. It is not released under any open-source license and is governed by the Glyph Proprietary License v1.0 in the bundled LICENSE file.

No part of this model may be copied, distributed, published, sublicensed, merged into another model, distilled, or used to train or evaluate any other model, except by Glyph Software LLP or parties holding explicit prior written permission. Access does not grant any ownership or license rights beyond those expressly granted in writing.

© 2026 Glyph Software LLP. All rights reserved.

Citation

@misc{glyphsoftware_sentinel_r2,
  title  = {Sentinel-R2: An Authorized Penetration-Testing Agent},
  author = {Glyph Software LLP},
  year   = {2026},
  note   = {Proprietary model. All rights reserved.}
}

Contact

For licensing, access requests, or security inquiries, contact Glyph Software LLP.

Downloads last month
-
Safetensors
Model size
9B params
Tensor type
BF16
·
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for glyphsoftware/sentinal-r2

Finetuned
Qwen/Qwen3.5-9B
Finetuned
(12)
this model

Evaluation results