Instructions to use glyphsoftware/sentinal-r2 with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Transformers
How to use glyphsoftware/sentinal-r2 with Transformers:
# Use a pipeline as a high-level helper from transformers import pipeline pipe = pipeline("text-generation", model="glyphsoftware/sentinal-r2") messages = [ { "role": "user", "content": [ {"type": "image", "url": "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/p-blog/candy.JPG"}, {"type": "text", "text": "What animal is on the candy?"} ] }, ] pipe(text=messages)# Load model directly from transformers import AutoProcessor, AutoModelForMultimodalLM processor = AutoProcessor.from_pretrained("glyphsoftware/sentinal-r2") model = AutoModelForMultimodalLM.from_pretrained("glyphsoftware/sentinal-r2") messages = [ { "role": "user", "content": [ {"type": "image", "url": "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/p-blog/candy.JPG"}, {"type": "text", "text": "What animal is on the candy?"} ] }, ] inputs = processor.apply_chat_template( messages, add_generation_prompt=True, tokenize=True, return_dict=True, return_tensors="pt", ).to(model.device) outputs = model.generate(**inputs, max_new_tokens=40) print(processor.decode(outputs[0][inputs["input_ids"].shape[-1]:])) - Notebooks
- Google Colab
- Kaggle
- Local Apps Settings
- vLLM
How to use glyphsoftware/sentinal-r2 with vLLM:
Install from pip and serve model
# Install vLLM from pip: pip install vllm # Start the vLLM server: vllm serve "glyphsoftware/sentinal-r2" # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:8000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "glyphsoftware/sentinal-r2", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker
docker model run hf.co/glyphsoftware/sentinal-r2
- SGLang
How to use glyphsoftware/sentinal-r2 with SGLang:
Install from pip and serve model
# Install SGLang from pip: pip install sglang # Start the SGLang server: python3 -m sglang.launch_server \ --model-path "glyphsoftware/sentinal-r2" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "glyphsoftware/sentinal-r2", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker images
docker run --gpus all \ --shm-size 32g \ -p 30000:30000 \ -v ~/.cache/huggingface:/root/.cache/huggingface \ --env "HF_TOKEN=<secret>" \ --ipc=host \ lmsysorg/sglang:latest \ python3 -m sglang.launch_server \ --model-path "glyphsoftware/sentinal-r2" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "glyphsoftware/sentinal-r2", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }' - Unsloth Studio
How to use glyphsoftware/sentinal-r2 with Unsloth Studio:
Install Unsloth Studio (macOS, Linux, WSL)
curl -fsSL https://unsloth.ai/install.sh | sh # Run unsloth studio unsloth studio -H 0.0.0.0 -p 8888 # Then open http://localhost:8888 in your browser # Search for glyphsoftware/sentinal-r2 to start chatting
Install Unsloth Studio (Windows)
irm https://unsloth.ai/install.ps1 | iex # Run unsloth studio unsloth studio -H 0.0.0.0 -p 8888 # Then open http://localhost:8888 in your browser # Search for glyphsoftware/sentinal-r2 to start chatting
Using HuggingFace Spaces for Unsloth
# No setup required # Open https://huggingface.co/spaces/unsloth/studio in your browser # Search for glyphsoftware/sentinal-r2 to start chatting
Load model with FastModel
pip install unsloth from unsloth import FastModel model, tokenizer = FastModel.from_pretrained( model_name="glyphsoftware/sentinal-r2", max_seq_length=2048, ) - Docker Model Runner
How to use glyphsoftware/sentinal-r2 with Docker Model Runner:
docker model run hf.co/glyphsoftware/sentinal-r2
You need to agree to share your contact information to access this model
This repository is publicly accessible, but you have to accept the conditions to access its files and content.
This model is the proprietary property of Glyph Software LLP. Access is granted only to authorized licensees under a signed agreement. This is an offensive-security agent intended solely for authorized penetration testing and security research. By requesting access you confirm you are an authorized user, that you will only use it against systems you are explicitly permitted to test, and that you agree to the terms in the LICENSE file.
Log in or Sign Up to review the conditions and access this model content.
Sentinel-R2
Proprietary & Confidential. Sentinel-R2 is the exclusive property of Glyph Software LLP. It is not open source and is distributed under a proprietary, all-rights-reserved license. See the License section and the bundled
LICENSEfile.
Sentinel-R2 is an offensive-security agent for authorized penetration
testing. Given a target scope and a shell-execute tool, it enumerates the
target, works out a foothold, escalates privileges as far as it can, and writes
up the full attack path — the root cause of each weakness it exploits and how to
fix it. It is a reasoning + tool-use model: it plans, issues tool calls, reasons
over the results, and iterates toward its objective.
This repository contains the full merged model weights — the Sentinel-R2
LoRA adapter fused into its base model. Unlike the
adapter repository, it
loads directly with transformers and requires no separate base download or
PEFT step.
Model Details
Model Description
- Developed & curated by: Glyph Software LLP
- Model persona / identity:
Sentinel-R2 - Model type: Merged full-weight causal decoder-only transformer; instruction-, reasoning-, and tool-use-tuned
- Architecture:
Qwen3_5ForConditionalGeneration(hybrid linear/full-attention, 32 layers, hidden size 4096) - Base model:
empero-ai/Qwythos-9B-Claude-Mythos-5-1M - Precision: bfloat16 (16-bit merged weights)
- Context length: up to 1,048,576 tokens (YaRN-scaled)
- Task type:
CAUSAL_LM - Languages: English (with embedded shell commands and source code across many languages)
- Finetuning method: Supervised fine-tuning (SFT, LoRA) on curated authorized-pentest agent trajectories, then merged to 16-bit
- License: Proprietary — Glyph Proprietary License v1.0 (all rights reserved)
Model Sources
- Repository:
glyphsoftware/sentinal-r2(gated) - Adapter repository:
glyphsoftware/sentinal-r2-lora(gated) - Base model:
empero-ai/Qwythos-9B-Claude-Mythos-5-1M
Intended Use
Primary intended uses
- Authorized penetration testing: Autonomous or human-in-the-loop enumeration, foothold discovery, and privilege escalation against systems the operator is explicitly permitted to test.
- Attack-path reporting: Producing clear write-ups of each exploited weakness, its root cause, and concrete remediation guidance.
- Red-team tooling and security research: Driving agentic workflows that use
a shell/
executetool in isolated lab or authorized engagement environments.
Out-of-scope and prohibited uses
- Any use against systems you are not explicitly authorized to test.
- Unauthorized access, disruption, data theft, or any use violating applicable law or the proprietary license.
- Any use outside Glyph Software LLP or its authorized licensees.
- Fully unattended operation without appropriate scoping, guardrails, and human oversight.
Benchmarks
| Task | Metric | Base Qwen3.5-9B | Qwythos-9B | Sentinal-R2 (this model) |
|---|---|---|---|---|
| gsm8k (5-shot) | exact_match (strict) | 0.510 | 0.810 | 0.831 |
| gsm8k (5-shot) | exact_match (flexible) | 0.670 | 0.860 | 0.831 |
| mmlu (0-shot) | acc | 0.232 | 0.575 | 0.777 |
| arc_challenge (0-shot) | acc | 0.470 | 0.490 | 0.562 |
| arc_challenge (0-shot) | acc_norm | 0.400 | 0.410 | 0.586 |
| gpqa_diamond (CoT, 0-shot) | exact_match (flexible) | 0.630 | 0.580 | — |
Training Data
Sentinel-R2 was fine-tuned on a curated set of authorized penetration-test
agent trajectories. Each example is a multi-turn conversation in which the
assistant is given an isolated-lab target and a shell execute tool, and works
through enumeration → foothold → privilege escalation → remediation write-up,
interleaving reasoning, tool calls, and tool results.
| Property | Value |
|---|---|
| Training examples | 113 |
| Format | Multi-turn messages (system / user / assistant / tool) with tool calls |
| Tooling | Single execute shell tool |
| Framing | Authorized engagements in isolated lab networks |
All scenarios are explicitly scoped as authorized testing against lab targets.
Prompt Format
Sentinel-R2 uses a chat template with system, user, assistant, and tool
roles, and supports tool calling. The system message establishes the pentester
persona and the engagement rules; the model responds with reasoning and
execute tool calls, consumes the tool results, and continues until it reaches
its objective and produces a write-up.
Recommended system prompt
You are an expert penetration tester carrying out an authorized engagement in
an isolated lab. You have an execute tool to run shell commands from your
attacking host. Enumerate the target thoroughly, work out a foothold, escalate
your privileges as far as you can (root or Administrator/SYSTEM), and then write
up the full attack path — the root cause of each weakness you exploit and how to
fix it.
How to Use
Access to these weights requires an authorized Hugging Face token for the gated/private repository. These are full merged weights — no adapter or base download is required.
import torch
from transformers import AutoModelForCausalLM, AutoTokenizer
model_id = "glyphsoftware/sentinal-r2"
tokenizer = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(
model_id, device_map="auto", torch_dtype="auto"
)
system = (
"You are an expert penetration tester carrying out an authorized engagement "
"in an isolated lab. You have an execute tool to run shell commands from your "
"attacking host. Enumerate the target thoroughly, work out a foothold, escalate "
"your privileges as far as you can, and then write up the full attack path — "
"the root cause of each weakness you exploit and how to fix it."
)
messages = [
{"role": "system", "content": system},
{"role": "user", "content": "Assess the authorized lab host at 10.129.0.10."},
]
inputs = tokenizer.apply_chat_template(
messages, add_generation_prompt=True, return_tensors="pt"
).to(model.device)
out = model.generate(inputs, max_new_tokens=1024, temperature=0.3, top_p=0.9)
print(tokenizer.decode(out[0][inputs.shape[-1]:], skip_special_tokens=True))
The model emits execute tool calls; your harness is responsible for running
those commands only within an authorized, isolated environment and feeding
the results back as tool messages.
Recommended generation settings
| Parameter | Value |
|---|---|
temperature |
0.2 – 0.4 |
top_p |
0.9 |
max_new_tokens |
1024+ (reasoning and tool calls consume tokens) |
Training Procedure
| Hyperparameter | Value |
|---|---|
| Method | Supervised fine-tuning (LoRA), merged to 16-bit |
| Base model | empero-ai/Qwythos-9B-Claude-Mythos-5-1M |
| LoRA rank / alpha | 16 / 16 |
| LoRA dropout | 0.0 |
| Max sequence length | 16,384 |
| Epochs | 2 |
| Batch size × grad accum | 2 × 4 |
| Learning rate | 2e-4 |
| Optimizer | adamw_torch_fused |
| Precision | bf16 (non-4bit) |
| Final training loss | ~0.589 |
Trained with Unsloth, TRL, and PEFT, then the adapter was merged into the base weights and exported in bf16.
Limitations and Risks
- Not a substitute for a skilled operator. Outputs may be incorrect, incomplete, or unsafe to run. Every command must be reviewed before execution.
- Powerful dual-use capability. This model is designed to compromise systems. It must only ever be pointed at targets you are explicitly authorized to test, in isolated environments, with human oversight.
- Small training set. The model was trained on a modest number of trajectories; coverage of tools, platforms, and techniques is limited and biased toward the scenarios in the training data.
- Reasoning is not ground truth. The model's plans and explanations are aids, not verified proofs; validate all findings independently.
- Harness responsibility. Command execution, scoping, network isolation, and guardrails are the responsibility of the operator and the surrounding harness, not the model.
License
Proprietary — All Rights Reserved.
Sentinel-R2, including these merged weights, its configuration, tokenizer, and
all associated artifacts, is the confidential and proprietary property of
Glyph Software LLP. It is not released under any open-source license and
is governed by the Glyph Proprietary License v1.0 in the bundled
LICENSE file.
No part of this model may be copied, distributed, published, sublicensed, merged into another model, distilled, or used to train or evaluate any other model, except by Glyph Software LLP or parties holding explicit prior written permission. Access does not grant any ownership or license rights beyond those expressly granted in writing.
© 2026 Glyph Software LLP. All rights reserved.
Citation
@misc{glyphsoftware_sentinel_r2,
title = {Sentinel-R2: An Authorized Penetration-Testing Agent},
author = {Glyph Software LLP},
year = {2026},
note = {Proprietary model. All rights reserved.}
}
Contact
For licensing, access requests, or security inquiries, contact Glyph Software LLP.
- Downloads last month
- -
Model tree for glyphsoftware/sentinal-r2
Base model
Qwen/Qwen3.5-9B-BaseEvaluation results
- openai/gsm8k · Gsm8k leaderboard
- 5-shot, exact_match (strict) View evaluation results83.1 *
- 5-shot, exact_match (flexible) View evaluation results83.1 *
