You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

This model is the proprietary property of Glyph Software LLP. Access is granted only to authorized licensees under a signed agreement. This is an offensive-security agent adapter intended solely for authorized penetration testing and security research. By requesting access you confirm you are an authorized user, that you will only use it against systems you are explicitly permitted to test, and that you agree to the terms in the LICENSE file.

Log in or Sign Up to review the conditions and access this model content.

Sentinel-R2 (LoRA Adapter)

Proprietary & Confidential. Sentinel-R2 is the exclusive property of Glyph Software LLP. It is not open source and is distributed under a proprietary, all-rights-reserved license. See the License section and the bundled LICENSE file.

Sentinel-R2 is an offensive-security agent for authorized penetration testing. Given a target scope and a shell-execute tool, it enumerates the target, works out a foothold, escalates privileges as far as it can, and writes up the full attack path — the root cause of each weakness it exploits and how to fix it. It is a reasoning + tool-use model: it plans, issues tool calls, reasons over the results, and iterates toward its objective.

This repository contains a LoRA adapter (PEFT), not a full set of merged weights. It must be loaded on top of its base model.

Model Details

Model Description

  • Developed & curated by: Glyph Software LLP
  • Model persona / identity: Sentinel-R2
  • Model type: LoRA adapter for a causal decoder-only transformer; instruction-, reasoning-, and tool-use-tuned
  • Base model: empero-ai/Qwythos-9B-Claude-Mythos-5-1M
  • Adapter type: LoRA (PEFT) — rank r=16, lora_alpha=16, lora_dropout=0.0, bias none
  • Target modules: attention and MLP projections (q/k/v/o_proj, gate/up/down_proj)
  • Task type: CAUSAL_LM
  • Languages: English (with embedded shell commands and source code across many languages)
  • Finetuning method: Supervised fine-tuning (SFT) on curated authorized-pentest agent trajectories
  • License: Proprietary — Glyph Proprietary License v1.0 (all rights reserved)

Model Sources

  • Repository: glyphsoftware/sentinal-r2-lora (gated)
  • Base model: empero-ai/Qwythos-9B-Claude-Mythos-5-1M

Intended Use

Primary intended uses

  • Authorized penetration testing: Autonomous or human-in-the-loop enumeration, foothold discovery, and privilege escalation against systems the operator is explicitly permitted to test.
  • Attack-path reporting: Producing clear write-ups of each exploited weakness, its root cause, and concrete remediation guidance.
  • Red-team tooling and security research: Driving agentic workflows that use a shell/execute tool in isolated lab or authorized engagement environments.

Out-of-scope and prohibited uses

  • Any use against systems you are not explicitly authorized to test.
  • Unauthorized access, disruption, data theft, or any use violating applicable law or the proprietary license.
  • Any use outside Glyph Software LLP or its authorized licensees.
  • Fully unattended operation without appropriate scoping, guardrails, and human oversight.

Benchmarks

Task Metric Base Qwen3.5-9B Qwythos-9B Sentinal-R2 (this model)
gsm8k (5-shot) exact_match (strict) 0.510 0.810 0.831
gsm8k (5-shot) exact_match (flexible) 0.670 0.860 0.831
mmlu (0-shot) acc 0.232 0.575 0.777
arc_challenge (0-shot) acc 0.470 0.490 0.562
arc_challenge (0-shot) acc_norm 0.400 0.410 0.586
gpqa_diamond (CoT, 0-shot) exact_match (flexible) 0.630 0.580

Training Data

Sentinel-R2 was fine-tuned on a curated set of authorized penetration-test agent trajectories. Each example is a multi-turn conversation in which the assistant is given an isolated-lab target and a shell execute tool, and works through enumeration → foothold → privilege escalation → remediation write-up, interleaving reasoning, tool calls, and tool results.

Property Value
Training examples 113
Format Multi-turn messages (system / user / assistant / tool) with tool calls
Tooling Single execute shell tool
Framing Authorized engagements in isolated lab networks

All scenarios are explicitly scoped as authorized testing against lab targets.

Prompt Format

Sentinel-R2 uses a chat template with system, user, assistant, and tool roles, and supports tool calling. The system message establishes the pentester persona and the engagement rules; the model responds with reasoning and execute tool calls, consumes the tool results, and continues until it reaches its objective and produces a write-up.

Recommended system prompt

You are an expert penetration tester carrying out an authorized engagement in
an isolated lab. You have an execute tool to run shell commands from your
attacking host. Enumerate the target thoroughly, work out a foothold, escalate
your privileges as far as you can (root or Administrator/SYSTEM), and then write
up the full attack path — the root cause of each weakness you exploit and how to
fix it.

How to Use

Access to the adapter requires an authorized Hugging Face token for the gated/private repository. This is a LoRA adapter and must be applied on top of the base model.

import torch
from transformers import AutoModelForCausalLM, AutoTokenizer
from peft import PeftModel

base_id = "empero-ai/Qwythos-9B-Claude-Mythos-5-1M"
adapter_id = "glyphsoftware/sentinal-r2-lora"

tokenizer = AutoTokenizer.from_pretrained(adapter_id)
base = AutoModelForCausalLM.from_pretrained(
    base_id, device_map="auto", torch_dtype="auto"
)
model = PeftModel.from_pretrained(base, adapter_id)

system = (
    "You are an expert penetration tester carrying out an authorized engagement "
    "in an isolated lab. You have an execute tool to run shell commands from your "
    "attacking host. Enumerate the target thoroughly, work out a foothold, escalate "
    "your privileges as far as you can, and then write up the full attack path — "
    "the root cause of each weakness you exploit and how to fix it."
)

messages = [
    {"role": "system", "content": system},
    {"role": "user", "content": "Assess the authorized lab host at 10.129.0.10."},
]

inputs = tokenizer.apply_chat_template(
    messages, add_generation_prompt=True, return_tensors="pt"
).to(model.device)

out = model.generate(inputs, max_new_tokens=1024, temperature=0.3, top_p=0.9)
print(tokenizer.decode(out[0][inputs.shape[-1]:], skip_special_tokens=True))

The model emits execute tool calls; your harness is responsible for running those commands only within an authorized, isolated environment and feeding the results back as tool messages.

Recommended generation settings

Parameter Value
temperature 0.2 – 0.4
top_p 0.9
max_new_tokens 1024+ (reasoning and tool calls consume tokens)

Training Procedure

Hyperparameter Value
Method Supervised fine-tuning (LoRA)
Base model empero-ai/Qwythos-9B-Claude-Mythos-5-1M
LoRA rank / alpha 16 / 16
LoRA dropout 0.0
Max sequence length 16,384
Epochs 2
Batch size × grad accum 2 × 4
Learning rate 2e-4
Optimizer adamw_torch_fused
Precision bf16 (non-4bit)
Final training loss ~0.589

Trained with Unsloth, TRL, and PEFT.

Limitations and Risks

  • Not a substitute for a skilled operator. Outputs may be incorrect, incomplete, or unsafe to run. Every command must be reviewed before execution.
  • Powerful dual-use capability. This model is designed to compromise systems. It must only ever be pointed at targets you are explicitly authorized to test, in isolated environments, with human oversight.
  • Small training set. The adapter was trained on a modest number of trajectories; coverage of tools, platforms, and techniques is limited and biased toward the scenarios in the training data.
  • Reasoning is not ground truth. The model's plans and explanations are aids, not verified proofs; validate all findings independently.
  • Harness responsibility. Command execution, scoping, network isolation, and guardrails are the responsibility of the operator and the surrounding harness, not the model.

License

Proprietary — All Rights Reserved.

Sentinel-R2, including this adapter, its configuration, tokenizer, and all associated artifacts, is the confidential and proprietary property of Glyph Software LLP. It is not released under any open-source license and is governed by the Glyph Proprietary License v1.0 in the bundled LICENSE file.

No part of this model may be copied, distributed, published, sublicensed, merged into another model, distilled, or used to train or evaluate any other model, except by Glyph Software LLP or parties holding explicit prior written permission. Access does not grant any ownership or license rights beyond those expressly granted in writing.

© 2026 Glyph Software LLP. All rights reserved.

Citation

@misc{glyphsoftware_sentinel_r2_lora,
  title  = {Sentinel-R2: An Authorized Penetration-Testing Agent Adapter},
  author = {Glyph Software LLP},
  year   = {2026},
  note   = {Proprietary model. All rights reserved.}
}

Contact

For licensing, access requests, or security inquiries, contact Glyph Software LLP.

Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for glyphsoftware/sentinal-r2-lora

Finetuned
Qwen/Qwen3.5-9B
Adapter
(9)
this model